PR analyzer/104274 reports a false positive from
-Wanalyzer-use-of-uninitialized-value on hppa when passing
an empty struct as a function parameter.
pa_pass_by_reference returns true for empty structs, so the
call is turned into:
struct empty arg.0;
arg.0 = arg
called_function (arg.0);
by gimplify_parameters.
However, gimplify_modify_expr discards assignments statments
of empty types, so that we end up with:
struct empty arg.0;
called_function (arg.0);
which the analyzer considers to be a use of uninitialized "arg.0";
Given that gimplify_modify_expr will discard any assignments to
such types, it seems simplest for -Wanalyzer-use-of-uninitialized-value
to ignore values of empty types.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r12-7199-gcc68ad87014a331399ccb2528db3bf47fabe6f72.
gcc/analyzer/ChangeLog:
PR analyzer/104274
* region-model.cc (region_model::check_for_poison): Ignore
uninitialized uses of empty types.
gcc/testsuite/ChangeLog:
PR analyzer/104274
* gcc.dg/analyzer/torture/empty-struct-1.c: New test.
Signed-off-by: David Malcolm <dmalc...@redhat.com>
---
gcc/analyzer/region-model.cc | 10 +++++++++-
.../gcc.dg/analyzer/torture/empty-struct-1.c | 18 ++++++++++++++++++
2 files changed, 27 insertions(+), 1 deletion(-)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/empty-struct-1.c
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index f8f19769258..e659cf03a86 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -843,13 +843,21 @@ region_model::check_for_poison (const svalue *sval,
if (const poisoned_svalue *poisoned_sval = sval->dyn_cast_poisoned_svalue ())
{
+ enum poison_kind pkind = poisoned_sval->get_poison_kind ();
+
+ /* Ignore uninitialized uses of empty types; there's nothing
+ to initialize. */
+ if (pkind == POISON_KIND_UNINIT
+ && sval->get_type ()
+ && is_empty_type (sval->get_type ()))
+ return sval;
+
/* If we have an SSA name for a temporary, we don't want to print
'<unknown>'.
Poisoned values are shared by type, and so we can't reconstruct
the tree other than via the def stmts, using
fixup_tree_for_diagnostic. */
tree diag_arg = fixup_tree_for_diagnostic (expr);
- enum poison_kind pkind = poisoned_sval->get_poison_kind ();
const region *src_region = NULL;
if (pkind == POISON_KIND_UNINIT)
src_region = get_region_for_poisoned_expr (expr);
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/empty-struct-1.c
b/gcc/testsuite/gcc.dg/analyzer/torture/empty-struct-1.c
new file mode 100644
index 00000000000..1f1c07a25f5
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/empty-struct-1.c
@@ -0,0 +1,18 @@
+struct empty {};
+
+struct empty g;
+
+extern void sink (struct empty e);
+
+void test_1 (struct empty a)
+{
+ sink (a); /* { dg-bogus "uninit" } */
+}
+void test_2 ()
+{
+ struct empty a, b;
+ b = a;
+ g = b;
+ sink (b); /* { dg-bogus "uninit" } */
+ /* ...as there's nothing to initialize. */
+}
--
2.26.3
