https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117262
Bug ID: 117262
Summary: [15 regression] Analyzer doesn't handle RAW_DATA_CST
properly
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Keywords: testsuite-fail, wrong-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: jakub at gcc dot gnu.org
CC: ams at gcc dot gnu.org, burnus at gcc dot gnu.org,
dmalcolm at gcc dot gnu.org, jakub at gcc dot gnu.org,
sjames at gcc dot gnu.org, tschwinge at gcc dot gnu.org,
unassigned at gcc dot gnu.org
Depends on: 117229
Target Milestone: ---
Target: GCN
+++ This bug was initially created as a clone of Bug #117229 +++
int
main ()
{
const unsigned char meow_bytes[] = {
0x69, 0x6e, 0x74, 0x0a, 0x6d, 0x61, 0x69, 0x6e, 0x20, 0x28, 0x29, 0x0a,
0x7b, 0x0a, 0x20, 0x20, 0x63, 0x6f, 0x6e, 0x73, 0x74, 0x20, 0x75, 0x6e,
0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x20, 0x63, 0x68, 0x61, 0x72, 0x20,
0x6d, 0x65, 0x6f, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5b, 0x5d,
0x20, 0x3d, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20,
0x7d, 0x3b, 0x0a, 0x20, 0x20, 0x73, 0x68, 0x6f, 0x72, 0x74, 0x20, 0x6d,
};
short meow[sizeof (meow_bytes) / sizeof (short)] = {};
for (int i = 0; i < (int) (sizeof (meow) / sizeof (short)); i++)
meow[i] = (meow_bytes[i * 2] << 8) | meow_bytes[i * 2 + 1];
if (meow[0] != (0x69 << 8) + 0x6e)
__builtin_abort ();
}
./cc1 -quiet -fdump-tree-gimple embed-1.c -fdump-rtl-expand
-fdump-tree-optimized -fanalyzer
embed-1.c: In function ‘main’:
embed-1.c:14:52: warning: use of uninitialized value ‘meow_bytes[<unknown>]’
[CWE-457] [-Wanalyzer-use-of-uninitialized-value]
14 | meow[i] = (meow_bytes[i * 2] << 8) | meow_bytes[i * 2 + 1];
| ~~~~~~~~~~^~~~~~~~~~~
‘main’: events 1-4
4 | const unsigned char meow_bytes[] = {
| ^~~~~~~~~~
| |
| (1) region created on stack here
......
13 | for (int i = 0; i < (int) (sizeof (meow) / sizeof (short)); i++)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| (2) following ‘true’ branch (when ‘i <= 35’)...
─>─┐
|
│
|
│
|┌───────────────────────────────────────────────────────────────────────┘
14 |│ meow[i] = (meow_bytes[i * 2] << 8) | meow_bytes[i * 2 + 1];
|│ ~~~~~ ~~~~~~~~~~~~~~~~~~~~~
|│ | |
|└───────────────────────────>(3) ...to here (4) ⚠️ use of
uninitialized value ‘meow_bytes[<unknown>]’ here
This is false positive, something in the analyzer needs to be taught that if a
CONSTRUCTOR elt is RAW_DATA_CST, then that defines not just one element at the
specified index, but RAW_DATA_LENGTH elements. And ideally not by constructing
some data representation for each of the bytes, because one of the points of
RAW_DATA_CST is that it is potentially huge data blob and copying it all around
might not make the program compilable at all. So, one needs to think of
RAW_DATA_CST as up to 2GB long series of bytes.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117229
[Bug 117229] [15 regression] "libcpp, c, middle-end: Optimize initializers
using #embed in C" vs. GCN '-march=gfx908'
