https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109628
Bug ID: 109628
Summary: -Wanalyzer-use-of-uninitialized-value false positive
on static storage
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: eggert at cs dot ucla.edu
Target Milestone: ---
Created attachment 54919
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54919&action=edit
compile with "gcc -fanalyzer -S" to reproduce the bug
I ran into this problem when compiling GNU coreutils fmt.c. This is with gcc
(GCC) 13.0.1 20230401 (Red Hat 13.0.1-0) on x86-64. Compile the attached
program with:
gzip -d u.i.gz
gcc -fanalyzer -S u.i
GCC outputs the following diagnostic which is a false positive because 'this'
points to the static array unused_word_type, and static storage by definition
is initialized.
u.i: In function ‘base_cost’:
u.i:5950:7: warning: use of uninitialized value ‘((unsigned
char*)&*this)[16]’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
5950 | if (this->paren)
| ^~~~
‘fmt_paragraph’: events 1-4
|
| 5894 | fmt_paragraph (void)
| | ^~~~~~~~~~~~~
| | |
| | (1) entry to ‘fmt_paragraph’
|......
| 5903 | for (start = word_limit - 1; start >= unused_word_type;
start--)
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) following ‘true’
branch...
| 5904 | {
| 5905 | best = ((COST) (! (! ((COST) 0 < (COST) -1)) ?
(COST) -1 : ((((COST) 1 << ((sizeof (COST) * 8
| |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
| 5906 | ) - 2)) - 1) * 2 + 1)));
| | ~~~~~~~~~~~~~~~~~~~~~~~
|......
| 5913 | wcost = line_cost (w, len) + w->best_cost;
| | ~~~~~~~~~~~~~~~~~~
| | |
| | (4) calling ‘line_cost’ from
‘fmt_paragraph’
|
+--> ‘line_cost’: events 5-7
|
| 5957 | line_cost (WORD *next, int len)
| | ^~~~~~~~~
| | |
| | (5) entry to ‘line_cost’
|......
| 5961 | if (next == word_limit)
| | ~
| | |
| | (6) following ‘true’ branch...
| 5962 | return 0;
| | ~
| | |
| | (7) ...to here
|
<------+
|
‘fmt_paragraph’: events 8-9
|
| 5913 | wcost = line_cost (w, len) + w->best_cost;
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (8) returning to ‘fmt_paragraph’ from
‘line_cost’
|......
| 5922 | if (w == word_limit)
| | ~
| | |
| | (9) following ‘true’ branch...
|
‘fmt_paragraph’: event 10
|
|cc1:
| (10): ...to here
|
‘fmt_paragraph’: event 11
|
| 5927 | start->best_cost = best + base_cost (start);
| | ^~~~~~~~~~~~~~~~~
| | |
| | (11) calling ‘base_cost’
from ‘fmt_paragraph’
|
+--> ‘base_cost’: events 12-13
|
| 5932 | base_cost (WORD *this)
| | ^~~~~~~~~
| | |
| | (12) entry to ‘base_cost’
|......
| 5950 | if (this->paren)
| | ~~~~
| | |
| | (13) use of uninitialized value ‘((unsigned
char*)&*this)[16]’ here
|
