improving detection of uninitialized arguments (the CallAndMessageChecker)

Hi,

I’m looking into extending the check that warns for uninitialized arguments. Below I’ve described what should be detected. Any opinions on if it’s a useful check or potential problems/drawbacks with it?.

Check: should this be detected as a warning for uninitialized argument?:"warning: Function call argument is an uninitialized value"

void doStuff(const int *p);
void f(void);

void f(void) {
int x;
doStuff(&x); // ← warning?
}

My rationale behind the warning:

  1. it’s not possible to write to *p, because it’s of type const
  2. content of *p is uninitialized stack value, and shouldn’t be used.
  3. the value of p is of no interest, since it’s an address of an stack variable.

if any of the above criteria are not fulfilled, then no warning. Thus the function prototype must state pointer to const for the argument, the variable that the function is called with must be address of local/stack variable.

currently, only this is detected:

void doStuff2(int p);
void g(void);

void g(void) {
int y;
doStuff2(y); // warning: Function call argument is an uninitialized value

/Per


Per Viberg Senior Engineer
Evidente ES East AB Warfvinges väg 34 SE-112 51 Stockholm Sweden

Phone: +46 (0)8 402 79 00
Mobile: +46 (0)70 912 42 52
E-mail: Per.Viberg@evidente.se

www.evidente.se

This e-mail, which might contain confidential information, is addressed to the above stated person/company. If you are not the correct addressee, employee or in any other way the person concerned, please notify the sender immediately. At the same time, please delete this e-mail and destroy any prints. Thank You.

doStuff() is allowed to const_cast the constness away and modify 'x'.

But even if we allow a false positive in that case, we should also
make sure that the address of 'x' does not escape before the call.

Dmitri

>
> Hi,
>
> I'm looking into extending the check that warns for uninitialized
arguments.
> Below I've described what should be detected. Any opinions on if it's a
> useful check or potential problems/drawbacks with it?.

Do you have concrete examples of where this would have detected a bug in
code?

>
> Check: should this be detected as a warning for uninitialized
> argument?:"warning: Function call argument is an uninitialized value"
>
> void doStuff(const int *p);
> void f(void);
>
> void f(void) {
> int x;
> doStuff(&x); // ← warning?
> }

doStuff() is allowed to const_cast the constness away and modify 'x'.

Yeah - I suspect that's acceptable, but someone would have to run the
numbers/experiments to see.

Another possible problem: what if doStuff is just storing the pointer for
later use?

int x;
set_foo(&x);
x = 3;
use_foo();

Not sure how common that would be and thus how bad the warning would be.

But even if we allow a false positive in that case, we should also

make sure that the address of 'x' does not escape before the call.

Agreed - but we could just power this by the same logic as all the
-Wuninitialized warnings.