Created attachment 21904 [details] example of bug GCC warns when returning a local variable address within a function but not within a statement expression.
Created attachment 21905 [details] example of bug 2
Created attachment 21906 [details] example of bug 3
The web form truncates all my attachedments at 244 bytes. Here is the source inline: /* * GCC warns about returning a local variable address within a function but not * within a statement expression: * * $ gcc statement_expression_return_local.c -c -Wall * statement_expression_return_local.c: In function ‘function_return_local’: * statement_expression_return_local.c:13: warning: function returns address of local variable */ int *function_return_local(void) { int x = 0; return &x; } int *statement_expression_return_local(void) { int *y = ({ int x = 0; &x; }); return y; }
(In reply to Andrew Gaul from comment #3) > int *function_return_local(void) > { > int x = 0; > return &x; > } > > int *statement_expression_return_local(void) > { > int *y = ({ > int x = 0; > &x; > }); > return y; > } We now warn at -O2: test.c:14:10: warning: function returns address of local variable [-Wreturn-local-addr] return y; ^ test.c:11:11: note: declared here int x = 0; ^ but only because we return y. For this testcase, int statement_expression_return_local(void) { int *y = ({ int x = 0; &x; }); return *y; } we get: test.c:14:10: warning: ‘x’ is used uninitialized in this function [-Wuninitialized] return *y; ^ which is a bit confusing (and not the same warning). Possibly related to 60517. it would be good to add the testcase
cc-ing diagnostic messages maintainers
(In reply to Manuel López-Ibáñez from comment #4) > (In reply to Andrew Gaul from comment #3) > > int *function_return_local(void) > > { > > int x = 0; > > return &x; > > } > > > > int *statement_expression_return_local(void) > > { > > int *y = ({ > > int x = 0; > > &x; > > }); > > return y; > > } > > We now warn at -O2: > > test.c:14:10: warning: function returns address of local variable > [-Wreturn-local-addr] > return y; > ^ > test.c:11:11: note: declared here > int x = 0; > ^ > > but only because we return y. For this testcase, > > int statement_expression_return_local(void) > { > int *y = ({ > int x = 0; > &x; > }); > return *y; > } > > we get: > > test.c:14:10: warning: ‘x’ is used uninitialized in this function > [-Wuninitialized] > return *y; > ^ > > which is a bit confusing (and not the same warning). It'd be good to get it from the same warning, so I'm making this block the -Wreturn-local-addr meta-bug > > Possibly related to 60517. > it would be good to add the testcase
A more compact example: #include <stdio.h> int * aaa() {return ({int a = 2; &a;});} // no warning unless -O2 int * bbb() { int b = 3; return &b;} // warning int main(void) {int *a = aaa(), *b = bbb(); fprintf(stderr, "AAAA %d\n", *a); fprintf(stderr, "BBBB %d\n", *b); return 0; } // AAAA 3 // Segmentation fault (core dumped) Please provide the warning for line 2 (aaa) regardless of the level of optimization?