public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive
@ 2023-05-09 12:44 alex at zrythm dot org
2023-05-09 12:49 ` [Bug c/109789] " alex at zrythm dot org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: alex at zrythm dot org @ 2023-05-09 12:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
Bug ID: 109789
Summary: analyzer-use-of-uninitialized-value false positive
Product: gcc
Version: 13.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: alex at zrythm dot org
Target Milestone: ---
Created attachment 55028
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55028&action=edit
gcc invocation output showing the error
The first error in the attached gcc output is a false positive because the
`tmp_l` float array is initialized for its whole size right after it is
declared, and the same size is passed to the function where the error occurs.
That function loops over the float array and calls `fabsf` causing this
analyzer error.
This is essentially the code:
```c
float tmp_l[nframes]; // this is the array
for (nframes_t i = 0; i < nframes; i++)
{
tmp_l[i] = P_MASTER_TRACK->channel->stereo_out->l->buf[i];
}
float max_amp = dsp_abs_max (tmp_l, nframes); // this is the function called
```
The function code:
```c
static inline float
dsp_abs_max (float * buf, size_t size)
{
float ret = 1e-20f;
for (size_t i = 0; i < size; i++)
{
if (fabsf (buf[i]) > ret)
{
ret = fabsf (buf[i]);
}
}
return ret;
```
As you can see, `tmp_l` is initialized for its whole size, which is then passed
to the function above to loop over it, so the analyzer saying the value is
uninitialized is wrong.
Below is the gcc invocation command used:
```
LANG=C gcc -v -save-temps -Isrc/libzrythm-lib.so.p -Isrc -I../src -I. -I..
-Iinc -I../inc -Iext -I../ext -Iext/kissfft -I../ext/kissfft -Iext/midilib
-I../ext/midilib -Iext/whereami -I../ext/whereami -Iext/weakjack
-I../ext/weakjack -I../inc/plugins/lv2 -Isubprojects/libadwaita/src
-I../subprojects/libadwaita/src -Isubprojects/gtk4 -I../subprojects/gtk4
-Isubprojects/gtk4/gtk -I../subprojects/gtk4/gtk -Isubprojects/pango-1.50.6
-I../subprojects/pango-1.50.6 -Isubprojects/pango-1.50.6/pango
-I../subprojects/pango-1.50.6/pango -Isubprojects/gtk4/gdk/x11
-I../subprojects/gtk4/gdk/x11 -Isubprojects/gtk4/gdk -I../subprojects/gtk4/gdk
-Isubprojects/libpanel/src -I../subprojects/libpanel/src -Isubprojects/libpanel
-I../subprojects/libpanel -Isubprojects/libsndfile-1.1.0
-I../subprojects/libsndfile-1.1.0 -I../subprojects/libsndfile-1.1.0/src
-I../subprojects/libcyaml/include -Isubprojects/libaudec
-I../subprojects/libaudec -Isubprojects/libaudec/inc
-I../subprojects/libaudec/inc -Isubprojects/rtaudio -I../subprojects/rtaudio
-I../subprojects/rtmidi/rtmidi -I../subprojects/zstd-1.4.5/lib
-I../subprojects/zstd-1.4.5/lib/common -I../subprojects/zstd-1.4.5/lib/compress
-I../subprojects/zstd-1.4.5/lib/decompress
-I../subprojects/zstd-1.4.5/lib/dictBuilder
-I../subprojects/zstd-1.4.5/lib/deprecated
-I../subprojects/zstd-1.4.5/lib/legacy -I../subprojects/reproc/reproc/include
-Isubprojects/reproc/__CMake_build -I../subprojects/reproc/__CMake_build
-Isubprojects/reproc -I../subprojects/reproc -Isubprojects/pcre-8.37
-I../subprojects/pcre-8.37 -Isubprojects/pcre2-10.39
-I../subprojects/pcre2-10.39 -I../subprojects/pcre2-10.39/src
-Isubprojects/xxHash-0.8.0 -I../subprojects/xxHash-0.8.0
