RFR: 8314743: Use of uninitialized local in SR_initialize after JDK-8314114
Aleksey Shipilev
shade at openjdk.org
Tue Aug 22 13:01:27 UTC 2023
On Tue, 22 Aug 2023 11:47:50 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:
> So does SonarCloud know that checking the result of parse_integer, makes 'sig' uninitialized? This is definitely the right fix. Thanks.
Yes, Sonar C++ analyzer does flow analysis and discovers there is a `return false` path from `parse_integer` where `T* result` is not set. And then in `SR_initialize` it discovers the access to `sig` (previously `result`) on `!parse_integer` branch. The analyzer gets confused sometimes in hairy C++ code, and often cannot figure out the higher-level invariants that are maintained by callers, but it gets the flow mostly right in simple cases like this one.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15381#issuecomment-1688140698
More information about the hotspot-runtime-dev
mailing list