public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/103658] New: missing -Wanalyzer-use-of-uninitialized-value at -O1 and below for an array access
@ 2021-12-10 21:30 msebor at gcc dot gnu.org
2021-12-10 21:46 ` [Bug analyzer/103658] " msebor at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-12-10 21:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103658
Bug ID: 103658
Summary: missing -Wanalyzer-use-of-uninitialized-value at -O1
and below for an array access
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
I came across this while comparing the middle end -Wuninitialized with
-Wanalyzer-use-of-uninitialized-value. They both trigger at -O2. At -O1, only
-Wuninitialized triggers, even though the IL looks the same between the two
levels (as far as I can tell).
$ cat z.c && gcc -O1 -S -Wall -fdump-tree-uninit=/dev/stdout -fanalyzer z.c
int f (int i, int j)
{
int a[3];
a[0] = 1;
a[1] = 2;
if (i < 1) i = 1;
if (j < 1) j = 1;
return a[i + j];
}
;; Function f (f, funcdef_no=0, decl_uid=1979, cgraph_uid=1, symbol_order=0)
z.c: In function ‘f’:
z.c:9:11: warning: ‘a’ is used uninitialized [-Wuninitialized]
9 | return a[i + j];
| ~^~~~~~~
z.c:3:7: note: ‘a’ declared here
3 | int a[3];
| ^
int f (int i, int j)
{
int a[3];
int _1;
int _6;
int _8;
int _9;
<bb 2> [local count: 1073741824]:
_8 = MAX_EXPR <i_5(D), 1>;
_6 = MAX_EXPR <j_7(D), 1>;
_1 = _6 + _8;
_9 = a[_1];
a ={v} {CLOBBER};
return _9;
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/103658] missing -Wanalyzer-use-of-uninitialized-value at -O1 and below for an array access
2021-12-10 21:30 [Bug analyzer/103658] New: missing -Wanalyzer-use-of-uninitialized-value at -O1 and below for an array access msebor at gcc dot gnu.org
@ 2021-12-10 21:46 ` msebor at gcc dot gnu.org
2022-02-09 20:59 ` dmalcolm at gcc dot gnu.org
2022-02-09 21:12 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: msebor at gcc dot gnu.org @ 2021-12-10 21:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103658
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Actually, what I was really after is trying to see if the analyzer would print
the conditionals involved in the subscript expressions. But in the simple test
case in comment #0 there are no conditionals. They are here:
int f (int i, int j)
{
int a[3];
a[0] = 1;
a[1] = 2;
if (i < 1 || 3 < i) i = 1;
if (j < 1 || 5 < j) j = 1;
return a[i + j];
}
but it doesn't print them even at -O2 when it does warn:
z.c: In function ‘f’:
z.c:9:11: warning: use of uninitialized value ‘a[<unknown>]’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
9 | return a[i + j];
| ~^~~~~~~
‘f’: event 1
|
| 9 | return a[i + j];
| | ~^~~~~~~
| | |
| | (1) use of uninitialized value ‘a[<unknown>]’ here
|
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/103658] missing -Wanalyzer-use-of-uninitialized-value at -O1 and below for an array access
2021-12-10 21:30 [Bug analyzer/103658] New: missing -Wanalyzer-use-of-uninitialized-value at -O1 and below for an array access msebor at gcc dot gnu.org
2021-12-10 21:46 ` [Bug analyzer/103658] " msebor at gcc dot gnu.org
@ 2022-02-09 20:59 ` dmalcolm at gcc dot gnu.org
2022-02-09 21:12 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-09 20:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103658
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Note that with -fno-analyzer-state-merge, -fanalyzer warns without optimization
and shows the conditionals you hoped to see:
./xgcc -B. -S -fanalyzer /tmp/foo.c -fno-analyzer-state-merge
/tmp/foo.c: In function 'f':
/tmp/foo.c:9:11: warning: use of uninitialized value 'a[<unknown>]' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
9 | return a[i + j];
| ~^~~~~~~
'f': events 1-6
|
| 3 | int a[3];
| | ^
| | |
| | (1) region created on stack here
|......
| 7 | if (i < 1) i = 1;
| | ~ ~~~~~
| | | |
| | | (3) ...to here
| | (2) following 'true' branch (when 'i <= 0')...
| 8 | if (j < 1) j = 1;
| | ~ ~~~~~
| | | |
| | | (5) ...to here
| | (4) following 'true' branch (when 'j <= 0')...
| 9 | return a[i + j];
| | ~~~~~~~~
| | |
| | (6) use of uninitialized value 'a[<unknown>]' here
|
Not sure why it's printing <unknown> for the index though.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/103658] missing -Wanalyzer-use-of-uninitialized-value at -O1 and below for an array access
2021-12-10 21:30 [Bug analyzer/103658] New: missing -Wanalyzer-use-of-uninitialized-value at -O1 and below for an array access msebor at gcc dot gnu.org
2021-12-10 21:46 ` [Bug analyzer/103658] " msebor at gcc dot gnu.org
2022-02-09 20:59 ` dmalcolm at gcc dot gnu.org
@ 2022-02-09 21:12 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-09 21:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103658
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|UNCONFIRMED |RESOLVED
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
The analyzer is merging the paths after each conditional by default, which can
be disabled via -fno-analyzer-state-merge as noted in comment #2 above.
I don't plan to change this behavior as this appears to be an artificially
constructed testcase rather than real-world code; resolving this as WONTFIX.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-02-09 21:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-10 21:30 [Bug analyzer/103658] New: missing -Wanalyzer-use-of-uninitialized-value at -O1 and below for an array access msebor at gcc dot gnu.org
2021-12-10 21:46 ` [Bug analyzer/103658] " msebor at gcc dot gnu.org
2022-02-09 20:59 ` dmalcolm at gcc dot gnu.org
2022-02-09 21:12 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).