-Isubprojects/json-glib -I../subprojects/json-glib -I../subprojects/zix/include
-Isubprojects/gtk4/gtk/css -Isubprojects/gtk4/gsk -Isubprojects/libbacktrace
-Isubprojects/json-glib/json-glib -I/usr/include/glib-2.0
-I/usr/lib/glib-2.0/include -I/usr/include/sysprof-4 -I/home/alex/local/include
-I/usr/include/libmount -I/usr/include/blkid -I/usr/include/gio-unix-2.0
-I/usr/include/fribidi -I/usr/include/harfbuzz -I/usr/include/freetype2
-I/usr/include/libpng16 -I/usr/include/cairo -I/usr/include/pixman-1
-I/usr/include/gdk-pixbuf-2.0 -I/usr/include/graphene-1.0
-I/usr/lib/graphene-1.0/include -I/usr/include/lzo -I/usr/include/graphviz
-I/usr/include/guile/3.0 -I/usr -I/usr/include/carla
-I/usr/include/carla/includes -I/usr/include/serd-0 -I/usr/include/sord-0
-I/usr/include/sratom-0 -I/usr/include/lilv-0 -I/usr/include/gtksourceview-5
-I/home/alex/local/include/gtk-4.0 -I/home/alex/local/include/pango-1.0
-I/usr/include/libxml2 -I/usr/include/valgrind
-I/home/alex/Documents/git/zrythm/build/subprojects/libbacktrace/dist/home/alex/local/include
-I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -fdiagnostics-color=always
-D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu11 -O0 -g
-DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_70
-DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_70
-DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_4_8
-DGDK_VERSION_MAX_ALLOWED=GDK_VERSION_4_8 -Wno-bad-function-cast
-Wno-old-style-declaration -Werror=absolute-value -Wformat=2
-Wno-missing-field-initializers -Wno-unused-parameter -Wno-sequence-point
-Wignored-qualifiers -Wno-cast-function-type -Walloca -fno-common
-frecord-gcc-switches -march=native -mtune=native -ffast-math -fstrength-reduce
-fdata-sections -ffunction-sections -freciprocal-math
-fsingle-precision-constant -msse -msse2 -mfpmath=sse -fno-math-errno
-fno-omit-frame-pointer -g3 -rdynamic -funwind-tables
-fasynchronous-unwind-tables -fno-toplevel-reorder '-DGETTEXT_PACKAGE="zrythm"'
-fPIC -DZIX_STATIC -DXXH_INLINE_HINTS -DXXH_STATIC_LINKING_ONLY -mfpmath=sse
-msse -msse2 -pthread -DREAL_BUILD -D_REENTRANT
-isystem/usr/include/graphene-1.0 -isystem/usr/lib/graphene-1.0/include
-mfpmath=sse -msse -msse2 -isystem/usr/include/glib-2.0
-isystem/usr/lib/glib-2.0/include -isystem/usr/include/sysprof-4
-isystem/home/alex/local/include -mfpmath=sse -msse -msse2 -Wformat=2
-Wno-missing-field-initializers -Wno-unused-parameter -Wno-sequence-point
-Wignored-qualifiers -Wno-cast-function-type -Walloca -fno-common
'-DLV2_UI__Gtk4UI="https://lv2plug.in/ns/extensions/ui#Gtk4UI"' '-D__(x)=x'
-DG_LOG_USE_STRUCTURED=1 '-DG_LOG_DOMAIN="zrythm"' -DREALTIME=
'-DDEPRECATED_MSG(x)=__attribute__((deprecated(x)))'
'-DOPTIMIZE(x)=__attribute__((optimize(#x)))' '-DOPTIMIZE_O0=OPTIMIZE(O0)'
'-DOPTIMIZE_O1=OPTIMIZE(O1)' '-DOPTIMIZE_O2=OPTIMIZE(O2)'
'-DOPTIMIZE_O3=OPTIMIZE(O3)' '-DNOINLINE=__attribute__((noinline))'
'-DNONNULL_ARGS(...)=__attribute__((nonnull(__VA_ARGS__)))'
'-DACCESS(...)=__attribute__((access(__VA_ARGS__)))'
'-DACCESS_READ_ONLY(...)=ACCESS(read_only,__VA_ARGS__)' -frecord-gcc-switches
'-DALWAYS_INLINE=__attribute__((always_inline))' '-DCOLD=__attribute__((cold))'
'-DHOT=__attribute__((hot))' '-DPURE=__attribute__((pure))'
'-DNONNULL=__attribute__((nonnull))'
'-DRETURNS_NONNULL=__attribute__((returns_nonnull))'
'-DSTACK_PROTECT=__attribute__((stack_protect))'
'-DNO_STACK_PROTECTOR=__attribute__((no_stack_protector))'
