[Bug middle-end/95681] New: False positive uninitialized variable usage in decNumberCompareTotalMag

stefansf at linux dot ibm.com gcc-bugzilla@gcc.gnu.org
Mon Jun 15 13:54:46 GMT 2020 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95681

            Bug ID: 95681
           Summary: False positive uninitialized variable usage in
                    decNumberCompareTotalMag
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Keywords: build, diagnostic
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: stefansf at linux dot ibm.com
  Target Milestone: ---
            Target: s390

The following error/warning shows up on S/390 while bootstrapping:

libdecnumber/decNumber.c: In function 'decNumberCompareTotalMag':
libdecnumber/decNumber.c:953:14: error: '*(allocbufa).bits' may be used
uninitialized [-Werror=maybe-uninitialized]
  953 |       a->bits&=~DECNEG;   /* .. and clear the sign */
      |              ^~
libdecnumber/decNumber.c:967:14: error: '*(allocbufb).bits' may be used
uninitialized [-Werror=maybe-uninitialized]
  967 |       b->bits&=~DECNEG;   /* .. and clear the sign */
      |              ^~

The part of interest is:

if (decNumberIsNegative(lhs)) {     /* lhs<0 */
  a=bufa;
  needbytes=sizeof(decNumber)+(D2U(lhs->digits)-1)*sizeof(Unit);
  if (needbytes>sizeof(bufa)) {     /* need malloc space */
    allocbufa=(decNumber *)malloc(needbytes);
    if (allocbufa==NULL) {          /* hopeless -- abandon */
      status|=DEC_Insufficient_storage;
      break;}
    a=allocbufa;                    /* use the allocated space */
    }
  decNumberCopy(a, lhs);            /* copy content */
  a->bits&=~DECNEG;                 /* .. and clear the sign */
  lhs=a;                            /* use copy from here on */
  }

While calling `decNumberCopy` variable `a` either points to `bufa` or to
`allocbufa`. Since `bufa` and `allocbufa` are both allocated inside function
`decNumberCompareTotalMag` and argument `lhs` is not changed, it is guaranteed
that `a != lhs` holds prior call `decNumberCopy(a, lhs)`. Function
`decNumberCopy` initializes `a->bits`, if `a != lhs` holds. Since this is the
case here, no warning should be printed.

Note, no warning is printed if `dest->bits=src->bits;` is shifted above `if
(dest==src) return dest;` of function `decNumberCopy` which endorses that this
is a false positive resulting from a wrong assumption that `a == lhs` may hold.

Analogous for the second warning/error which speaks about variable `b`.

More information about the Gcc-bugs mailing list