https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87315
Bug ID: 87315
Summary: uninitialized read from memory returned by malloc not
eliminated, no warning
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The test case below is undefined because the memory returned by malloc is
uninitialized. The read access to the memory should be diagnosed. In
addition, GCC could (and arguably should) also eliminate the test since the
memory returned from malloc cannot contain valid pointers (as documented in the
attribute malloc section of GCC manual: "the pointer returned by the function
cannot alias any other pointer valid when the function returns").
As a data point, Clang folds the test to true and replaces the body of the
function with the call to abort().
$ cat x.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout x.c
void f (void)
{
void **p = __builtin_malloc (sizeof (void*));
if (*p == p)
__builtin_abort ();
}
;; Function f (f, funcdef_no=0, decl_uid=1906, cgraph_uid=1, symbol_order=0)
f ()
{
void * * p;
void * _1;
<bb 2> [local count: 1073741824]:
p_4 = __builtin_malloc (8);
_1 = *p_4;
if (_1 == p_4)
goto <bb 3>; [0.00%]
else
goto <bb 4>; [99.96%]
<bb 3> [count: 0]:
__builtin_abort ();
<bb 4> [local count: 1073312328]:
return;
}
