[Bug c++/111399] New: Sanitizer code generation smarter than warnings

[Bug c++/111399] New: Sanitizer code generation smarter than warnings

[david at westcontrol dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111399

            Bug ID: 111399
           Summary: Sanitizer code generation smarter than warnings
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: david at westcontrol dot com
  Target Milestone: ---

Given this code :

int sign(int x) {
    if (x < 0) return -1;
    if (x == 0) return 0;
    if (x > 0) return 1;    
}


and compiled with "-O2 -Wall", gcc is unable to see that all possible cases for
"x" are covered, so it generates a "control reaches end of non-void function
[-Wreturn-type]" warning.  It would be nice if gcc could see this is a false
positive, but analysis and warnings can't be perfect.

However, if I add the flag "-fsanitize=undefined", the compiler is smart enough
to see that all cases are covered, and there is no call to
__ubsan_handle_missing_return generated.

If the sanitizer code generation can see that all cases are covered, why can't
the -Wreturn-type warning detection?  I'm guessing it comes down to the
ordering of compiler passes and therefore the level of program analysis
information available at that point.  But perhaps the -Wreturn-type pass could
be done later when the information is available?

[Bug c++/111399] Bogus -Wreturn-type diagnostic

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111399

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
           Keywords|                            |diagnostic
            Summary|Sanitizer code generation   |Bogus -Wreturn-type
                   |smarter than warnings       |diagnostic
   Last reconfirmed|                            |2023-09-13
            Version|unknown                     |14.0

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
We do instrument the missed return but it gets later optimized away.

[Bug c++/111399] Bogus -Wreturn-type diagnostic

[david at westcontrol dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111399

--- Comment #2 from David Brown <david at westcontrol dot com> ---
Would it be possible to have the "-Wreturn-type" warning pass not issue a
warning immediately, but inject a warning into the code that could then be
removed later by optimisation?

What I mean, is to have something roughly like this :

void __attribute__((warning("Reached return in non-void function")))
__ReturnNonVoid(void);

int sign(int x) {
    if (x < 0) return -1;
    if (x == 0) return 0;
    if (x > 0) return 1;
    __ReturnNonVoid();
}


Instead of issuing a warning straight away, if the compiler had added a call to
a non-existent "__ReturnNonVoid" function (just like the sanitizer adds a call
to "__ubsan_handle_missing_return"), this would be optimised away in functions
like this sample and the false positive warning would not be issued.  (Ideally,
of course, it would be suitable GIMPLE, or appropriate internal representation
for that pass, rather than a call to a non-existent function.)