Uninitialized variables check not working well at the moment
Static source code analysis tool for C and C++ code
Brought to you by:
danielmarjamaki
Menu
▾
▴
I am rewriting a part of the check for the uninitialized variables and believe that it will be noisy in the near future.
I would prefer that you relax a bit with reporting problems for a week or so.. fixes are on the way.
Feel free to report problems that you see now.
It seems to me that most false positives currently in daca@home are caused by;
* variable is initialized in function call. https://trac.cppcheck.net/ticket/10279
* XtSetArg was not configured properly. Should be fixed in git HEAD.
We should just get rid of
checkUninitVarand move all the logic to valueflow.I created a PR at least to fix the
valueFlowUninittests:https://github.com/danmar/cppcheck/pull/3262
These tests are useful in checking changes to valueflow. I have a possible fix for #10263 but I want to make sure it wont break the
valueFlowUninittests(as the change might affect them).I wanted to rewrite
CheckUninitVar::isVariableUsage. It did not rely on AST properly and it was a mess. I think it's so much better now.I would be happy to get rid of the data flow logic from
checkUninitVar.. when we feel that valueFlowUninit is enough. I feel that we should primarily fix false negatives by updating the valueflow.Last edit: Daniel Marjamäki 2021-05-19
there are a lot of false positives in such reports:
http://cppcheck1.osuosl.org:8000/difftoday-uninitvar
http://cppcheck1.osuosl.org:8000/diff-uninitvar
I am looking at these false positives. But help is appreciated.
There are many bugs that
valueFlowUninitfails to detect, for instance for arrays and structs.Yea, we shouldn't delete the
checkUninitbut rather move it to valueflow. Instead of warning about a uninit var, just set valueflow value to uninit.Although, it would be nice to use the analyzers to find struct members and arrays, but this is quite a bit more work. If we can just move what we currently have, this can help simplify the uninit checking and testing.
Here is a wrap up of the actual open tickets addressing uninitvar, tested with (https://github.com/danmar/cppcheck/commit/e2d9aaf23b680b17280c3de17d76b117f5c62115 ). I hope this overview complements the rewriting of the checker a bit ...
https://trac.cppcheck.net/ticket/4791 False negative: uninitialized nested struct not detected
--language=c++ works, but --language=c is not working
https://trac.cppcheck.net/ticket/9313 false negative: uninitvar
- False negative still present
https://trac.cppcheck.net/ticket/9735 false negative: uninitvar (bit field)
- False negative still present
https://trac.cppcheck.net/ticket/4526 false negative: usage of uninitialized pointer with std::cin
- False negative still present
https://trac.cppcheck.net/ticket/6325 false negative: uninitialized variable usage (write, posix)
- False negative still present
https://trac.cppcheck.net/ticket/6475 false negative: uninitialized variable usage not detected - uninitialized int passed via reference
- False negative still present
https://trac.cppcheck.net/ticket/6517 false negative: (error) Uninitialized variable - conditional intialization in if-clause
- False negative still present
https://trac.cppcheck.net/ticket/6577 Detect pointer to uninitialised memory with clock_settime() reopened
- False negative still present
https://trac.cppcheck.net/ticket/6597 false negative: uninitialized variable usage not detected (ValueFlow , multi variables)
- False negative still present for sample from comment:4
https://trac.cppcheck.net/ticket/6987 false negative: (error) Uninitialized variable (std::setiosflags)
- False negative still present
https://trac.cppcheck.net/ticket/6621 false negative: uninitialized variable usage not detected (std::pair)
- False negative still present
https://trac.cppcheck.net/ticket/6633 false negative: uninitialized variable usage not detected new uninitvar
- False negative still present
https://trac.cppcheck.net/ticket/6933 false negative: (error) Uninitialized variable (using uninitialized variable in class instantiation)
- More info needed due to open discussion
https://trac.cppcheck.net/ticket/8046 false negative: uninitalized variable (union) new uninitvar valueflow
- False negative still present
https://trac.cppcheck.net/ticket/8048 Missing type declaration in C triggers uninitvar new uninitvar
- More info needed due to open discussion
https://trac.cppcheck.net/ticket/8134 Uninitialized variable is not caught when variable not assigned any value in if condition
- False negative still present
https://trac.cppcheck.net/ticket/8135 Uninitialized variable is not caught when variable not assigned any value in switch/case condition
- False negative still present
https://trac.cppcheck.net/ticket/8163 Unitialized variable not caught by CPPCheck if function arguments used in comparison
- False negative still present
https://trac.cppcheck.net/ticket/8446 false negative: (error) Uninitialized variable: s.x
- False negative still present
https://trac.cppcheck.net/ticket/9107 false negative: conditional uninitvar (subfunction call) - False negative still present
https://trac.cppcheck.net/ticket/9303 FP: "uninitvar" reported after lambda expression
- False positive still present
https://trac.cppcheck.net/ticket/9316 false negative: uninitvar (local array) new uninitvar
- False negative still present
https://trac.cppcheck.net/ticket/9346 False negative due to missing configuration for struct timeval
- False negative still present
https://trac.cppcheck.net/ticket/9455 false negative: uninit iterator not detected
- False negative still present
https://trac.cppcheck.net/ticket/9484 false negative: uninitvar (passing address of uninitialized buffer to subfunction that reads buffer)
- False negative still present
https://trac.cppcheck.net/ticket/9772 FP uninitvar: in cppcheck 2.1
- False positive still present
https://trac.cppcheck.net/ticket/9924 false negative: uninitvar
- False negative still present
https://trac.cppcheck.net/ticket/9953 false positive: uninitvar
- False positive still present
https://trac.cppcheck.net/ticket/9970 false negative: uninitvar
- False negative still present
https://trac.cppcheck.net/ticket/10291 false negative: uninitvar
- False negative still present
https://trac.cppcheck.net/ticket/10292 false negative: uninitvar
- False negative still present
Last edit: orbitcowboy 2021-05-23