From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 58D90385C301; Thu, 12 Jan 2023 20:06:29 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 58D90385C301 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1673553989; bh=lkEhnYP+tWjI1aozocuzv1a184Ndu5JshFKqlcHS4c0=; h=From:To:Subject:Date:In-Reply-To:References:From; b=VZIlnzlZlzVI1ChV572rruPGQMv7R44GDQ0tPLRZ8e6/E9FdFacmzbe7vq1fXtoAJ 8Lvx57S2xW/Z4NWz6sPwOfnZk/xaeY8ZE4d+OGJLRmKbcYv/MrVjiVvSLLGc1CuyjY yCTqeq429oczx1yXQoPwSB0N23PMGbAYjGSjwgeM= From: "dmalcolm at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/105273] -Wanalyzer-use-of-uninitialized-value warns on "missing" default for switch when callers can be statically determined Date: Thu, 12 Jan 2023 20:06:27 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: dmalcolm at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105273 --- Comment #5 from David Malcolm --- Similar thing seen in linuxdoom-1.10: p_floor.c: In function =E2=80=98EV_BuildStairs=E2=80=99: p_floor.c:503:22: warning: use of uninitialized value =E2=80=98speed=E2=80= =99 [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 503 | floor->speed =3D speed; | ~~~~~~~~~~~~~^~~~~~~ =E2=80=98EV_BuildStairs=E2=80=99: events 1-9 | | 472 | fixed_t speed; | | ^~~~~ | | | | | (1) region created on stack here | | (2) capacity: 4 bytes |...... | 476 | while ((secnum =3D P_FindSectorFromLineTag(line,secnum)) >= =3D 0) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) following =E2=80=98true=E2=80=99 branch (when =E2=80=98secnum >=3D 0=E2=80= =99)... | 477 | { | 478 | sec =3D §ors[secnum]; | | ~~~~~~~~~~~~~~~~ | | | | | (4) ...to here |...... | 481 | if (sec->specialdata) | | ~=20=20=20=20=20=20=20=20=20=20=20=20=20 | | | | | (5) following =E2=80=98false=E2=80=99 branch... |...... | 485 | rtn =3D 1; | | ~~~~~~~=20=20=20=20=20=20=20=20=20=20 | | | | | (6) ...to here |...... | 492 | switch(type) | | ~~~~~~=20=20=20=20=20=20=20=20=20=20=20 | | | | | (7) following =E2=80=98default:=E2=80=99 branch... |...... | 503 | floor->speed =3D speed; | | ~~~~~~~~~~~~~~~~~~~~ | | | | | (8) ...to here | | (9) use of uninitialized value =E2=80=98s= peed=E2=80=99 here | and also with "stairsize". In both cases the analyzer considers the case of taking the "default" branch at: | 492 | switch(type) | | ~~~~~~=20=20=20=20=20=20=20=20=20=20=20 | | | | | (7) following =E2=80=98default:=E2=80=99 branch... which would leave this uninitialized, where: int EV_BuildStairs ( line_t* line, stair_e type ) and p_spec.h has: typedef enum { build8, // slowly build by 8 turbo16 // quickly build by 16 } stair_e; and the only calls to EV_BuildStairs are in other TUs: p_spec.c: 576: EV_BuildStairs(line,build8); p_spec.c: 739: EV_BuildStairs(line,turbo16); p_switch.c: 350: if (EV_BuildStairs(line,build8)) p_switch.c: 488: if (EV_BuildStairs(line,turbo16)) Probably should assume that a switch on an enum takes one of the enum's val= ues.=