-Wuninitialized false positive

[nico]

Bugzilla Link	9062
Version	trunk
OS	All
CC	@tkremenek

Extended Description

chrome code:

    bool found = false;
    const char *pair;

    for (unsigned i = 0; env[i]; i++) {
      pair = env[i];
      const char *const equals = strchr(pair, '=');
      if (!equals)
        continue;
      const unsigned keylen = equals - pair;
      if (keylen == j->first.size() &&
          memcmp(pair, j->first.data(), keylen) == 0) {
        found = true;
        break;
      }
    }

    // if found, we'll either be deleting or replacing this element.
    if (found) {
      count--;
      size -= strlen(pair) + 1;
      if (j->second.size())
        found = false;
    }

clang complains:

/Volumes/MacintoshHD2/src/chrome-git/src/base/process_util_posix.cc:378:11: error: use of uninitialized variable 'pair' [-Wuninitialized]
    const char *pair;
          ^~~~~~~~~~
/Volumes/MacintoshHD2/src/chrome-git/src/base/process_util_posix.cc:396:22: note: variable 'pair' is possibly uninitialized when used here
      size -= strlen(pair) + 1;
                     ^~~~
/Volumes/MacintoshHD2/src/chrome-git/src/base/process_util_posix.cc:378:21: note: add initialization to silence this warning
    const char *pair;
                    ^
                     = 0
1 error generated.

…but the access happens only if |found| is true, and in that case the pointer is always initialized.

[nico]

assigned to @tkremenek

[tkremenek]

chrome code:

bool found = false;
const char *pair;

for (unsigned i = 0; env[i]; i++) {
  pair = env[i];
  const char *const equals = strchr(pair, '=');
  if (!equals)
    continue;
  const unsigned keylen = equals - pair;
  if (keylen == j->first.size() &&
      memcmp(pair, j->first.data(), keylen) == 0) {
    found = true;
    break;
  }
}

// if found, we'll either be deleting or replacing this element.
if (found) {
  count--;
  size -= strlen(pair) + 1;
  if (j->second.size())
    found = false;
}

clang complains:

/Volumes/MacintoshHD2/src/chrome-git/src/base/process_util_posix.cc:378:11:
error: use of uninitialized variable 'pair' [-Wuninitialized]
const char *pair;
^~~~~~~~~~
/Volumes/MacintoshHD2/src/chrome-git/src/base/process_util_posix.cc:396:22:
note: variable 'pair' is possibly uninitialized when used here
size -= strlen(pair) + 1;
^~~~
/Volumes/MacintoshHD2/src/chrome-git/src/base/process_util_posix.cc:378:21:
note: add initialization to silence this warning
const char *pair;
^
= 0
1 error generated.

…but the access happens only if |found| is true, and in that case the pointer
is always initialized.

GCC happens to get this right because (a) it bases it's analysis on the optimizer or (b) simply gives up. In general, think Clang's implementation of -Wuninitiailized will be more conservative. Handling this case correctly requires modeling control-dependencies, which inherently requires exponential analysis.

The goal is for Clang's warning to be predictable and reasonable; I don't think this is a reasonable case for the warning to handle.

[philnik777]

Closing, since there is no working reproducer.