From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id E6DA53858C5F; Fri, 12 May 2023 09:26:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E6DA53858C5F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1683883582; bh=6KMjeWMWbOv+FIBB9Kc32tR8QWfN3ubJu4aRqSJR3uE=; h=From:To:Subject:Date:In-Reply-To:References:From; b=QYrapFAXOiDbYAirGPIR4nXhRHR1X/vzQuJm8x8kIP2s6+gw/tBnrBC9EqdQ0T3IR 7Kds+wXa+qrzDR/q6Nc8B3QRwDF9kkcVdOfZSHgyIXZbN34ioMxlvwnMAKFqpnV2fq rj7vJqnpHz/HtDASZ/zphBvcFKJRG3aoYfhAVPwQ= From: "redi at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized Date: Fri, 12 May 2023 09:26:22 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.1.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: redi at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109789 --- Comment #7 from Jonathan Wakely --- It also seems to depend on array-to-pointer decay from float[nframes] to fl= oat* across the function boundary, because if the loop using the size_t index is moved into the same function as the array initialization, the analyzer does= n't complain. In any case, the value of size_t size should be assumed to positive. Further reduced: void sink(float); void dsp_abs_max(float *buf, unsigned size) { sink(buf[size - 1]); } void export_audio(int nframes, float init, int count) { do { float tmp_l[nframes]; for (int i =3D 0; i < nframes; i++) tmp_l[i] =3D init; dsp_abs_max(tmp_l, nframes); } while (--count); } $ gcc -fanalyzer -Werror=3Danalyzer-use-of-uninitialized-value -c a.c a.c: In function =E2=80=98dsp_abs_max=E2=80=99: a.c:4:3: error: use of uninitialized value =E2=80=98*buf_7(D) + _3=E2=80=99= [CWE-457] [-Werror=3Danalyzer-use-of-uninitialized-value] 4 | sink(buf[size - 1]); | ^~~~~~~~~~~~~~~~~~~ =E2=80=98export_audio=E2=80=99: events 1-5 | | 6 | void export_audio(int nframes, float init, int count) { | | ^~~~~~~~~~~~ | | | | | (1) entry to =E2=80=98export_audio=E2=80=99 | 7 | do { | 8 | float tmp_l[nframes]; | | ~~~~~ | | | | | (2) region created on stack here | 9 | for (int i =3D 0; i < nframes; i++) | | ~~~~~~~~~~~ | | | | | (3) following =E2=80=98false=E2=80=99 br= anch (when =E2=80=98i >=3D nframes=E2=80=99)... | 10 | tmp_l[i] =3D init; | 11 | dsp_abs_max(tmp_l, nframes); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) calling =E2=80=98dsp_abs_max=E2=80=99 from =E2=80=98ex= port_audio=E2=80=99 | +--> =E2=80=98dsp_abs_max=E2=80=99: events 6-7 | | 3 | void dsp_abs_max(float *buf, unsigned size) { | | ^~~~~~~~~~~ | | | | | (6) entry to =E2=80=98dsp_abs_max=E2=80=99 | 4 | sink(buf[size - 1]); | | ~~~~~~~~~~~~~~~~~~~ | | | | | (7) use of uninitialized value =E2=80=98*buf_7(D) + _= 3=E2=80=99 here | cc1: some warnings being treated as errors=