From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id E6FDE3858C53; Wed,  8 Feb 2023 23:42:21 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E6FDE3858C53
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1675899741;
	bh=fYzySPO+FQ+GsOAc5MH+iT78EDVAafEYuX9ZAeF3sjw=;
	h=From:To:Subject:Date:From;
	b=o0GQNriaw7vzM2j5tkOnuvIKeIsFoR0mcaAmq7iaUoEKDAXhCnsoLZKn/8/FUJrl3
	 qWLyM2xrSLwcz2QxsS+bTtS6IC0v+ptyTWuukSMxh6FRkePGqT7sheFi8qEUHmUD87
	 yar01o4qjSdSXdbUVQYG6MnzGlRV25RTFTqSsYLI=
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/108733] New: -Wanalyzer-use-of-uninitialized-value
 false positives seen with __attribute__((cleanup))
Date: Wed, 08 Feb 2023 23:42:21 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 13.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: dmalcolm at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
 attachments.created
Message-ID: <bug-108733-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108733

            Bug ID: 108733
           Summary: -Wanalyzer-use-of-uninitialized-value false positives
                    seen with __attribute__((cleanup))
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

Created attachment 54439
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D54439&action=3Dedit
Reproducer

Am seeing various false positives in qemu from
-Wanalyzer-use-of-uninitialized-value with __attribute__((cleanup))

Seems to happen at -O1 and above with the attached reproducer, with both tr=
unk
and gcc 12.2:
  Trunk: https://godbolt.org/z/GdrY49151
  12.2:  https://godbolt.org/z/rjzvjd3qG

In function 'g_autoptr_cleanup_generic_gfree',
    inlined from 'spapr_cap_get_string' at <source>:60:67:
<source>:15:3: warning: use of uninitialized value '*(void **)&val' [CWE-45=
7]
[-Wanalyzer-use-of-uninitialized-value]
   15 |   g_free(*pp);
      |   ^~~~~~~~~~~
  'spapr_cap_get_string': events 1-4
    |
    |   60 |   __attribute__((cleanup(g_autoptr_cleanup_generic_gfree))) ch=
ar*
val =3D NULL;
    |      |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
^~~
    |      |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
|
    |      |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
(1) region created on stack here
    |      |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
(4) inlined call to 'g_autoptr_cleanup_generic_gfree' from
'spapr_cap_get_string'
    |......
    |   63 |   if (value >=3D cap->possible->num) {
    |      |      ~=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    |      |      |
    |      |      (2) following 'true' branch...
    |   64 |     error_setg_internal((errp),
    |      |     ~~~~~~~~~~~~~~~~~~~=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20
    |      |     |
    |      |     (3) ...to here
    |
    +--> 'g_autoptr_cleanup_generic_gfree': event 5
           |
           |   15 |   g_free(*pp);
           |      |   ^~~~~~~~~~~
           |      |   |
           |      |   (5) use of uninitialized value '*(void **)&val' here
           |
Compiler returned: 0=