[uninit] Use type information from locals if argument is a pointer in function signature

Summary: In an intra-procedural analysis, we assume that parameters passed by reference to a function will be initialized inside that function. To do that we use the type information of a formal parameter to initialize the fields of the struct. This was causing false positives if the formal parameter in function signature had type `void*`. To solve this, we used type information from local variables instead. However, we also get false positives for any kind of pointer if we use cast. We fix this by using type information of local variables as in `void*` case.

Reviewed By: jvillard

Differential Revision: D21522979

fbshipit-source-id: 4222ff134

infer/src/checkers/uninitDomain.ml

@@ -62,12 +62,15 @@ module MaybeUninitVars = struct
       | _ ->
           maybe_uninit_vars
     in
-    match base with
-    | _, {Typ.desc= Tptr ({Typ.desc= Tvoid}, _)} ->
-        Option.value_map ~default:maybe_uninit_vars ~f:remove_all_fields_inner
-          (find_access_expr_typ tenv (HilExp.AccessExpression.base base) locals)
-    | _, typ ->
-        remove_all_fields_inner typ
+    let typ_of_arg_in_locals =
+      match base with
+      | _, {Typ.desc= Tptr _} ->
+          find_access_expr_typ tenv (HilExp.AccessExpression.base base) locals
+      | _ ->
+          None
+    in
+    let typ_to_remove = Option.value ~default:(snd base) typ_of_arg_in_locals in
+    remove_all_fields_inner typ_to_remove
 
 
   let remove_dereference_access base maybe_uninit_vars =

infer/tests/codetoanalyze/cpp/uninit/uninit.cpp

@@ -276,6 +276,15 @@ int* pointer_param_void_star_ok() {
   return a.ptr;
 }
 
+void another_f(char* p);
+
+int* pointer_param_char_star_ok() {
+  A a;
+  int* res;
+  another_f((char*)&a);
+  return a.ptr;
+}
+
 short union_ok() {
   union {
     int* a;