From ae3089c2b2ec7612b3a58243b12b5ed22f768e71 Mon Sep 17 00:00:00 2001 From: Jules Villard Date: Thu, 27 Jun 2019 03:14:50 -0700 Subject: [PATCH] [uninit] look at complex HIL expressions too Summary: Fixes #1112 Reviewed By: ngorogiannis Differential Revision: D16028736 fbshipit-source-id: 9eaec2016 --- infer/src/checkers/uninit.ml | 5 +++-- infer/tests/codetoanalyze/cpp/uninit/issues.exp | 2 ++ infer/tests/codetoanalyze/cpp/uninit/uninit.cpp | 7 ++++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/infer/src/checkers/uninit.ml b/infer/src/checkers/uninit.ml index f26321a79..a31af08db 100644 --- a/infer/src/checkers/uninit.ml +++ b/infer/src/checkers/uninit.ml @@ -190,8 +190,9 @@ module TransferFunctions (CFG : ProcCfg.S) = struct check_hil_expr ~loc e | HilExp.AccessExpression access_expr -> check_access_expr ~loc access_expr - | _ -> - () + | hil_expr -> + HilExp.get_access_exprs hil_expr + |> List.iter ~f:(fun access_expr -> check_access_expr ~loc access_expr) in let update_prepost access_expr rhs = let lhs_base = HilExp.AccessExpression.get_base access_expr in diff --git a/infer/tests/codetoanalyze/cpp/uninit/issues.exp b/infer/tests/codetoanalyze/cpp/uninit/issues.exp index 15110f6f1..129496cd4 100644 --- a/infer/tests/codetoanalyze/cpp/uninit/issues.exp +++ b/infer/tests/codetoanalyze/cpp/uninit/issues.exp @@ -17,9 +17,11 @@ codetoanalyze/cpp/uninit/uninit.cpp, bad2, 2, UNINITIALIZED_VALUE, no_bucket, ER codetoanalyze/cpp/uninit/uninit.cpp, branch1_FP, 11, UNINITIALIZED_VALUE, no_bucket, ERROR, [] codetoanalyze/cpp/uninit/uninit.cpp, capture_by_ref_init2_FP, 4, UNINITIALIZED_VALUE, no_bucket, ERROR, [] codetoanalyze/cpp/uninit/uninit.cpp, capture_by_ref_init_FP, 3, UNINITIALIZED_VALUE, no_bucket, ERROR, [] +codetoanalyze/cpp/uninit/uninit.cpp, capture_read_bad, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, [] codetoanalyze/cpp/uninit/uninit.cpp, condition_no_init_bad, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, [] codetoanalyze/cpp/uninit/uninit.cpp, copy_pointer_bad, 3, UNINITIALIZED_VALUE, no_bucket, ERROR, [] codetoanalyze/cpp/uninit/uninit.cpp, loop1_FP, 10, UNINITIALIZED_VALUE, no_bucket, ERROR, [] codetoanalyze/cpp/uninit/uninit.cpp, no_init_return_bad, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, [] codetoanalyze/cpp/uninit/uninit.cpp, ret_undef_bad, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, [] +codetoanalyze/cpp/uninit/uninit.cpp, use_uninit_in_expr_bad, 2, UNINITIALIZED_VALUE, no_bucket, ERROR, [] codetoanalyze/cpp/uninit/uninit.cpp, warning_when_throw_in_other_branch_bad, 9, UNINITIALIZED_VALUE, no_bucket, ERROR, [] diff --git a/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp b/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp index 2615ad3e2..a68b611bd 100644 --- a/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp +++ b/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp @@ -193,7 +193,7 @@ int ok10() { return 1; } -void FN_capture_read_bad() { +void capture_read_bad() { int x; [x]() { int y = x; @@ -330,3 +330,8 @@ void FN_call_to_maybe_uninit_fn_ptr_bad(bool nondet) { f = use_square_ok1; f(); } + +void use_uninit_in_expr_bad() { + int x; + int y = x + 2; +}