'-DWARN_UNUSED_RESULT=__attribute__((warn_unused_result))'
'-DCONST=__attribute__((const))' '-DMALLOC=__attribute__((malloc))'
-march=native -mtune=native -ffast-math -fstrength-reduce -DPIC -fdata-sections
-ffunction-sections -freciprocal-math -fsingle-precision-constant -msse -msse2
-mfpmath=sse -fno-math-errno -fno-omit-frame-pointer -g3 -rdynamic
-funwind-tables -fasynchronous-unwind-tables -fno-toplevel-reorder
-Werror=format-overflow -Werror=format-truncation -Werror=clobbered
-Werror=disabled-optimization -Werror=float-equal -Werror=logical-op
-Werror=pointer-arith -Werror=enum-conversion -Werror=overlength-strings
-Werror=stringop-truncation -Werror=missing-declarations
-Werror=int-to-pointer-cast -Werror=shadow -Werror=undef -Werror=unused
-fstrict-aliasing -Wstrict-aliasing=2 -Werror=strict-aliasing
-Wstrict-overflow=2 -fstrict-overflow -Werror=duplicated-branches
-Werror=duplicated-cond -Werror=null-dereference -Werror=init-self
-Werror=jump-misses-init -Werror=missing-prototypes -Werror=nested-externs
-Werror=write-strings -Werror=sign-compare -Werror=discarded-qualifiers
-Werror=float-conversion -Werror=implicit-function-declaration
-Werror=uninitialized -Werror=maybe-uninitialized -Werror=return-type
-Werror=int-conversion -Werror=incompatible-pointer-types -Werror=implicit-int
-Werror=multistatement-macros -Werror=switch -Werror=overflow
-Werror=array-bounds -Werror=enum-compare -Werror=misleading-indentation
-Werror=int-in-bool-context -Werror=type-limits -Werror=deprecated-declarations
-Werror=endif-labels -Werror=logical-not-parentheses -Werror=parentheses
-Werror=comment -Werror=sizeof-pointer-div -Werror=shift-count-overflow
-Werror=free-nonheap-object -fanalyzer
-Werror=analyzer-possible-null-dereference -Werror=analyzer-malloc-leak
-Werror=analyzer-null-dereference -Werror=analyzer-null-argument
-Werror=analyzer-use-after-free -Werror=analyzer-possible-null-argument
-Werror=analyzer-double-free -Werror=analyzer-file-leak
-Werror=analyzer-use-of-uninitialized-value -Werror=analyzer-out-of-bounds
-Werror=nonnull -Werror=nonnull-compare -Werror=override-init
-Werror=bool-compare -Werror=tautological-compare -Werror=unused-result
-Werror=inline -Werror=duplicate-decl-specifier -Werror=redundant-decls
-Werror=strict-prototypes -Werror=sizeof-array-argument
-Werror=lto-type-mismatch -Werror=odr -Wsuggest-attribute=pure
-Wsuggest-attribute=const -Wsuggest-attribute=noreturn
-Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-attribute=cold
-Werror=sign-conversion -Werror=implicit-fallthrough -Werror=format=2 -MD -MQ
src/libzrythm-lib.so.p/audio_exporter.c.o -MF
src/libzrythm-lib.so.p/audio_exporter.c.o.d -o
src/libzrythm-lib.so.p/audio_exporter.c.o -c ../src/audio/exporter.c
```
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug c/109789] analyzer-use-of-uninitialized-value false positive
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
@ 2023-05-09 12:49 ` alex at zrythm dot org
2023-05-12 3:13 ` [Bug analyzer/109789] " alex at zrythm dot org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: alex at zrythm dot org @ 2023-05-09 12:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
--- Comment #1 from alex at zrythm dot org ---
Created attachment 55029
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55029&action=edit
preprocessed .i file (gzipped)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
