Checked-pointer local variable can be initialized with itself (unsound)

[mattmccutchen-cci]

While testing another issue, I made a typo and initialized a checked-pointer local variable with itself and was surprised to find that that compiles without error. An example:

#pragma CHECKED_SCOPE on

int main(void) {
  {
    // Put an invalid pointer in the memory that will be reused by `p`.
    long x = 1;
  }
  {
    _Ptr<char> p = p;
    (*p)++;  // SIGSEGV
  }
  return 0;
}

With -Wall, I get a compiler warning:

self_init.c:9:20: warning: variable 'p' is uninitialized when used within its own initialization [-Wuninitialized]
    _Ptr<char> p = p;
               ~   ^

Maybe this warning just needs to be made into an error when it occurs in the initializer of a checked-pointer variable?

[mattmccutchen-cci]

Maybe this warning just needs to be made into an error when it occurs in the initializer of a checked-pointer variable?

Apparently that isn't good enough. The following produces no warning with -Wall:

#pragma CHECKED_SCOPE on

_Ptr<char> foo(_Ptr<_Ptr<char>> pp) {
  return *pp;
}

int main(void) {
  {
    // Put an invalid pointer in the memory that will be reused by `p`.
    long x = 1;
  }
  {
    _Ptr<char> p = foo(&p);
    (*p)++;  // SIGSEGV
  }
  return 0;
}

I guess we should disallow any use of p in its own initializer.