public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/108733] New: -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup))
@ 2023-02-08 23:42 dmalcolm at gcc dot gnu.org
2023-02-09 22:11 ` [Bug analyzer/108733] " cvs-commit at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-02-08 23:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108733
Bug ID: 108733
Summary: -Wanalyzer-use-of-uninitialized-value false positives
seen with __attribute__((cleanup))
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 54439
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54439&action=edit
Reproducer
Am seeing various false positives in qemu from
-Wanalyzer-use-of-uninitialized-value with __attribute__((cleanup))
Seems to happen at -O1 and above with the attached reproducer, with both trunk
and gcc 12.2:
Trunk: https://godbolt.org/z/GdrY49151
12.2: https://godbolt.org/z/rjzvjd3qG
In function 'g_autoptr_cleanup_generic_gfree',
inlined from 'spapr_cap_get_string' at <source>:60:67:
<source>:15:3: warning: use of uninitialized value '*(void **)&val' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
15 | g_free(*pp);
| ^~~~~~~~~~~
'spapr_cap_get_string': events 1-4
|
| 60 | __attribute__((cleanup(g_autoptr_cleanup_generic_gfree))) char*
val = NULL;
| |
^~~
| |
|
| |
(1) region created on stack here
| |
(4) inlined call to 'g_autoptr_cleanup_generic_gfree' from
'spapr_cap_get_string'
|......
| 63 | if (value >= cap->possible->num) {
| | ~
| | |
| | (2) following 'true' branch...
| 64 | error_setg_internal((errp),
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
|
+--> 'g_autoptr_cleanup_generic_gfree': event 5
|
| 15 | g_free(*pp);
| | ^~~~~~~~~~~
| | |
| | (5) use of uninitialized value '*(void **)&val' here
|
Compiler returned: 0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/108733] -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup))
2023-02-08 23:42 [Bug analyzer/108733] New: -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup)) dmalcolm at gcc dot gnu.org
@ 2023-02-09 22:11 ` cvs-commit at gcc dot gnu.org
2023-02-09 22:18 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-02-09 22:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108733
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:125b57aa67400388a496c2c0c40d9c8c55e0c94a
commit r13-5762-g125b57aa67400388a496c2c0c40d9c8c55e0c94a
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Feb 9 17:09:51 2023 -0500
analyzer: fix further overzealous state purging [PR108733]
PR analyzer/108733 reports various false positives in qemu from
-Wanalyzer-use-of-uninitialized-value with __attribute__((cleanup))
at -O1 and above.
Root cause is that the state-purging code was failing to treat:
_25 = MEM[(void * *)&val];
as a usage of "val", leading to it erroneously purging the
initialization of "val" along an execution path that didn't otherwise
use "val", apart from the __attribute__((cleanup)).
Fixed thusly.
Integration testing on the patch show this change in the number of
diagnostics:
-Wanalyzer-use-of-uninitialized-value
coreutils-9.1: 18 -> 16 (-2)
qemu-7.2.0: 87 -> 80 (-7)
where all that I investigated appear to have been false positives, hence
an improvement.
gcc/analyzer/ChangeLog:
PR analyzer/108733
* state-purge.cc (get_candidate_for_purging): Add ADDR_EXPR
and MEM_REF.
gcc/testsuite/ChangeLog:
PR analyzer/108733
* gcc.dg/analyzer/torture/uninit-pr108733.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/108733] -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup))
2023-02-08 23:42 [Bug analyzer/108733] New: -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup)) dmalcolm at gcc dot gnu.org
2023-02-09 22:11 ` [Bug analyzer/108733] " cvs-commit at gcc dot gnu.org
@ 2023-02-09 22:18 ` dmalcolm at gcc dot gnu.org
2023-03-29 18:19 ` cvs-commit at gcc dot gnu.org
2023-03-29 19:31 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-02-09 22:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108733
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2023-02-09
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0 |1
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed on trunk for GCC 13 by the above patch.
Keeping open to track backporting this to GCC 12.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/108733] -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup))
2023-02-08 23:42 [Bug analyzer/108733] New: -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup)) dmalcolm at gcc dot gnu.org
2023-02-09 22:11 ` [Bug analyzer/108733] " cvs-commit at gcc dot gnu.org
2023-02-09 22:18 ` dmalcolm at gcc dot gnu.org
@ 2023-03-29 18:19 ` cvs-commit at gcc dot gnu.org
2023-03-29 19:31 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-03-29 18:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108733
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-12 branch has been updated by David Malcolm
<dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:98558117ba870d47398927f2066e469e47f39c16
commit r12-9365-g98558117ba870d47398927f2066e469e47f39c16
Author: David Malcolm <dmalcolm@redhat.com>
Date: Wed Mar 29 14:16:49 2023 -0400
analyzer: fix further overzealous state purging [PR108733]
PR analyzer/108733 reports various false positives in qemu from
-Wanalyzer-use-of-uninitialized-value with __attribute__((cleanup))
at -O1 and above.
Root cause is that the state-purging code was failing to treat:
_25 = MEM[(void * *)&val];
as a usage of "val", leading to it erroneously purging the
initialization of "val" along an execution path that didn't otherwise
use "val", apart from the __attribute__((cleanup)).
Fixed thusly.
Integration testing on the patch show this change in the number of
diagnostics:
-Wanalyzer-use-of-uninitialized-value
coreutils-9.1: 18 -> 16 (-2)
qemu-7.2.0: 87 -> 80 (-7)
where all that I investigated appear to have been false positives, hence
an improvement.
Cherrypicked from r13-5745-g77bb54b1b07add.
gcc/analyzer/ChangeLog:
PR analyzer/108733
* state-purge.cc (get_candidate_for_purging): Add ADDR_EXPR
and MEM_REF.
gcc/testsuite/ChangeLog:
PR analyzer/108733
* gcc.dg/analyzer/torture/uninit-pr108733.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/108733] -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup))
2023-02-08 23:42 [Bug analyzer/108733] New: -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup)) dmalcolm at gcc dot gnu.org
` (2 preceding siblings ...)
2023-03-29 18:19 ` cvs-commit at gcc dot gnu.org
@ 2023-03-29 19:31 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-03-29 19:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108733
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed on gcc 12 branch by the above (for the eventual gcc 12.3
release); marking as resolved.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-03-29 19:31 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-08 23:42 [Bug analyzer/108733] New: -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup)) dmalcolm at gcc dot gnu.org
2023-02-09 22:11 ` [Bug analyzer/108733] " cvs-commit at gcc dot gnu.org
2023-02-09 22:18 ` dmalcolm at gcc dot gnu.org
2023-03-29 18:19 ` cvs-commit at gcc dot gnu.org
2023-03-29 19:31 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).