2023-05-09 12:49 ` [Bug c/109789] " alex at zrythm dot org
@ 2023-05-12 3:13 ` alex at zrythm dot org
2023-05-12 3:16 ` alex at zrythm dot org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: alex at zrythm dot org @ 2023-05-12 3:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
alex at zrythm dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #55029|0 |1
is obsolete| |
--- Comment #2 from alex at zrythm dot org ---
Created attachment 55060
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55060&action=edit
reduced test case (reduced with cvise)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
2023-05-09 12:49 ` [Bug c/109789] " alex at zrythm dot org
2023-05-12 3:13 ` [Bug analyzer/109789] " alex at zrythm dot org
@ 2023-05-12 3:16 ` alex at zrythm dot org
2023-05-12 3:17 ` alex at zrythm dot org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: alex at zrythm dot org @ 2023-05-12 3:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
alex at zrythm dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #55028|0 |1
is obsolete| |
--- Comment #3 from alex at zrythm dot org ---
Created attachment 55061
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55061&action=edit
gcc invocation output on simplified file
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
` (2 preceding siblings ...)
2023-05-12 3:16 ` alex at zrythm dot org
@ 2023-05-12 3:17 ` alex at zrythm dot org
2023-05-12 8:51 ` [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized redi at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: alex at zrythm dot org @ 2023-05-12 3:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
--- Comment #4 from alex at zrythm dot org ---
I have simplified the test source file using cvise. This can now be reproduced
with:
```
LANG=C gcc -fanalyzer -Werror=analyzer-use-of-uninitialized-value -c
audio_exporter6.c.i
```
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
` (3 preceding siblings ...)
2023-05-12 3:17 ` alex at zrythm dot org
@ 2023-05-12 8:51 ` redi at gcc dot gnu.org
2023-05-12 9:00 ` redi at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2023-05-12 8:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2023-05-12
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
--- Comment #5 from Jonathan Wakely <redi at gcc dot gnu.org> ---
A better reduction:
extern float fabsf(float);
typedef long unsigned size_t;
float dsp_abs_max_ret;
extern float lsp_dsp_abs_max(void);
float dsp_abs_max(float *buf, size_t size) {
for (size_t i = 0; i < size; i++)
if (fabsf(buf[i]) > 1e-20f)
dsp_abs_max_ret = fabsf(buf[i]);
return dsp_abs_max_ret;
}
void export_audio(int nframes, float init, int count) {
do {
float tmp_l[nframes];
for (int i = 0; i < nframes; i++)
tmp_l[i] = init;
float max_amp = dsp_abs_max(tmp_l, nframes);
} while (--count);
}
a.c.i: In function ‘dsp_abs_max’:
a.c.i:11:18: error: use of uninitialized value ‘*buf_16(D) + _1’ [CWE-457]
[-Werror=analyzer-use-of-uninitialized-value]
11 | if (fabsf(buf[i]) > 1e-20f)
| ~~~^~~
‘export_audio’: events 1-5
|
| 15 | void export_audio(int nframes, float init, int count) {
| | ^~~~~~~~~~~~
| | |
| | (1) entry to ‘export_audio’
| 16 | do {
| 17 | float tmp_l[nframes];
| | ~~~~~
| | |
| | (2) region created on stack here
| 18 | for (int i = 0; i < nframes; i++)
| | ~~~~~~~~~~~
| | |
| | (3) following ‘false’ branch (when ‘i >=
nframes’)...
