diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2023-02-07 16:10:20 -0500 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2023-02-07 16:10:20 -0500 |
| commit | c300e251f5b22d15b126f3c643cd55a119994e48 (patch) | |
| tree | 0783876513f134e843560857ec62015d3048882d /libiberty/xmemdup.c | |
| parent | c36f3da534e7f411c5bc48c5b6b660e238167480 (diff) | |
| download | gcc-c300e251f5b22d15b126f3c643cd55a119994e48.zip gcc-c300e251f5b22d15b126f3c643cd55a119994e48.tar.gz gcc-c300e251f5b22d15b126f3c643cd55a119994e48.tar.bz2 | |
analyzer: fix -Wanalyzer-use-of-uninitialized-value false +ve on "read" [PR108661]
My integration testing shows many false positives from
-Wanalyzer-use-of-uninitialized-value.
One cause turns out to be that as of r13-1404-g97baacba963c06
fd_state_machine::on_stmt recognizes calls to "read", and returns true,
so that region_model::on_call_post doesn't call handle_unrecognized_call
on them, and so the analyzer erroneously "thinks" that the buffer
pointed to by "read" is never touched by the "read" call.
This works for "fread" because sm-file.cc implements kf_fread, which
handles calls to "fread" by clobbering the buffer pointed to. In the
long term we should probably be smarter about this and bifurcate the
analysis to consider e.g. errors vs full reads vs partial reads, etc
(which I'm tracking in PR analyzer/108689).
In the meantime, this patch adds a kf_read for "read" analogous to the
one for "fread", fixing 6 false positives seen in git-2.39.0 and
2 in haproxy-2.7.1.
gcc/analyzer/ChangeLog:
PR analyzer/108661
* sm-fd.cc (class kf_read): New.
(register_known_fd_functions): Register "read".
* sm-file.cc (class kf_fread): Update comment.
gcc/testsuite/ChangeLog:
PR analyzer/108661
* gcc.dg/analyzer/fread-pr108661.c: New test.
* gcc.dg/analyzer/read-pr108661.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'libiberty/xmemdup.c')
0 files changed, 0 insertions, 0 deletions