[PATCH] handle sanitizer built-ins in -Wuninitialized (PR 101300)

[Martin Sebor <msebor@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 489 bytes --]

To avoid a class of false negatives for sanitized code
-Wuninitialized recognizes the ASAN_MARK internal function
doesn't modify its argument.  But the warning code doesn't do
the same for any sanitizer built-ins even though they don't
modify user-supplied arguments either.  This leaves another
class of false negatives unresolved.

The attached fix enhances the warning logic to recognize all
sanitizer built-ins as well and treat them as non-modifying.

Tested on x86_64-linux.

Martin

[-- Attachment #2: gcc-101300.diff --]
[-- Type: text/x-patch, Size: 2987 bytes --]

PR middle-end/101300 - -fsanitize=undefined suppresses -Wuninitialized for a VLA read at -O0

gcc/ChangeLog:

	* tree-ssa-uninit.c (check_defs): Handle UBSAN built-ins.

gcc/testsuite/ChangeLog:

	* gcc.dg/uninit-pr101300.c: New test.

diff --git a/gcc/tree-ssa-uninit.c b/gcc/tree-ssa-uninit.c
index 99442d7f975..dfcb7aba7c1 100644
--- a/gcc/tree-ssa-uninit.c
+++ b/gcc/tree-ssa-uninit.c
@@ -228,9 +228,26 @@ check_defs (ao_ref *ref, tree vdef, void *data_)
   gimple *def_stmt = SSA_NAME_DEF_STMT (vdef);
 
   /* The ASAN_MARK intrinsic doesn't modify the variable.  */
-  if (is_gimple_call (def_stmt)
-      && gimple_call_internal_p (def_stmt, IFN_ASAN_MARK))
-    return false;
+  if (is_gimple_call (def_stmt))
+    {
+      if (gimple_call_internal_p (def_stmt)
+         && gimple_call_internal_fn (def_stmt) == IFN_ASAN_MARK)
+       return false;
+
+      if (tree fndecl = gimple_call_fndecl (def_stmt))
+       {
+         /* Some sanitizer calls pass integer arguments to built-ins
+            that expect pointets. Avoid using gimple_call_builtin_p()
+            which fails for such calls.  */
+         if (DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
+           {
+             built_in_function fncode = DECL_FUNCTION_CODE (fndecl);
+             if (fncode > BEGIN_SANITIZER_BUILTINS
+                 && fncode < END_SANITIZER_BUILTINS)
+               return false;
+           }
+       }
+    }
 
   /* End of VLA scope is not a kill.  */
   if (gimple_call_builtin_p (def_stmt, BUILT_IN_STACK_RESTORE))
diff --git a/gcc/testsuite/gcc.dg/uninit-pr101300.c b/gcc/testsuite/gcc.dg/uninit-pr101300.c
new file mode 100644
index 00000000000..4392e8bae4f
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/uninit-pr101300.c
@@ -0,0 +1,53 @@
+/* PR middle-end/101300 - -fsanitize=undefined suppresses -Wuninitialized
+   for a VLA read at -O0
+   { dg-do compile }
+   { dg-options "-O0 -Wall -fsanitize=undefined" } */
+
+int warn_vla_rd0 (int n)
+{
+  char a[n];
+  return a[0];      // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+int warn_vla_rd1 (int n)
+{
+  char a[n];
+  return a[1];      // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+int warn_vla_rdi (int n, int i)
+{
+  char a[n];
+  return a[i];      // { dg-warning "\\\[-Wuninitialized]" }
+}
+
+
+int warn_vla_wr0_rd2_1_0 (int n)
+{
+  char a[n];
+  a[0] = __LINE__;
+  int x = a[2];     // { dg-warning "\\\[-Wuninitialized]" }
+  int y = a[1];     // { dg-warning "\\\[-Wuninitialized]" }
+  int z = a[0];
+  return x + y + z;
+}
+
+int warn_vla_wr1_rd2_1_0 (int n)
+{
+  char a[n];
+  a[1] = __LINE__;
+  int x = a[2];     // { dg-warning "\\\[-Wuninitialized]" }
+  int y = a[1];
+  int z = a[0];     // { dg-warning "\\\[-Wuninitialized]" }
+  return x + y + z;
+}
+
+int warn_vla_wr2_rd2_1_0 (int n)
+{
+  char a[n];
+  a[2] = __LINE__;
+  int x = a[2];
+  int y = a[1];     // { dg-warning "\\\[-Wuninitialized]" }
+  int z = a[0];     // { dg-warning "\\\[-Wuninitialized]" }
+  return x + y + z;
+}