From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id ECF643858C54; Fri, 12 May 2023 08:51:12 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org ECF643858C54 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1683881472; bh=TZoJwW1GFAhsIO1fPjmKj+lxd58id7x/pue691c2XnM=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Nedu/VbuynXEW7mAYTE2/Psxdv9/HiVpaD1tGuG9dPC13mDNBwb3dF3CBPlvJIV32 yI+Zz8wPw1hT0zwT3WQtiIkzWfmyBaNt6KLGfp1uloxoP+KEExLAsKCG2Cg1icTax7 hWnrdUFqYuRe45hvpDuFrC+IgRNaIYj8SjD1c66s= From: "redi at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized Date: Fri, 12 May 2023 08:51:11 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.1.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: redi at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cf_reconfirmed_on everconfirmed bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109789 Jonathan Wakely changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2023-05-12 Ever confirmed|0 |1 Status|UNCONFIRMED |NEW --- Comment #5 from Jonathan Wakely --- A better reduction: extern float fabsf(float); typedef long unsigned size_t; float dsp_abs_max_ret; extern float lsp_dsp_abs_max(void); float dsp_abs_max(float *buf, size_t size) { for (size_t i =3D 0; i < size; i++) if (fabsf(buf[i]) > 1e-20f) dsp_abs_max_ret =3D fabsf(buf[i]); return dsp_abs_max_ret; } void export_audio(int nframes, float init, int count) { do { float tmp_l[nframes]; for (int i =3D 0; i < nframes; i++) tmp_l[i] =3D init; float max_amp =3D dsp_abs_max(tmp_l, nframes); } while (--count); } a.c.i: In function =E2=80=98dsp_abs_max=E2=80=99: a.c.i:11:18: error: use of uninitialized value =E2=80=98*buf_16(D) + _1=E2= =80=99 [CWE-457] [-Werror=3Danalyzer-use-of-uninitialized-value] 11 | if (fabsf(buf[i]) > 1e-20f) | ~~~^~~ =E2=80=98export_audio=E2=80=99: events 1-5 | | 15 | void export_audio(int nframes, float init, int count) { | | ^~~~~~~~~~~~ | | | | | (1) entry to =E2=80=98export_audio=E2=80=99 | 16 | do { | 17 | float tmp_l[nframes]; | | ~~~~~ | | | | | (2) region created on stack here | 18 | for (int i =3D 0; i < nframes; i++) | | ~~~~~~~~~~~ | | | | | (3) following =E2=80=98false=E2=80=99 br= anch (when =E2=80=98i >=3D nframes=E2=80=99)... | 19 | tmp_l[i] =3D init; | 20 | float max_amp =3D dsp_abs_max(tmp_l, nframes); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) calling =E2=80=98dsp_abs_max=E2=80=99 = from =E2=80=98export_audio=E2=80=99 | +--> =E2=80=98dsp_abs_max=E2=80=99: events 6-9 | | 9 | float dsp_abs_max(float *buf, size_t size) { | | ^~~~~~~~~~~ | | | | | (6) entry to =E2=80=98dsp_abs_max=E2=80=99 | 10 | for (size_t i =3D 0; i < size; i++) | | ~~~~~~~~ | | | | | (7) following =E2=80=98true=E2= =80=99 branch (when =E2=80=98i < size=E2=80=99)... | 11 | if (fabsf(buf[i]) > 1e-20f) | | ~~~~~~ | | | | | (8) ...to here | | (9) use of uninitialized value =E2=80= =98*buf_16(D) + _1=E2=80=99 here | a.c.i:11:18: error: use of uninitialized value =E2=80=98*buf_16(D) + _1=E2= =80=99 [CWE-457] [-Werror=3Danalyzer-use-of-uninitialized-value] 11 | if (fabsf(buf[i]) > 1e-20f) | ~~~^~~ =E2=80=98export_audio=E2=80=99: events 1-5 | | 15 | void export_audio(int nframes, float init, int count) { | | ^~~~~~~~~~~~ | | | | | (1) entry to =E2=80=98export_audio=E2=80=99 | 16 | do { | 17 | float tmp_l[nframes]; | | ~~~~~ | | | | | (2) region created on stack here | 18 | for (int i =3D 0; i < nframes; i++) | | ~~~~~~~~~~~ | | | | | (3) following =E2=80=98false=E2=80=99 br= anch (when =E2=80=98i >=3D nframes=E2=80=99)... | 19 | tmp_l[i] =3D init; | 20 | float max_amp =3D dsp_abs_max(tmp_l, nframes); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) calling =E2=80=98dsp_abs_max=E2=80=99 = from =E2=80=98export_audio=E2=80=99 | +--> =E2=80=98dsp_abs_max=E2=80=99: events 6-11 | | 9 | float dsp_abs_max(float *buf, size_t size) { | | ^~~~~~~~~~~ | | | | | (6) entry to =E2=80=98dsp_abs_max=E2=80=99 | 10 | for (size_t i =3D 0; i < size; i++) | | ~~~~~~~~ | | | | | (7) following =E2=80=98true=E2= =80=99 branch (when =E2=80=98i < size=E2=80=99)... | | (9) following =E2=80=98true=E2= =80=99 branch (when =E2=80=98i < size=E2=80=99)... | 11 | if (fabsf(buf[i]) > 1e-20f) | | ~~~~~~ | | | | | (8) ...to here | | (10) ...to here | | (11) use of uninitialized value =E2=80=98*buf_16(D) + _1=E2=80=99 here | a.c.i:12:34: error: use of uninitialized value =E2=80=98*buf_16(D) + _5=E2= =80=99 [CWE-457] [-Werror=3Danalyzer-use-of-uninitialized-value] 12 | dsp_abs_max_ret =3D fabsf(buf[i]); | ~~~^~~ =E2=80=98export_audio=E2=80=99: events 1-5 | | 15 | void export_audio(int nframes, float init, int count) { | | ^~~~~~~~~~~~ | | | | | (1) entry to =E2=80=98export_audio=E2=80=99 | 16 | do { | 17 | float tmp_l[nframes]; | | ~~~~~ | | | | | (2) region created on stack here | 18 | for (int i =3D 0; i < nframes; i++) | | ~~~~~~~~~~~ | | | | | (3) following =E2=80=98false=E2=80=99 br= anch (when =E2=80=98i >=3D nframes=E2=80=99)... | 19 | tmp_l[i] =3D init; | 20 | float max_amp =3D dsp_abs_max(tmp_l, nframes); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) calling =E2=80=98dsp_abs_max=E2=80=99 = from =E2=80=98export_audio=E2=80=99 | +--> =E2=80=98dsp_abs_max=E2=80=99: events 6-11 | | 9 | float dsp_abs_max(float *buf, size_t size) { | | ^~~~~~~~~~~ | | | | | (6) entry to =E2=80=98dsp_abs_max=E2=80=99 | 10 | for (size_t i =3D 0; i < size; i++) | | ~~~~~~~~ | | | | | (7) following =E2=80=98true=E2= =80=99 branch (when =E2=80=98i < size=E2=80=99)... | 11 | if (fabsf(buf[i]) > 1e-20f) | | ~ ~ | | | | | | | (8) ...to here | | (9) following =E2=80=98true=E2=80=99 branch... | 12 | dsp_abs_max_ret =3D fabsf(buf[i]); | | ~~~~~~ | | | | | (10) ...to here | | (11) use of uninitiali= zed value =E2=80=98*buf_16(D) + _5=E2=80=99 here | a.c.i:12:34: error: use of uninitialized value =E2=80=98*buf_16(D) + _5=E2= =80=99 [CWE-457] [-Werror=3Danalyzer-use-of-uninitialized-value] 12 | dsp_abs_max_ret =3D fabsf(buf[i]); | ~~~^~~ =E2=80=98export_audio=E2=80=99: events 1-5 | | 15 | void export_audio(int nframes, float init, int count) { | | ^~~~~~~~~~~~ | | | | | (1) entry to =E2=80=98export_audio=E2=80=99 | 16 | do { | 17 | float tmp_l[nframes]; | | ~~~~~ | | | | | (2) region created on stack here | 18 | for (int i =3D 0; i < nframes; i++) | | ~~~~~~~~~~~ | | | | | (3) following =E2=80=98false=E2=80=99 br= anch (when =E2=80=98i >=3D nframes=E2=80=99)... | 19 | tmp_l[i] =3D init; | 20 | float max_amp =3D dsp_abs_max(tmp_l, nframes); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) calling =E2=80=98dsp_abs_max=E2=80=99 = from =E2=80=98export_audio=E2=80=99 | +--> =E2=80=98dsp_abs_max=E2=80=99: events 6-11 | | 9 | float dsp_abs_max(float *buf, size_t size) { | | ^~~~~~~~~~~ | | | | | (6) entry to =E2=80=98dsp_abs_max=E2=80=99 | 10 | for (size_t i =3D 0; i < size; i++) | | ~~~~~~~~ | | | | | (7) following =E2=80=98true=E2= =80=99 branch (when =E2=80=98i < size=E2=80=99)... | | (9) following =E2=80=98true=E2= =80=99 branch (when =E2=80=98i < size=E2=80=99)... | 11 | if (fabsf(buf[i]) > 1e-20f) | | ~ | | | | | (8) ...to here | | (10) ...to here | 12 | dsp_abs_max_ret =3D fabsf(buf[i]); | | ~~~~~~ | | | | | (11) use of uninitiali= zed value =E2=80=98*buf_16(D) + _5=E2=80=99 here | cc1: some warnings being treated as errors It seems to be related to the use of a VLA for the array.=