| 19 | tmp_l[i] = init;
| 20 | float max_amp = dsp_abs_max(tmp_l, nframes);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) calling ‘dsp_abs_max’ from ‘export_audio’
|
+--> ‘dsp_abs_max’: events 6-9
|
| 9 | float dsp_abs_max(float *buf, size_t size) {
| | ^~~~~~~~~~~
| | |
| | (6) entry to ‘dsp_abs_max’
| 10 | for (size_t i = 0; i < size; i++)
| | ~~~~~~~~
| | |
| | (7) following ‘true’ branch (when ‘i
< size’)...
| 11 | if (fabsf(buf[i]) > 1e-20f)
| | ~~~~~~
| | |
| | (8) ...to here
| | (9) use of uninitialized value ‘*buf_16(D)
+ _1’ here
|
a.c.i:11:18: error: use of uninitialized value ‘*buf_16(D) + _1’ [CWE-457]
[-Werror=analyzer-use-of-uninitialized-value]
11 | if (fabsf(buf[i]) > 1e-20f)
| ~~~^~~
‘export_audio’: events 1-5
|
| 15 | void export_audio(int nframes, float init, int count) {
| | ^~~~~~~~~~~~
| | |
| | (1) entry to ‘export_audio’
| 16 | do {
| 17 | float tmp_l[nframes];
| | ~~~~~
| | |
| | (2) region created on stack here
| 18 | for (int i = 0; i < nframes; i++)
| | ~~~~~~~~~~~
| | |
| | (3) following ‘false’ branch (when ‘i >=
nframes’)...
| 19 | tmp_l[i] = init;
| 20 | float max_amp = dsp_abs_max(tmp_l, nframes);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) calling ‘dsp_abs_max’ from ‘export_audio’
|
+--> ‘dsp_abs_max’: events 6-11
|
| 9 | float dsp_abs_max(float *buf, size_t size) {
| | ^~~~~~~~~~~
| | |
| | (6) entry to ‘dsp_abs_max’
| 10 | for (size_t i = 0; i < size; i++)
| | ~~~~~~~~
| | |
| | (7) following ‘true’ branch (when ‘i
< size’)...
| | (9) following ‘true’ branch (when ‘i
< size’)...
| 11 | if (fabsf(buf[i]) > 1e-20f)
| | ~~~~~~
| | |
| | (8) ...to here
| | (10) ...to here
| | (11) use of uninitialized value
‘*buf_16(D) + _1’ here
|
a.c.i:12:34: error: use of uninitialized value ‘*buf_16(D) + _5’ [CWE-457]
[-Werror=analyzer-use-of-uninitialized-value]
12 | dsp_abs_max_ret = fabsf(buf[i]);
| ~~~^~~
‘export_audio’: events 1-5
|
| 15 | void export_audio(int nframes, float init, int count) {
| | ^~~~~~~~~~~~
| | |
| | (1) entry to ‘export_audio’
| 16 | do {
| 17 | float tmp_l[nframes];
| | ~~~~~
| | |
| | (2) region created on stack here
| 18 | for (int i = 0; i < nframes; i++)
| | ~~~~~~~~~~~
| | |
| | (3) following ‘false’ branch (when ‘i >=
nframes’)...
| 19 | tmp_l[i] = init;
| 20 | float max_amp = dsp_abs_max(tmp_l, nframes);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) calling ‘dsp_abs_max’ from ‘export_audio’
|
+--> ‘dsp_abs_max’: events 6-11
|
| 9 | float dsp_abs_max(float *buf, size_t size) {
| | ^~~~~~~~~~~
| | |
| | (6) entry to ‘dsp_abs_max’
| 10 | for (size_t i = 0; i < size; i++)
| | ~~~~~~~~
| | |
| | (7) following ‘true’ branch (when ‘i
< size’)...
| 11 | if (fabsf(buf[i]) > 1e-20f)
| | ~ ~
| | | |
| | | (8) ...to here
| | (9) following ‘true’ branch...
