Consider: int foo (int i) { int t[1], u[1]; int n = 0; if (i) { t[n] = i; u[0] = i; } return t[0] + u[0]; } With gcc (Debian 20170823-1) 8.0.0 20170823 (experimental) [trunk revision 251306], I get: zira% gcc-snapshot -Wmaybe-uninitialized -O2 -c tst.c -fsanitize=undefined tst.c: In function 'foo': tst.c:12:15: warning: 'u[0]' may be used uninitialized in this function [-Wmaybe-uninitialized] return t[0] + u[0]; ~~~~~^~~~~~ zira% gcc-snapshot -Wmaybe-uninitialized -O2 -c tst.c tst.c: In function 'foo': tst.c:12:15: warning: 'u[0]' may be used uninitialized in this function [-Wmaybe-uninitialized] return t[0] + u[0]; ~~~~~^~~~~~ tst.c:12:15: warning: 't[0]' may be used uninitialized in this function [-Wmaybe-uninitialized] i.e. with -fsanitize=undefined, I do not get the warning on t[0]. This is a regression. No such problem with GCC 7.2.0, 6.4.0 and 5.4.1.
Started with r250656.
Looks like the problem is that since that revision in .uninit there's UBSAN_PTR (&t, 0); and so the warning probably thinks that t escapes and so doesn't warn.
Created attachment 42080 [details] gcc8-pr81981.patch Untested fix.
Author: jakub Date: Mon Sep 4 08:11:44 2017 New Revision: 251641 URL: https://gcc.gnu.org/viewcvs?rev=251641&root=gcc&view=rev Log: PR sanitizer/81981 * gimple-fold.c (gimple_fold_call): Optimize away useless UBSAN_PTR and UBSAN_BOUNDS internal calls. Clean up IFN_UBSAN_OBJECT_SIZE handling. Use replace_call_with_value with NULL instead of gsi_replace, unlink_stmt_vdef and release_defs. * gcc.dg/ubsan/pr81981.c: New test. Added: trunk/gcc/testsuite/gcc.dg/ubsan/pr81981.c Modified: trunk/gcc/ChangeLog trunk/gcc/gimple-fold.c trunk/gcc/testsuite/ChangeLog
Fixed.
.
This has come back with r12-4625 (the fix for pr102681).
Fixed, Open PR 110896 for the new issue and for the xfail testcase. Note the issue there is unrelated to -fsanitize=undefined which is why I opened a new bug report.
Note, however, that there is a small regression in GCC 11: the warning for t is output as expected, but if -fsanitize=undefined is given, the message for t is suboptimal, saying "*&t[0]" instead of "t[0]": zira:~> gcc-11 -Wmaybe-uninitialized -O2 -c tst.c -fsanitize=undefined tst.c: In function ‘foo’: tst.c:12:15: warning: ‘*&t[0]’ may be used uninitialized in this function [-Wmaybe-uninitialized] 12 | return t[0] + u[0]; | ~~~~~^~~~~~ tst.c:12:15: warning: ‘u[0]’ may be used uninitialized in this function [-Wmaybe-uninitialized] No such issue without -fsanitize=undefined: zira:~> gcc-11 -Wmaybe-uninitialized -O2 -c tst.c tst.c: In function ‘foo’: tst.c:12:15: warning: ‘u[0]’ may be used uninitialized in this function [-Wmaybe-uninitialized] 12 | return t[0] + u[0]; | ~~~~~^~~~~~ tst.c:12:15: warning: ‘t[0]’ may be used uninitialized in this function [-Wmaybe-uninitialized] It is impossible to say whether this is fixed in GCC 12 and later, because of PR 110896, i.e. the warning is always missing.