[Bug analyzer/107582] - -Wanalyzer-use-of-uninitialized-value false positive using pthread_cond_timedwait
dimitri at ouroboros dot rocks
gcc-bugzilla@gcc.gnu.org
Tue Nov 8 21:10:20 GMT 2022
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107582
--- Comment #2 from dimitri at ouroboros dot rocks ---
I've run into a weird false positive for the analyzer that seems to only occur
with pthread_cond_timedwait.
Compile the test file using
gcc -c -fanalyzer test_if_else_pthread.c
This will work fine.
But if the while loop is enabled (which should be there in correct code):
gcc -c -fanalyzer test_if_else_pthread_fp.c
the following false-positive occurs:
| 38 | while (z == 0 && ret != ETIMEDOUT)
| | ^
| | |
| | (4) following ‘true’ branch...
| 39 | #endif
| 40 | ret = pthread_cond_timedwait(&cond, &mutex, &now);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
| 41 |
| 42 | if (ret != ETIMEDOUT)
| | ~
| | |
| | (6) following ‘false’ branch (when ‘ret == 110’)...
|
‘main’: event 7
|
| 45 | pthread_cleanup_pop(1);
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | (7) ...to here
|
‘main’: events 8-10
|
| 47 | if (ret == ETIMEDOUT)
| | ^
| | |
| | (8) following ‘false’ branch (when ‘ret != 110’)...
|......
| 50 | printf("x = %d\n", *x);
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) ...to here
| | (10) use of uninitialized value ‘x’ here
Obviously, ret == ETIMEDOUT and ret != ETIMEDOUT can't both be false.
I've tried writing a smaller example using mock functions that randomly return
ETIMEDOUT instead of pthread_cond_timeout and that did not reproduce the false
positive.
More information about the Gcc-bugs
mailing list