[PATCH] correct uninitialized object offset and size computation [PR101494]

[PATCH] correct uninitialized object offset and size computation [PR101494]

[Martin Sebor]

[-- Attachment #1: Type: text/plain, Size: 326 bytes --]

The code that computes the size of an access to an object in
-Wuninitialized is limited to declared objects and so doesn't
apply to allocated objects, and doesn't correctly account for
an offset into the object and the access size.  This causes
false positives.

The attached fix tested on x86_64-linux corrects this.

Martin

[-- Attachment #2: gcc-101494.diff --]
[-- Type: text/x-patch, Size: 3027 bytes --]

Correct uninitialized object offset and size computation [PR101494].

Resolves:
PR middle-end/101494 - -uninitialized false alarm with memrchr of size 0

gcc/ChangeLog:

	PR middle-end/101494
	* tree-ssa-uninit.c (builtin_call_nomodifying_p):
	(check_defs):
	(maybe_warn_operand):

gcc/testsuite/ChangeLog:

	PR middle-end/101494
	* gcc.dg/uninit-38.c:
	* gcc.dg/uninit-41.c: New test.
	* gcc.dg/uninit-pr101494.c: New test.

@@ -304,16 +344,20 @@ maybe_warn_operand (ao_ref &ref, gimple *stmt, tree lhs, tree rhs,
       || get_no_uninit_warning (base))
     return NULL_TREE;
 
-  /* Do not warn if the access is fully outside of the variable.  */
+  /* Do not warn if the access is zero size or if it's fully outside
+     the object.  */
   poly_int64 decl_size;
+  if (known_size_p (ref.size)
+      && known_eq (ref.max_size, ref.size)
+      && (known_eq (ref.size, 0)
+	  || known_le (ref.offset + ref.size, 0)))
+    return NULL_TREE;
+
   if (DECL_P (base)
-      && ((known_size_p (ref.size)
-	   && known_eq (ref.max_size, ref.size)
-	   && known_le (ref.offset + ref.size, 0))
-	  || (known_ge (ref.offset, 0)
-	      && DECL_SIZE (base)
-	      && poly_int_tree_p (DECL_SIZE (base), &decl_size)
-	      && known_le (decl_size, ref.offset))))
+      && known_ge (ref.offset, 0)
+      && DECL_SIZE (base)
+      && poly_int_tree_p (DECL_SIZE (base), &decl_size)
+      && known_le (decl_size, ref.offset))
     return NULL_TREE;
 
   /* Do not warn if the result of the access is then used for
diff --git a/gcc/testsuite/gcc.dg/uninit-pr101494.c b/gcc/testsuite/gcc.dg/uninit-pr101494.c
new file mode 100644
index 00000000000..4fcb5f2dc79
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/uninit-pr101494.c
@@ -0,0 +1,60 @@
+/* PR middle-end/101494 - bogus -Wmaybe-uninitialized on memrchr of size 0
+   { dg-do compile }
+   { dg-options "-O2 -Wall" } */
+
+typedef __SIZE_TYPE__ size_t;
+
+void* alloca (size_t);
+
+__attribute__ ((malloc, alloc_size (1))) void* alloc (size_t);
+
+__attribute__ ((access (read_only, 1, 2))) void* sink (void*, size_t);
+
+void test_alloca_zero (size_t i)
+{
+  char *p = alloca (0);
+  sink (p, 0);      // { dg-bogus "\\\[-Wuninitialized" }
+}
+
+void test_alloca_zero_p1 (size_t i)
+{
+  char *p = alloca (0);
+  sink (p + i, 0);
+}
+
+void test_alloca_cst (void)
+{
+  char *p = alloca (7);
+  sink (p, 0);      // { dg-bogus "\\\[-Wuninitialized" }
+}
+
+void test_alloca_cst_p1 (void)
+{
+  char *p = alloca (7);
+  sink (p, 0);      // { dg-bogus "\\\[-Wuninitialized" }
+}
+
+void test_alloca_cst_p7 (void)
+{
+  char *p = alloca (7);
+  sink (p + 7, 0);  // { dg-bogus "\\\[-Wuninitialized" }
+}
+
+void test_alloca_var (size_t n)
+{
+  char *p = alloca (n);
+  sink (p, 0);      // { dg-bogus "\\\[-Wuninitialized" }
+}
+
+void test_alloca_var_p1 (size_t n)
+{
+  char *p = alloca (n);
+  sink (p + 1, 0);  // { dg-bogus "\\\[-Wuninitialized" }
+}
+
+void test_alloca_var_pn (size_t n)
+{
+  char *p = alloca (n);
+  sink (p + n, 0);  // { dg-bogus "\\\[-Wuninitialized" }
+}
+

Re: [PATCH] correct uninitialized object offset and size computation [PR101494]

[Jeff Law]

On 7/22/2021 3:58 PM, Martin Sebor via Gcc-patches wrote:
> The code that computes the size of an access to an object in
> -Wuninitialized is limited to declared objects and so doesn't
> apply to allocated objects, and doesn't correctly account for
> an offset into the object and the access size.  This causes
> false positives.
>
> The attached fix tested on x86_64-linux corrects this.
>
> Martin
>
> gcc-101494.diff
>
> Correct uninitialized object offset and size computation [PR101494].
>
> Resolves:
> PR middle-end/101494 - -uninitialized false alarm with memrchr of size 0
>
> gcc/ChangeLog:
>
> 	PR middle-end/101494
> 	* tree-ssa-uninit.c (builtin_call_nomodifying_p):
> 	(check_defs):
> 	(maybe_warn_operand):
>
> gcc/testsuite/ChangeLog:
>
> 	PR middle-end/101494
> 	* gcc.dg/uninit-38.c:
> 	* gcc.dg/uninit-41.c: New test.
> 	* gcc.dg/uninit-pr101494.c: New test.
OK once you complete the ChangeLog entry for the tree-ssa-uninit.c 
change.  Note this change only modifies maybe_warn_operand.

jeff

Re: [PATCH] correct uninitialized object offset and size computation [PR101494]

[Martin Sebor]

On 7/23/21 10:39 AM, Jeff Law wrote:
> 
> 
> On 7/22/2021 3:58 PM, Martin Sebor via Gcc-patches wrote:
>> The code that computes the size of an access to an object in
>> -Wuninitialized is limited to declared objects and so doesn't
>> apply to allocated objects, and doesn't correctly account for
>> an offset into the object and the access size.  This causes
>> false positives.
>>
>> The attached fix tested on x86_64-linux corrects this.
>>
>> Martin
>>
>> gcc-101494.diff
>>
>> Correct uninitialized object offset and size computation [PR101494].
>>
>> Resolves:
>> PR middle-end/101494 - -uninitialized false alarm with memrchr of size 0
>>
>> gcc/ChangeLog:
>>
>> 	PR middle-end/101494
>> 	* tree-ssa-uninit.c (builtin_call_nomodifying_p):
>> 	(check_defs):
>> 	(maybe_warn_operand):
>>
>> gcc/testsuite/ChangeLog:
>>
>> 	PR middle-end/101494
>> 	* gcc.dg/uninit-38.c:
>> 	* gcc.dg/uninit-41.c: New test.
>> 	* gcc.dg/uninit-pr101494.c: New test.
> OK once you complete the ChangeLog entry for the tree-ssa-uninit.c 
> change.  Note this change only modifies maybe_warn_operand.

Whoops.  Fixed and pushed in r12-2583.

Martin