From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id BFA043898501; Sat, 25 Apr 2020 00:20:13 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BFA043898501 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1587774013; bh=TnXHIm2NBmNp2mD04wMWn018XfthII7Ajo8ORLNiZn0=; h=From:To:Subject:Date:From; b=Tu2kj1KbH0lpn/bIClbMyE6C7tbfLnA4VNICZ4OAgluAuEy2pOVuyU3UXFF3aCVi7 h00CvBI4FqDVUdNirV2r9PM6Ii0QEvCTke4OKGy3mNPiz00uqS9E3QApjnHNxcUCQ7 IJYunDm8fDmoG3uN27BdHQQwtvWQ1QW3r2nHQn1Y= From: "colomar.6.4.3 at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/94754] New: -fanalyzer false positive due to it ignoring previous if Date: Sat, 25 Apr 2020 00:20:13 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 10.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: colomar.6.4.3 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Apr 2020 00:20:13 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D94754 Bug ID: 94754 Summary: -fanalyzer false positive due to it ignoring previous if Product: gcc Version: 10.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: colomar.6.4.3 at gmail dot com Target Milestone: --- The analyzer follows branches that are incompatible (sometimes). Code to reproduce the bug: [[gnu::nonnull]] static void init_x(int cond, int **x, int *y) { if (!cond) return; *x =3D y; } int foo(int cond) { int *x; int y =3D 7; if (cond < 2) return -1; /* cond >=3D 2 !=3D 0, so it will initialize x */ init_x(cond, &x, &y); return *x; } $ gcc-10 -c false_positive.c -o foo -fanalyzer In function =E2=80=98foo=E2=80=99: false_positive.c:22:9: warning: use of uninitialized value =E2=80=98x=E2=80= =99 [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 22 | return *x; | ^~ =E2=80=98foo=E2=80=99: events 1-4 | | 11 | int foo(int cond) | | ^~~ | | | | | (1) entry to =E2=80=98foo=E2=80=99 |...... | 16 | if (cond < 2) | | ~ | | | | | (2) following =E2=80=98false=E2=80=99 branch (when =E2=80= =98cond > 1=E2=80=99)... |...... | 20 | init_x(cond, &x, &y); | | ~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling =E2=80=98init_x=E2=80=99 from =E2=80=98foo=E2=80= =99 | +--> =E2=80=98init_x=E2=80=99: events 5-7 | | 3 | void init_x(int cond, int **x, int *y) | | ^~~~~~ | | | | | (5) entry to =E2=80=98init_x=E2=80=99 |...... | 6 | if (!cond) | | ~=20 | | | | | (6) following =E2=80=98true=E2=80=99 branch (when = =E2=80=98cond =3D=3D 0=E2=80=99)... !!! cond =3D=3D 0, but previously it assumed cond > 1 !!! | 7 | return; | | ~~~~~~ | | | | | (7) ...to here | <------+ | =E2=80=98foo=E2=80=99: events 8-9 | | 20 | init_x(cond, &x, &y); | | ^~~~~~~~~~~~~~~~~~~~ | | | | | (8) returning to =E2=80=98foo=E2=80=99 from =E2=80=98init_x= =E2=80=99 | 21 |=20 | 22 | return *x; | | ~~ | | | | | (9) use of uninitialized value =E2=80=98x=E2=80=99 here | $ ___________________________________________________ But. - If I copy&paste (manual inline) `init_x` code inside `foo`, the warning = goes away. - If I use pointers instead of double pointers (`void init_x(int cond, int= *x, int y)`), the warning goes away.=