Hello,
With the following code
//-------------------------
#include <stdio.h>
extern int t;
void use_b (int *b){
printf("%p\n",b);
}
void func(){
int b;
use_b(&b);
if (b)
b+=33;
}
//---------------------------
Running clang -Wuninitialized or running clang –analyze, I don’t see any warning for uninitialized variables. However, if I change the code to:
//----------------------
#include <stdio.h>
extern int t;
void use_b (int *b){
if (t==5)
return;
printf("%p\n",b);
}
void func(){
int b;
use_b(&b);
if (b)
b+=33;
}
//--------------------
I do see this warning with the static analyzer:
sa_try.c:13:9: warning: Branch condition evaluates to a garbage value [core.uninitialized.Branch]
if (b)
^
1 warning generated.
My question is why am I not getting any warning for the first case? Is it being considered that printf is updating the value of b in some way?
Thanks,
Ali
Presuming it has no knowledge of printf's semantics, then yes. that function could write through the pointer (and indeed would, if 'b' was an output parameter).
It could learn that printf doesn't do that (except for %n).
nathan
nathan
Hi Nathan,
Thanks for the reply. Can you please elaborate on how to let clang-sa to learn about printf? I tried using CTU analysis [1], but I’m unsure how to add mappings for libc functions.
Thanks,
Ali
[1] https://clang.llvm.org/docs/analyzer/user-docs/CrossTranslationUnit.html
Hi Nathan,
Thanks for the reply. Can you please elaborate on how to let clang-sa to learn about printf? I tried using CTU analysis [1], but I’m unsure how to add mappings for libc functions.
Sorry, I don't know. I don't know if clang/llvm have support for knowing about various builtin functions the standard library provides. It must have some (like say abs and sqrt). If it knew about printf, it could provide diagnostics when the variadic args do not match the format string, for instance.
nathan
Hi Deep,
Thanks for the linking all the resources! Yes, I meant Clang Static Analyzer by clang-sa. I’ll give it a try!
Thanks,
Ali
.