Bug 104576 - False positive from -Wanalyzer-use-of-uninitialized-value from PR 63311
Summary: False positive from -Wanalyzer-use-of-uninitialized-value from PR 63311
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: analyzer (show other bugs)
Version: 12.0
: P3 normal
Target Milestone: ---
Assignee: David Malcolm
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-02-16 22:47 UTC by David Malcolm
Modified: 2023-10-25 22:46 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Malcolm 2022-02-16 22:47:33 UTC
The reproducers for PR 63311, both Fortran and C (attachment 33852 [details]) currently generate false positives from -Wanalyzer-use-of-uninitialized-value when optimization is off (and they are silent when optimization is on).

It seems to be an issue with -fanalyzer thinking that __builtin_sinf could clobber *flag (which presumably it can't, being pure or const), thus allowing for the "flag is false" branch to skip initialization of t and tt, and then later executing the "flag is true" branch.
Comment 1 David Malcolm 2022-02-16 22:51:31 UTC
Potentially just a dup of PR analyzer/104434, but there might be additional issues with the reproducer.
Comment 2 GCC Commits 2022-02-17 02:41:43 UTC
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:5fbcbcaff7248604e04b39464f4fbd64fbf6e43b

commit r12-7270-g5fbcbcaff7248604e04b39464f4fbd64fbf6e43b
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Feb 16 18:21:58 2022 -0500

    analyzer: const functions have no side effects [PR104576]
    
    PR analyzer/104576 tracks that we issue a false positive from
    -Wanalyzer-use-of-uninitialized-value for the reproducers of PR 63311
    when optimization is disabled.
    
    The root cause is that the analyzer was considering that a call to
    __builtin_sinf could have side-effects.
    
    This patch fixes things by generalizing the handling for "pure"
    functions to also consider "const" functions.
    
    gcc/analyzer/ChangeLog:
            PR analyzer/104576
            * region-model.cc: Include "calls.h".
            (region_model::on_call_pre): Use flags_from_decl_or_type to
            generalize check for DECL_PURE_P to also check for ECF_CONST.
    
    gcc/testsuite/ChangeLog:
            PR analyzer/104576
            * gcc.dg/analyzer/torture/uninit-pr63311.c: New test.
            * gcc.dg/analyzer/uninit-pr104576.c: New test.
            * gfortran.dg/analyzer/uninit-pr63311.f90: New test.
    
    Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Comment 3 David Malcolm 2022-02-17 13:28:00 UTC
Should be fixed by the above patch.

(In reply to David Malcolm from comment #1)
> Potentially just a dup of PR analyzer/104434, but there might be additional
> issues with the reproducer.

Not quite: this one covers "const" functions not having side-effects, whereas PR analyzer/104434 concerns the return values of const/pure functions.