| 12 | dsp_abs_max_ret = fabsf(buf[i]);
| | ~~~~~~
| | |
| | (10) ...to here
| | (11) use of uninitialized
value ‘*buf_16(D) + _5’ here
|
a.c.i:12:34: error: use of uninitialized value ‘*buf_16(D) + _5’ [CWE-457]
[-Werror=analyzer-use-of-uninitialized-value]
12 | dsp_abs_max_ret = fabsf(buf[i]);
| ~~~^~~
‘export_audio’: events 1-5
|
| 15 | void export_audio(int nframes, float init, int count) {
| | ^~~~~~~~~~~~
| | |
| | (1) entry to ‘export_audio’
| 16 | do {
| 17 | float tmp_l[nframes];
| | ~~~~~
| | |
| | (2) region created on stack here
| 18 | for (int i = 0; i < nframes; i++)
| | ~~~~~~~~~~~
| | |
| | (3) following ‘false’ branch (when ‘i >=
nframes’)...
| 19 | tmp_l[i] = init;
| 20 | float max_amp = dsp_abs_max(tmp_l, nframes);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) calling ‘dsp_abs_max’ from ‘export_audio’
|
+--> ‘dsp_abs_max’: events 6-11
|
| 9 | float dsp_abs_max(float *buf, size_t size) {
| | ^~~~~~~~~~~
| | |
| | (6) entry to ‘dsp_abs_max’
| 10 | for (size_t i = 0; i < size; i++)
| | ~~~~~~~~
| | |
| | (7) following ‘true’ branch (when ‘i
< size’)...
| | (9) following ‘true’ branch (when ‘i
< size’)...
| 11 | if (fabsf(buf[i]) > 1e-20f)
| | ~
| | |
| | (8) ...to here
| | (10) ...to here
| 12 | dsp_abs_max_ret = fabsf(buf[i]);
| | ~~~~~~
| | |
| | (11) use of uninitialized
value ‘*buf_16(D) + _5’ here
|
cc1: some warnings being treated as errors
It seems to be related to the use of a VLA for the array.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
` (4 preceding siblings ...)
2023-05-12 8:51 ` [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized redi at gcc dot gnu.org
@ 2023-05-12 9:00 ` redi at gcc dot gnu.org
2023-05-12 9:26 ` redi at gcc dot gnu.org
2023-05-12 9:32 ` redi at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2023-05-12 9:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
--- Comment #6 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #5)
> float dsp_abs_max(float *buf, size_t size) {
> for (size_t i = 0; i < size; i++)
> if (fabsf(buf[i]) > 1e-20f)
> dsp_abs_max_ret = fabsf(buf[i]);
> return dsp_abs_max_ret;
> }
> void export_audio(int nframes, float init, int count) {
> do {
> float tmp_l[nframes];
> for (int i = 0; i < nframes; i++)
> tmp_l[i] = init;
> float max_amp = dsp_abs_max(tmp_l, nframes);
I think the problem is that frames is signed int and is converted to size_t
when calling this function. The analyzer is complaining that if nframes is
negative, then you'll get a very large size_t and the loop inside dsp_abs_max
will read more variables than were init'd.
Of course if nframes is negative, the program has undefined behaviour anyway,
C17 6.7.6.2 says "each time it is evaluated
it shall have a value greater than zero".
So I think the analyzer should assume the size is greater than zero, or warn
about *that* possibility, at the point of the array declaration.
If you add this to export_audio() then there's no analyzer warning:
if (nframes < 1)
return;
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
` (5 preceding siblings ...)
2023-05-12 9:00 ` redi at gcc dot gnu.org
@ 2023-05-12 9:26 ` redi at gcc dot gnu.org
2023-05-12 9:32 ` redi at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2023-05-12 9:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
--- Comment #7 from Jonathan Wakely <redi at gcc dot gnu.org> ---
It also seems to depend on array-to-pointer decay from float[nframes] to float*
across the function boundary, because if the loop using the size_t index is
moved into the same function as the array initialization, the analyzer doesn't
complain.
In any case, the value of size_t size should be assumed to positive.
