https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115089
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> --- FWIW, adding -fno-analyzer-state-merge makes it find the issue; see https://godbolt.org/z/Ecfe9oqjv <source>: In function 'main': <source>:16:16: warning: use of uninitialized value 'x' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 16 | return x; // maybe uninitialized use | ^ 'main': events 1-4 | | 11 | main(void) | | ^~~~ | | | | | (1) entry to 'main' | 12 | { | 13 | int x; | | ~ | | | | | (2) region created on stack here | | (3) capacity: 4 bytes | 14 | | 15 | g(&x); | | ~~~~~ | | | | | (4) calling 'g' from 'main' | +--> 'g': events 5-7 | | 4 | g(int *x) | | ^ | | | | | (5) entry to 'g' | 5 | { | 6 | if (arc4random() % 2) | | ~ | | | | | (6) following 'false' branch... | 7 | *x = 42; | 8 | } | | ~ | | | | | (7) ...to here | <------+ | 'main': events 8-9 | | 15 | g(&x); | | ^~~~~ | | | | | (8) returning to 'main' from 'g' | 16 | return x; // maybe uninitialized use | | ~ | | | | | (9) use of uninitialized value 'x' here | Compiler returned: 0 Looks like we might be a bit overzealous about merging states with initialized vs uninitialized values for variables.
