[Bug analyzer/108666] New: -Wanalyzer-use-of-uninitialized-value false positives seen in coreutils's sum.c: bsd_sum

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug analyzer/108666] New: -Wanalyzer-use-of-uninitialized-value false positives seen in coreutils's sum.c: bsd_sum_stream
@ 2023-02-03 22:00 dmalcolm at gcc dot gnu.org
  2023-02-15 19:53 ` [Bug analyzer/108666] " cvs-commit at gcc dot gnu.org
  2023-02-15 19:58 ` dmalcolm at gcc dot gnu.org
  0 siblings, 2 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-02-03 22:00 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108666

            Bug ID: 108666
           Summary: -Wanalyzer-use-of-uninitialized-value false positives
                    seen in coreutils's sum.c: bsd_sum_stream
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

Created attachment 54408
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54408&action=edit
Reproducer

Trunk emits false positives: https://godbolt.org/z/coeesxxP4
Similar to bug 108664, but also emits:

<source>:90:3: warning: use of uninitialized value '*(unsigned int *)&checksum'
[CWE-457] [-Wanalyzer-use-of-uninitialized-value]
   90 |   memcpy(resstream, &checksum, sizeof checksum);
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

despite this initialization:
  int checksum = 0;

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug analyzer/108666] -Wanalyzer-use-of-uninitialized-value false positives seen in coreutils's sum.c: bsd_sum_stream
  2023-02-03 22:00 [Bug analyzer/108666] New: -Wanalyzer-use-of-uninitialized-value false positives seen in coreutils's sum.c: bsd_sum_stream dmalcolm at gcc dot gnu.org
@ 2023-02-15 19:53 ` cvs-commit at gcc dot gnu.org
  2023-02-15 19:58 ` dmalcolm at gcc dot gnu.org
  1 sibling, 0 replies; 3+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-02-15 19:53 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108666

--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:b03a10b0b25cef4928ccead4c8a461d3674dbe86

commit r13-6064-gb03a10b0b25cef4928ccead4c8a461d3674dbe86
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Feb 15 14:52:02 2023 -0500

    analyzer: fix uninit false +ves [PR108664,PR108666,PR108725]

    This patch updates poisoned_value_diagnostic so that, where possible,
    it checks to see if the value is still poisoned along the execution
    path seen during feasibility analysis, rather than just that seen
    in the exploded graph.

    Integration testing shows this reduction in the number of
    false positives:
      -Wanalyzer-use-of-uninitialized-value: 191 -> 153 (-38)
    where the changes happen in:
          coreutils-9.1: 34 -> 20 (-14)
             qemu-7.2.0: 78 -> 54 (-24)

    gcc/analyzer/ChangeLog:
            PR analyzer/108664
            PR analyzer/108666
            PR analyzer/108725
            * diagnostic-manager.cc (epath_finder::get_best_epath): Add
            "target_stmt" param.
            (epath_finder::explore_feasible_paths): Likewise.
            (epath_finder::process_worklist_item): Likewise.
            (saved_diagnostic::calc_best_epath): Pass m_stmt to
            epath_finder::get_best_epath.
            * engine.cc (feasibility_state::maybe_update_for_edge): Move
            per-stmt logic to...
            (feasibility_state::update_for_stmt): ...this new function.
            * exploded-graph.h (feasibility_state::update_for_stmt): New decl.
            * feasible-graph.cc (feasible_node::get_state_at_stmt): New.
            * feasible-graph.h: Include "analyzer/exploded-graph.h".
            (feasible_node::get_state_at_stmt): New decl.
            * infinite-recursion.cc
            (infinite_recursion_diagnostic::check_valid_fpath_p): Update for
            vfunc signature change.
            * pending-diagnostic.h (pending_diagnostic::check_valid_fpath_p):
            Convert first param to a reference.  Add stmt param.
            * region-model.cc: Include "analyzer/feasible-graph.h".
            (poisoned_value_diagnostic::poisoned_value_diagnostic): Add
            "check_expr" param.
            (poisoned_value_diagnostic::check_valid_fpath_p): New.
            (poisoned_value_diagnostic::m_check_expr): New field.
            (region_model::check_for_poison): Attempt to supply a check_expr
            to the diagnostic
            (region_model::deref_rvalue): Add NULL for new check_expr param
            of poisoned_value_diagnostic.
            (region_model::get_or_create_region_for_heap_alloc): Don't reuse
            regions that are marked as TOUCHED.

    gcc/testsuite/ChangeLog:
            PR analyzer/108664
            PR analyzer/108666
            PR analyzer/108725
            * gcc.dg/analyzer/coreutils-cksum-pr108664.c: New test.
            * gcc.dg/analyzer/coreutils-sum-pr108666.c: New test.
            * gcc.dg/analyzer/torture/uninit-pr108725.c: New test.

    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug analyzer/108666] -Wanalyzer-use-of-uninitialized-value false positives seen in coreutils's sum.c: bsd_sum_stream
  2023-02-03 22:00 [Bug analyzer/108666] New: -Wanalyzer-use-of-uninitialized-value false positives seen in coreutils's sum.c: bsd_sum_stream dmalcolm at gcc dot gnu.org
  2023-02-15 19:53 ` [Bug analyzer/108666] " cvs-commit at gcc dot gnu.org
@ 2023-02-15 19:58 ` dmalcolm at gcc dot gnu.org
  1 sibling, 0 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-02-15 19:58 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108666

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-02-15 19:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-03 22:00 [Bug analyzer/108666] New: -Wanalyzer-use-of-uninitialized-value false positives seen in coreutils's sum.c: bsd_sum_stream dmalcolm at gcc dot gnu.org
2023-02-15 19:53 ` [Bug analyzer/108666] " cvs-commit at gcc dot gnu.org
2023-02-15 19:58 ` dmalcolm at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).