analyzer: more uninit test coverage
In addition to other test coverage, this adds the examples from https://cwe.mitre.org/data/definitions/457.html (aka "CWE-457: Use of Uninitialized Variable") For reference, the output from -fanalyzer looks like this (after stripping away the DejaGnu directives): uninit-CWE-457-examples.c: In function 'example_2_bad_code': uninit-CWE-457-examples.c:56:3: warning: use of uninitialized value 'bN' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 56 | repaint(aN, bN); /* { dg-warning "use of uninitialized value 'bN'" } */ | ^~~~~~~~~~~~~~~ 'example_2_bad_code': events 1-4 | | 34 | int aN, bN; | | ^~ | | | | | (1) region created on stack here | 35 | switch (ctl) { | | ~~~~~~ | | | | | (2) following 'default:' branch... |...... | 51 | default: | | ~~~~~~~ | | | | | (3) ...to here |...... | 56 | repaint(aN, bN); | | ~~~~~~~~~~~~~~~ | | | | | (4) use of uninitialized value 'bN' here | uninit-CWE-457-examples.c: In function 'example_3_bad_code': uninit-CWE-457-examples.c:95:3: warning: use of uninitialized value 'test_string' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 95 | printf("%s", test_string); | ^~~~~~~~~~~~~~~~~~~~~~~~~ 'example_3_bad_code': events 1-4 | | 90 | char *test_string; | | ^~~~~~~~~~~ | | | | | (1) region created on stack here | 91 | if (i != err_val) | | ~ | | | | | (2) following 'false' branch (when 'i == err_val')... |...... | 95 | printf("%s", test_string); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) use of uninitialized value 'test_string' here | gcc/testsuite/ChangeLog: * gcc.dg/analyzer/uninit-1.c: Add test coverage for shifts, comparisons, +, -, *, /, and __builtin_strlen. * gcc.dg/analyzer/uninit-CWE-457-examples.c: New test. Signed-off-by:David Malcolm <dmalcolm@redhat.com>
Loading
Please register or sign in to comment