Further reduced:
void sink(float);
void dsp_abs_max(float *buf, unsigned size) {
sink(buf[size - 1]);
}
void export_audio(int nframes, float init, int count) {
do {
float tmp_l[nframes];
for (int i = 0; i < nframes; i++)
tmp_l[i] = init;
dsp_abs_max(tmp_l, nframes);
} while (--count);
}
$ gcc -fanalyzer -Werror=analyzer-use-of-uninitialized-value -c a.c
a.c: In function ‘dsp_abs_max’:
a.c:4:3: error: use of uninitialized value ‘*buf_7(D) + _3’ [CWE-457]
[-Werror=analyzer-use-of-uninitialized-value]
4 | sink(buf[size - 1]);
| ^~~~~~~~~~~~~~~~~~~
‘export_audio’: events 1-5
|
| 6 | void export_audio(int nframes, float init, int count) {
| | ^~~~~~~~~~~~
| | |
| | (1) entry to ‘export_audio’
| 7 | do {
| 8 | float tmp_l[nframes];
| | ~~~~~
| | |
| | (2) region created on stack here
| 9 | for (int i = 0; i < nframes; i++)
| | ~~~~~~~~~~~
| | |
| | (3) following ‘false’ branch (when ‘i >=
nframes’)...
| 10 | tmp_l[i] = init;
| 11 | dsp_abs_max(tmp_l, nframes);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) calling ‘dsp_abs_max’ from ‘export_audio’
|
+--> ‘dsp_abs_max’: events 6-7
|
| 3 | void dsp_abs_max(float *buf, unsigned size) {
| | ^~~~~~~~~~~
| | |
| | (6) entry to ‘dsp_abs_max’
| 4 | sink(buf[size - 1]);
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (7) use of uninitialized value ‘*buf_7(D) + _3’ here
|
cc1: some warnings being treated as errors
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
` (6 preceding siblings ...)
2023-05-12 9:26 ` redi at gcc dot gnu.org
@ 2023-05-12 9:32 ` redi at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: redi at gcc dot gnu.org @ 2023-05-12 9:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
--- Comment #8 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #7)
> It also seems to depend on array-to-pointer decay from float[nframes] to
> float* across the function boundary, because if the loop using the size_t
> index is moved into the same function as the array initialization, the
> analyzer doesn't complain.
Ah no, this still complains without a separate function:
void sink(int);
void export_audio(int nframes, int init, int count) {
do {
int tmp_l[nframes];
for (int i = 0; i < nframes; i++)
tmp_l[i] = init;
unsigned size = nframes;
sink(tmp_l[size - 1]);
} while (--count);
}
a.c: In function ‘export_audio’:
a.c:9:5: error: use of uninitialized value ‘*tmp_l[<unknown>]’ [CWE-457]
[-Werror=analyzer-use-of-uninitialized-value]
9 | sink(tmp_l[size - 1]);
| ^~~~~~~~~~~~~~~~~~~~~
‘export_audio’: events 1-4
|
| 5 | int tmp_l[nframes];
| | ^~~~~
| | |
| | (1) region created on stack here
| 6 | for (int i = 0; i < nframes; i++)
| | ~~~~~~~~~~~
| | |
| | (2) following ‘false’ branch (when ‘i >=
nframes’)...
| 7 | tmp_l[i] = init;
| 8 | unsigned size = nframes;
| | ~~~~
| | |
| | (3) ...to here
| 9 | sink(tmp_l[size - 1]);
| | ~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) use of uninitialized value ‘*tmp_l[<unknown>]’ here
|
cc1: some warnings being treated as errors
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-05-12 9:32 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
2023-05-09 12:49 ` [Bug c/109789] " alex at zrythm dot org
2023-05-12 3:13 ` [Bug analyzer/109789] " alex at zrythm dot org
2023-05-12 3:16 ` alex at zrythm dot org
2023-05-12 3:17 ` alex at zrythm dot org
2023-05-12 8:51 ` [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized redi at gcc dot gnu.org
2023-05-12 9:00 ` redi at gcc dot gnu.org
2023-05-12 9:26 ` redi at gcc dot gnu.org
2023-05-12 9:32 ` redi at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).