FP : In head , regression over 2.6

[dp11]

I think the following code is an FP regression over 2.6

typedef struct {
   unsigned int type[2];
} perf_counters_t;

unsigned int reset_performance_counters(perf_counters_t *pct) {
   unsigned int ctrl = 0x0F;

   ctrl |= pct->type[0] << 20;
   return ctrl;
}


void main()
{
   perf_counters_t pct;

   pct.type[0] = 1;
   reset_performance_counters(&pct);
}

Gives :

[root@tower cppcheck]# ./cppcheck/cppcheck FP1.c
Checking FP1.c ...
FP1.c:9:17: error: Uninitialized variable: pct->type [uninitvar]
   ctrl |= pct->type[0] << 20;
                ^
FP1.c:19:31: note: Calling function 'reset_performance_counters', 1st argument '&pct' value is <Uninit>
   reset_performance_counters(&pct);
                              ^
FP1.c:9:17: note: Uninitialized variable: pct->type
   ctrl |= pct->type[0] << 20;
                ^
FP1.c:9:12: error: Using argument pct that points at uninitialized variable pct [ctuuninitvar]
   ctrl |= pct->type[0] << 20;
           ^
FP1.c:19:30: note: Calling function reset_performance_counters, 1st argument is uninitialized
   reset_performance_counters(&pct);
                             ^
FP1.c:9:12: note: Using argument pct
   ctrl |= pct->type[0] << 20;

[CHR]

Hmm, I don't get any warning with current head.,,

[dp11]

Just done a git pull and built it and I still get the same error.

 git pull
remote: Enumerating objects: 51, done.
remote: Counting objects: 100% (51/51), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 31 (delta 27), reused 18 (delta 16), pack-reused 0
Unpacking objects: 100% (31/31), 4.65 KiB | 16.00 KiB/s, done.
From https://github.com/danmar/cppcheck
   01a8890d6..33446d0c7  main       -> origin/main
Updating 01a8890d6..33446d0c7

[CHR]

My bad, I ran it on an incomplete code snippet.
But the warning seems to be a true positive, only one of the two array elements is initialized.
Edit: Although that element is not accessed in the example. I think the check for partial initialization was added recently.

[dp11]

Okay Still FP for this case :

typedef struct {
   unsigned int type[1];
} perf_counters_t;

unsigned int reset_performance_counters(perf_counters_t *pct) {
   unsigned int ctrl = 0x0F;

   ctrl |= pct->type[0] << 20;
   return ctrl;
}


void main()
{
   perf_counters_t pct;

   pct.type[0] = 1;
   reset_performance_counters(&pct);
}

and

typedef struct {
   unsigned int type[2];
} perf_counters_t;

unsigned int reset_performance_counters(perf_counters_t *pct) {
   unsigned int ctrl = 0x0F;

   ctrl |= pct->type[0] << 20;
   return ctrl;
}


void main()
{
   perf_counters_t pct;

   pct.type[0] = 1;
   pct.type[1] = 1;
   reset_performance_counters(&pct);
}

[CHR]

Thanks for reporting, I have created a ticket here: https://trac.cppcheck.net/ticket/10681

[dp11]

Thanks for creating a ticket

[dp11]

Thanks everyone, just to confirm Changeset 0c9eb5d fixes this issue. I now have a clean cppcheck of my project.

[dp11]

I'm afraid it looks like the latest head has regressed this.

[CHR]

I can't reproduce it with any of the three examples and https://github.com/danmar/cppcheck/commit/4f508c93c4c41e40464b09cff8de7ebd35e8afa3 . What's your command line?

[dp11]

Okay, The FP example above doesn't give me an error. However extending the example very slightly:

struct S {
   int t[1];
   int u;
};

int f(const S* ps) {
   return ps->t[0];
}

int main()
{
   S s;
   s.t[0] = 1;
   f(&s);
}

gives :

./cppcheck/cppcheck --inconclusive FP1.c
Checking FP1.c ...
FP1.c:7:11: error: Using argument ps that points at uninitialized variable s [ctuuninitvar]
   return ps->t[0];
          ^
FP1.c:14:5: note: Calling function f, 1st argument is uninitialized
   f(&s);
    ^
FP1.c:7:11: note: Using argument ps
   return ps->t[0];
          ^

[dp11]

[CHR]

Thanks, I have reopened the ticket.