https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69833
--- Comment #6 from Martin Liška <marxin at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #5)
> Something like:
> #!/bin/sh
> .../cc1plus -quiet ...opts... -fsanitize=address -Werror=maybe-uninitialized
> pr69833.ii 2>&1 | awk '/may be used uninitialized in this
> function/{seen=seen+1;next}/error:/{exit 1}END{if (seen != 1)exit 1}'
> if ! test $? == 0; then
> exit 1
> fi
> .../cc1plus -quiet ...opts... -fno-sanitize=address
> -Werror=maybe-uninitialized pr69833.ii 2>&1 | awk '/error:/{exit 1}'
> if ! test $? == 0; then
> exit 1
> fi
> ? For creduce, for delta replace pr69833.ii with $1 .
I use very similar script, btw. your's produces:
typedef struct tree_node *tree;
struct A {
tree type;
};
struct tree_node {
A typed;
};
tree a;
void fn1(tree);
void fn2() {
tree b;
if (a)
fn1((b->typed.type));
}
There's the difference in tree optimized dump:
w/o asan:
void fn2() ()
{
struct tree_node * b;
struct tree_node * a.0_3;
struct tree_node * _5;
<bb 2>:
a.0_3 = a;
if (a.0_3 != 0B)
goto <bb 3>;
else
goto <bb 4>;
<bb 3>:
_5 = b_4(D)->typed.type;
fn1 (_5); [tail call]
<bb 4>:
return;
}
w/ asan:
void fn2() ()
{
struct tree_node * b;
struct tree_node * a.0_3;
struct tree_node * _5;
struct tree_node * * _7;
unsigned long _9;
unsigned long _10;
unsigned long _11;
signed char * _12;
signed char _13;
<bb 2>:
a.0_3 = a;
if (a.0_3 != 0B)
goto <bb 3>;
else
goto <bb 6>;
<bb 3>:
_7 = &b_4(D)->typed.type;
_9 = (unsigned long) _7;
_10 = _9 >> 3;
_11 = _10 + 2147450880;
_12 = (signed char *) _11;
_13 = *_12;
if (_13 != 0)
goto <bb 4>;
else
goto <bb 5>;
<bb 4>:
__builtin___asan_report_load8 (_9);
<bb 5>:
_5 = b_4(D)->typed.type;
fn1 (_5); [tail call]
<bb 6>:
return;
}
Which is not a false positive as there's really missing an assignment to 'b'. I
will add dbg_cnt to asan emission..
M.
