analyzer: ignore uninitialized uses of empty types [PR104274]

PR analyzer/104274 reports a false positive from
-Wanalyzer-use-of-uninitialized-value on hppa when passing
an empty struct as a function parameter.

pa_pass_by_reference returns true for empty structs, so the
call is turned into:

  struct empty arg.0;
  arg.0 = arg
  called_function (arg.0);

by gimplify_parameters.

However, gimplify_modify_expr discards assignments statments
of empty types, so that we end up with:

  struct empty arg.0;
  called_function (arg.0);

which the analyzer considers to be a use of uninitialized "arg.0";

Given that gimplify_modify_expr will discard any assignments to
such types, it seems simplest for -Wanalyzer-use-of-uninitialized-value
to ignore values of empty types.

gcc/analyzer/ChangeLog:
	PR analyzer/104274
	* region-model.cc (region_model::check_for_poison): Ignore
	uninitialized uses of empty types.

gcc/testsuite/ChangeLog:
	PR analyzer/104274
	* gcc.dg/analyzer/torture/empty-struct-1.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index f8f1976..e659cf0 100644 (file)
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -843,13 +843,21 @@ region_model::check_for_poison (const svalue *sval,
 
   if (const poisoned_svalue *poisoned_sval = sval->dyn_cast_poisoned_svalue ())
     {
+      enum poison_kind pkind = poisoned_sval->get_poison_kind ();
+
+      /* Ignore uninitialized uses of empty types; there's nothing
+        to initialize.  */
+      if (pkind == POISON_KIND_UNINIT
+         && sval->get_type ()
+         && is_empty_type (sval->get_type ()))
+       return sval;
+
       /* If we have an SSA name for a temporary, we don't want to print
         '<unknown>'.
         Poisoned values are shared by type, and so we can't reconstruct
         the tree other than via the def stmts, using
         fixup_tree_for_diagnostic.  */
       tree diag_arg = fixup_tree_for_diagnostic (expr);
-      enum poison_kind pkind = poisoned_sval->get_poison_kind ();
       const region *src_region = NULL;
       if (pkind == POISON_KIND_UNINIT)
        src_region = get_region_for_poisoned_expr (expr);

diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/empty-struct-1.c b/gcc/testsuite/gcc.dg/analyzer/torture/empty-struct-1.c
new file mode 100644 (file)
index 0000000..1f1c07a
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/empty-struct-1.c
@@ -0,0 +1,18 @@
+struct empty {};
+
+struct empty g;
+
+extern void sink (struct empty e);
+
+void test_1 (struct empty a)
+{
+  sink (a); /* { dg-bogus "uninit" } */
+}
+void test_2 ()
+{
+  struct empty a, b;
+  b = a;
+  g = b;
+  sink (b); /* { dg-bogus "uninit" } */
+  /* ...as there's nothing to initialize.  */
+}