https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87315
Bug ID: 87315 Summary: uninitialized read from memory returned by malloc not eliminated, no warning Product: gcc Version: 9.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- The test case below is undefined because the memory returned by malloc is uninitialized. The read access to the memory should be diagnosed. In addition, GCC could (and arguably should) also eliminate the test since the memory returned from malloc cannot contain valid pointers (as documented in the attribute malloc section of GCC manual: "the pointer returned by the function cannot alias any other pointer valid when the function returns"). As a data point, Clang folds the test to true and replaces the body of the function with the call to abort(). $ cat x.c && gcc -O2 -S -Wall -fdump-tree-optimized=/dev/stdout x.c void f (void) { void **p = __builtin_malloc (sizeof (void*)); if (*p == p) __builtin_abort (); } ;; Function f (f, funcdef_no=0, decl_uid=1906, cgraph_uid=1, symbol_order=0) f () { void * * p; void * _1; <bb 2> [local count: 1073741824]: p_4 = __builtin_malloc (8); _1 = *p_4; if (_1 == p_4) goto <bb 3>; [0.00%] else goto <bb 4>; [99.96%] <bb 3> [count: 0]: __builtin_abort (); <bb 4> [local count: 1073312328]: return; }