[Bug analyzer/105273] -Wanalyzer-use-of-uninitialized-value warns on "missing" default for switch when callers can be statically determined

cvs-commit at gcc dot gnu.org via Gcc-bugs Fri, 13 Jan 2023 14:52:40 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105273


--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>:

https://gcc.gnu.org/g:ccd4df81aa6537c3c935b026905f6e2fd839654e

commit r13-5159-gccd4df81aa6537c3c935b026905f6e2fd839654e
Author: David Malcolm <dmalc...@redhat.com>
Date:   Fri Jan 13 17:51:26 2023 -0500

    analyzer: add heuristics for switch on enum type [PR105273]

    Assume that switch on an enum doesn't follow an implicit default
    skipping all cases when all enum values are covered by cases.

    Fixes various false positives from -Wanalyzer-use-of-uninitialized-value
    such as this one seen in Doom:

    p_maputl.c: In function 'P_BoxOnLineSide':
    p_maputl.c:151:8: warning: use of uninitialized value 'p1' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
      151 |     if (p1 == p2)
          |        ^
      'P_BoxOnLineSide': events 1-5
        |
        |  115 |     int         p1;
        |      |                 ^~
        |      |                 |
        |      |                 (1) region created on stack here
        |      |                 (2) capacity: 4 bytes
        |......
        |  118 |     switch (ld->slopetype)
        |      |     ~~~~~~
        |      |     |
        |      |     (3) following 'default:' branch...
        |......
        |  151 |     if (p1 == p2)
        |      |        ~
        |      |        |
        |      |        (4) ...to here
        |      |        (5) use of uninitialized value 'p1' here
        |

    where "ld->slopetype" is a "slopetype_t" enum, and for every value of
    that enum the switch has a case that initializes "p1".

    gcc/analyzer/ChangeLog:
            PR analyzer/105273
            * region-model.cc (has_nondefault_case_for_value_p): New.
            (has_nondefault_cases_for_all_enum_values_p): New.
            (region_model::apply_constraints_for_gswitch): Skip
            implicitly-created "default" when switching on an enum
            and all enum values have non-default cases.
            (rejected_default_case::dump_to_pp): New.
            * region-model.h (region_model_context::possibly_tainted_p): New
            decl.
            (class rejected_default_case): New.
            * sm-taint.cc (region_model_context::possibly_tainted_p): New.
            * supergraph.cc (switch_cfg_superedge::dump_label_to_pp): Dump
            when implicitly_created_default_p.
            (switch_cfg_superedge::implicitly_created_default_p): New.
            * supergraph.h
            (switch_cfg_superedge::implicitly_created_default_p): New decl.

    gcc/testsuite/ChangeLog:
            PR analyzer/105273
            * gcc.dg/analyzer/switch-enum-1.c: New test.
            * gcc.dg/analyzer/switch-enum-2.c: New test.
            * gcc.dg/analyzer/switch-enum-pr105273-git-vreportf-2.c: New test.
            * gcc.dg/analyzer/switch-enum-taint-1.c: New test.
            * gcc.dg/analyzer/switch-wrong-enum.c: New test.
            * gcc.dg/analyzer/torture/switch-enum-pr105273-doom-p_floor.c: New
            test.
            * gcc.dg/analyzer/torture/switch-enum-pr105273-doom-p_maputl.c:
            New test.
            * gcc.dg/analyzer/torture/switch-enum-pr105273-git-vreportf-1.c:
            New test.

    Signed-off-by: David Malcolm <dmalc...@redhat.com>

[Bug analyzer/105273] -Wanalyzer-use-of-uninitialized-value warns on "missing" default for switch when callers can be statically determined

Reply via email to