From 18b3a465d2beaf4c7471121fcb793c2e2055a7e9 Mon Sep 17 00:00:00 2001
From: Daiva Naudziuniene <daivan@fb.com>
Date: Fri, 8 Jun 2018 09:47:15 -0700
Subject: [PATCH] [uninit] Report on unitialized expressions in conditions

Summary: see title

Reviewed By: mbouaziz

Differential Revision: D8283285

fbshipit-source-id: dc978ad
---
 infer/src/checkers/uninit.ml                    | 8 +++++++-
 infer/tests/codetoanalyze/cpp/uninit/issues.exp | 1 +
 infer/tests/codetoanalyze/cpp/uninit/uninit.cpp | 8 ++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/infer/src/checkers/uninit.ml b/infer/src/checkers/uninit.ml
index 486ea5572..351938826 100644
--- a/infer/src/checkers/uninit.ml
+++ b/infer/src/checkers/uninit.ml
@@ -343,7 +343,13 @@ module TransferFunctions (CFG : ProcCfg.S) = struct
           ~f:(report_on_function_params pdesc tenv uninit_vars actuals loc extras)
           pname_opt ;
         {astate with uninit_vars}
-    | Assume _ ->
+    | Assume (expr, _, _, loc) ->
+        ( match expr with
+        | AccessExpression rhs_access_expr ->
+            if should_report_var pdesc tenv astate.uninit_vars rhs_access_expr then
+              report_intra rhs_access_expr loc (snd extras)
+        | _ ->
+            () ) ;
         astate
 
 
diff --git a/infer/tests/codetoanalyze/cpp/uninit/issues.exp b/infer/tests/codetoanalyze/cpp/uninit/issues.exp
index 5846f3b38..31bfcda7d 100644
--- a/infer/tests/codetoanalyze/cpp/uninit/issues.exp
+++ b/infer/tests/codetoanalyze/cpp/uninit/issues.exp
@@ -13,6 +13,7 @@ codetoanalyze/cpp/uninit/uninit.cpp, FP_pointer_param_void_star_ok, 4, UNINITIAL
 codetoanalyze/cpp/uninit/uninit.cpp, bad1, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, []
 codetoanalyze/cpp/uninit/uninit.cpp, bad2, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, []
 codetoanalyze/cpp/uninit/uninit.cpp, branch1_FP, 11, UNINITIALIZED_VALUE, no_bucket, ERROR, []
+codetoanalyze/cpp/uninit/uninit.cpp, condition_no_init_bad, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, []
 codetoanalyze/cpp/uninit/uninit.cpp, copy_pointer_bad, 3, UNINITIALIZED_VALUE, no_bucket, ERROR, []
 codetoanalyze/cpp/uninit/uninit.cpp, loop1_FP, 10, UNINITIALIZED_VALUE, no_bucket, ERROR, []
 codetoanalyze/cpp/uninit/uninit.cpp, no_init_return_bad, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, []
diff --git a/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp b/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp
index 046fc9eb0..59359d7ab 100644
--- a/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp
+++ b/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp
@@ -278,3 +278,11 @@ short union_ok() {
   short* p = u.b;
   return *p;
 }
+
+int condition_no_init_bad() {
+  int x;
+  if (x) {
+    return 1;
+  }
+  return 0;
+}