public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/105784] New: -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array
@ 2022-05-31  2:13 eggert at cs dot ucla.edu
  2022-11-30  1:03 ` [Bug analyzer/105784] " cvs-commit at gcc dot gnu.org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: eggert at cs dot ucla.edu @ 2022-05-31  2:13 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105784

            Bug ID: 105784
           Summary: -Wanalyzer-use-of-uninitialized-value false positive
                    on partly initialized array
           Product: gcc
           Version: 12.1.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: eggert at cs dot ucla.edu
  Target Milestone: ---

Created attachment 53056
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53056&action=edit
False positive with -O2 -fanalyzer -Wanalyzer-use-of-uninitialized-value

I found this bug with GCC 12.1.1 20220507 (Red Hat 12.1.1-1) on x86-64. Compile
the attached program x.i (which is simplified from GNU Emacs master) with:

gcc -O2 -fanalyzer -Wanalyzer-use-of-uninitialized-value -S x.i

The GCC output is as follows. This is a false positive, since *src must point
into the initialized part of the array.

x.i: In function ‘ccl_driver’:
x.i:13:11: warning: use of uninitialized value ‘*src’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
   13 |         i = *src++;
      |         ~~^~~~~~~~
  ‘Fccl_execute_on_string’: events 1-5
    |
    |   19 | Fccl_execute_on_string (char *str, long str_bytes)
    |      | ^~~~~~~~~~~~~~~~~~~~~~
    |      | |
    |      | (1) entry to ‘Fccl_execute_on_string’
    |......
    |   25 |       int source[1024];
    |      |           ~~~~~~
    |      |           |
    |      |           (2) region created on stack here
    |......
    |   28 |       while (src_size < 1024 && p < endp)
    |      |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                              |
    |      |                              (3) following ‘false’ branch...
    |......
    |   31 |       ccl_driver (source, src_size);
    |      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |       |
    |      |       (4) ...to here
    |      |       (5) calling ‘ccl_driver’ from ‘Fccl_execute_on_string’
    |
    +--> ‘ccl_driver’: events 6-11
           |
           |    5 | ccl_driver (int *source, int src_size)
           |      | ^~~~~~~~~~
           |      | |
           |      | (6) entry to ‘ccl_driver’
           |......
           |   10 |   while (!quit_flag)
           |      |          ~~~~~~~~~~
           |      |          |
           |      |          (7) following ‘false’ branch...
           |   11 |     {
           |   12 |       if (src < src_end)
           |      |          ~
           |      |          |
           |      |          (8) ...to here
           |      |          (9) following ‘true’ branch (when ‘src <
src_end’)...
           |   13 |         i = *src++;
           |      |         ~~~~~~~~~~
           |      |           |     |
           |      |           |     (10) ...to here
           |      |           (11) use of uninitialized value ‘*src’ here
           |

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug analyzer/105784] -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array
  2022-05-31  2:13 [Bug analyzer/105784] New: -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array eggert at cs dot ucla.edu
@ 2022-11-30  1:03 ` cvs-commit at gcc dot gnu.org
  2022-11-30  1:16 ` dmalcolm at gcc dot gnu.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-11-30  1:03 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105784

--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:3a32fb2eaa761aac13ffe5424748d5839038ef66

commit r13-4398-g3a32fb2eaa761aac13ffe5424748d5839038ef66
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Tue Nov 29 19:56:27 2022 -0500

    analyzer: fix folding of '(PTR + 0) => PTR' [PR105784]

    gcc/analyzer/ChangeLog:
            PR analyzer/105784
            * region-model-manager.cc
            (region_model_manager::maybe_fold_binop): For POINTER_PLUS_EXPR,
            PLUS_EXPR and MINUS_EXPR, eliminate requirement that the final
            type matches that of arg0 in favor of a cast.

    gcc/testsuite/ChangeLog:
            PR analyzer/105784
            * gcc.dg/analyzer/torture/fold-ptr-arith-pr105784.c: New test.

    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug analyzer/105784] -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array
  2022-05-31  2:13 [Bug analyzer/105784] New: -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array eggert at cs dot ucla.edu
  2022-11-30  1:03 ` [Bug analyzer/105784] " cvs-commit at gcc dot gnu.org
@ 2022-11-30  1:16 ` dmalcolm at gcc dot gnu.org
  2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org
  2023-03-29 19:13 ` dmalcolm at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-11-30  1:16 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105784

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |ASSIGNED
   Last reconfirmed|                            |2022-11-30

--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this bug.

Should be fixed on trunk for GCC 13 by the above patch.

Still affects GCC 12:
  https://godbolt.org/z/K7fosxvab
I'm keeping this bug open to track backporting the fix there.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug analyzer/105784] -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array
  2022-05-31  2:13 [Bug analyzer/105784] New: -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array eggert at cs dot ucla.edu
  2022-11-30  1:03 ` [Bug analyzer/105784] " cvs-commit at gcc dot gnu.org
  2022-11-30  1:16 ` dmalcolm at gcc dot gnu.org
@ 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org
  2023-03-29 19:13 ` dmalcolm at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105784

--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-12 branch has been updated by David Malcolm
<dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:1c66f1c6d69dbe0a855f7adb61df8d92ca523899

commit r12-9359-g1c66f1c6d69dbe0a855f7adb61df8d92ca523899
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Mar 29 14:16:47 2023 -0400

    analyzer: fix folding of '(PTR + 0) => PTR' [PR105784]

    Cherrypicked from r13-4398-g3a32fb2eaa761a.

    gcc/analyzer/ChangeLog:
            PR analyzer/105784
            * region-model-manager.cc
            (region_model_manager::maybe_fold_binop): For POINTER_PLUS_EXPR,
            PLUS_EXPR and MINUS_EXPR, eliminate requirement that the final
            type matches that of arg0 in favor of a cast.

    gcc/testsuite/ChangeLog:
            PR analyzer/105784
            * gcc.dg/analyzer/torture/fold-ptr-arith-pr105784.c: New test.

    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug analyzer/105784] -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array
  2022-05-31  2:13 [Bug analyzer/105784] New: -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array eggert at cs dot ucla.edu
                   ` (2 preceding siblings ...)
  2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org
@ 2023-03-29 19:13 ` dmalcolm at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-03-29 19:13 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105784

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed on gcc 12 branch by the above; marking as resolved.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-03-29 19:13 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-31  2:13 [Bug analyzer/105784] New: -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array eggert at cs dot ucla.edu
2022-11-30  1:03 ` [Bug analyzer/105784] " cvs-commit at gcc dot gnu.org
2022-11-30  1:16 ` dmalcolm at gcc dot gnu.org
2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org
2023-03-29 19:13 ` dmalcolm at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).