luau icon indicating copy to clipboard operation
luau copied to clipboard

Published 20 hours ago verified publisher icon luau-lang

Analysis can't tell an uninitialized variable may not be initialized

Open fewkz opened this issue 2 years ago • 2 comments

The following code passes luau-analyze, because it thinks that foo is a string, even though foo never gets initialized when ran, and causes an error trying to concatenate with nil

local foo
if false then
    foo = "World!"
end
print("Hello " .. foo)
The equivalent code in TypeScript or Rust's analysis does not pass:

Code_2022-11-13_10-45-26 Code_2022-11-13_10-47-48

fewkz avatar Nov 13 '22 15:11 fewkz

Two notes:

  1. We currently don't track conditions of known value during analysis for the purpose of uninitialized variable detection or other uses. So if false above behaves as if it was if math.random() < 0.5. I'm not sure this is useful to change?
  2. We have attempted to implement a rigorous detection of possibly-uninitialized values (unlike the current analysis that detects definitely-uninitialized values). Unfortunately, this found no bugs in real-world code based on our corpus, and produced a fair number of false positives associated with complex logic. Thus we ended up not shipping this, as our threshold for new analysis passes is such that the true reports must outweigh false positives significantly to be included.

I'm not sure we should act on this given the above.

zeux avatar Feb 15 '23 22:02 zeux

The equivalent TypeScript example to the type of code I was referring to n pt2 is this:

let foo, bar;
if (Math.random() < 0.5) {
    foo = "bar";
    bar = true;
}

if (bar) {
    console.log(foo.length);
}

which produces a false positive. This is a simpler example and we had some that have more involved logic in real-world code.

zeux avatar Feb 22 '23 20:02 zeux