[Bug c/98901] New: Static analyses warning disappears when the value is passed to a function with variable number of arguments when optimisation is on

[Bug c/98901] New: Static analyses warning disappears when the value is passed to a function with variable number of arguments when optimisation is on

[oleg.pekar.2017 at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98901

            Bug ID: 98901
           Summary: Static analyses warning disappears when the value is
                    passed to a function with variable number of arguments
                    when optimisation is on
           Product: gcc
           Version: 8.3.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: oleg.pekar.2017 at gmail dot com
  Target Milestone: ---

Created attachment 50096
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50096&action=edit
Preprocessor output for source file test2.c

The problem is related to bug 98900

gcc version: 8.3.1
system type: RedHat 8.1, Kernel 4.18.0-147.3.1.el8_1.x86_64

Problem: The same static analyses warning seen in bug 98900 disappears when the
pointer variable that keeps address of the local variable from problem in the
bug 98900 is used for the first time in function with variable number of
parameters (must have optimisation on, as continuation of problem 1)
Input source: attached test2.i
Command line: gcc -Wall -save-temps -O2 test2.c
Output when call to f4() is present in main(): nothing 
Output when call to f4() is commented in main(): 
test2.c: In function ‘main’:
test2.c:29:13: warning: ‘x’ is used uninitialized in this function
[-Wuninitialized]
         int x = 0;
             ^

[Bug middle-end/98901] missing warning passing a dangling pointer to a function

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98901

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2021-01-31
                 CC|                            |msebor at gcc dot gnu.org
           See Also|                            |https://gcc.gnu.org/bugzill
                   |                            |a/show_bug.cgi?id=98900
            Summary|Static analyses warning     |missing warning passing a
                   |disappears when the value   |dangling pointer to a
                   |is passed to a function     |function
                   |with variable number of     |
                   |arguments when optimisation |
                   |is on                       |
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
I think the problem here reduces to one of GCC having no support for detecting
the uses of dangling pointers.

In the original test case the variadic function is defined but because GCC
doesn't inline variadic functions it's not relevant.  The smaller test case
below shows that after a variable's life has ended, using its address isn't
diagnosed even though any and all uses of pointers to such objects are
undefined.  Diagnosing the use of such a pointer in this test case is trivial
based on the preceding CLOBBER.  (See also pr98900 for another test case
involving clobbers.)

$ cat pr98901.c && gcc -O2 -S -Wall -fdump-tree-uninit=/dev/stdout pr98901.c
int f (int count, ...);

int main ()
{
  int *p;
  {
    int x = 0;
    p = &x;
  }

  f (1, p);   // missing warning

  __builtin_putchar (*p);
}

;; Function main (main, funcdef_no=0, decl_uid=1944, cgraph_uid=1,
symbol_order=0) (executed once)

int main ()
{
  int x;
  int _1;

  <bb 2> [local count: 1073741824]:
  x ={v} {CLOBBER};
  f (1, &x);
  _1 = x;
  __builtin_putchar (_1);
  return 0;

}

[Bug middle-end/98901] missing warning passing a dangling pointer to a function

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98901

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at gcc dot gnu.org      |msebor at gcc dot gnu.org
         Resolution|---                         |DUPLICATE
             Status|NEW                         |RESOLVED

--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
With the -Wdangling-pointer patch (see bug 63272 comment 5) GCC diagnoses the
problem in both the test case in attachment 50096:

test2.c: In function ‘main’:
test2.c:34:5: warning: using dangling pointer ‘p’ to ‘x’ [-Wdangling-pointer=]
test2.c:29:13: note: ‘x’ declared here
test2.c:33:5: warning: using dangling pointer ‘p’ to ‘x’ [-Wdangling-pointer=]
test2.c:29:13: note: ‘x’ declared here

and the one in comment #1:

$ gcc -O2 -S -Wall pr98901.c
pr98901.c: In function ‘main’:
pr98901.c:13:9: warning: using dangling pointer ‘p’ to ‘x’
[-Wdangling-pointer=]
   13 |  return *p;
      |         ^~
pr98901.c:7:9: note: ‘x’ declared here
    7 |     int x = 0;
      |         ^
pr98901.c:11:3: warning: using dangling pointer ‘p’ to ‘x’
[-Wdangling-pointer=]
   11 |   f (1, p);   // missing warning
      |   ^~~~~~~~
pr98901.c:7:9: note: ‘x’ declared here
    7 |     int x = 0;
      |         ^

*** This bug has been marked as a duplicate of bug 63272 ***