From: Willy Tarreau <w@1wt.eu>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Kernel development list <linux-kernel@vger.kernel.org>
Subject: Re: GCC not detecting use of uninitialized variable?
Date: Thu, 28 Oct 2021 04:35:54 +0200 [thread overview]
Message-ID: <20211028023554.GA14193@1wt.eu> (raw)
In-Reply-To: <20211028014731.GA1337521@rowland.harvard.edu>
On Wed, Oct 27, 2021 at 09:47:31PM -0400, Alan Stern wrote:
> On Wed, Oct 27, 2021 at 10:48:31PM +0200, Willy Tarreau wrote:
> > On Wed, Oct 27, 2021 at 04:12:49PM -0400, Alan Stern wrote:
> > > The following code does not generate a warning when compiled with GCC
> > > 11.2.1:
> > >
> > >
> > > int foo;
> > >
> > > void cc_test(void)
> > > {
> > > int a, b;
> > >
> > > a = 0;
> > > a = READ_ONCE(foo); // Should be: b = READ_ONCE(foo)
> > > do {
> > > a += b;
> > > b = READ_ONCE(foo);
> > > } while (a > 0);
> > > WRITE_ONCE(foo, a);
> > > }
> > >
> > >
> > > But if the loop is changed to execute only once -- replace the while
> > > test with "while (0)" -- then gcc does warn about the uninitialized use
> > > of b.
> > >
> > > Is this a known problem with gcc? Is it being too conservative about
> > > detecting uses of uninitialized variables?
> >
> > I already had similar issues not being detected in loops. I guess the
> > reason is simple: it might not be trivial for the compiler to prove
> > that the value was not set on any path leading to the first use,
> > because one of these paths is the loop itself after the instruction was
> > assigned. I've been so much used to it that I think it has always been
> > there and I can live with it.
>
> Well, in this case there's only one path leading to the first use, since
> the path that is the loop itself will never be the first use. It seems
> like a rather surprising oversight.
For the first iteration yes but not the next ones. And each time I met
a similar bug not being detected it was exactly in this situation. For
example the warning about "variable X is set but not used" tends to
disappear in such loops:
extern int blah();
int ret()
{
int a;
do { a = 1; } while (blah());
return 0;
}
says "variable 'a' is set but not used". Just change "a=1" to "a++" and
it disappears:
extern int blah();
int ret()
{
int a;
do { a++; } while (blah());
return 0;
}
And the asm code shows that the a++ code is optimized away, explaining
why there is no "may be used uninitialized" while it appears if you
return a instead of 0.
With that said, it could also depend on the gcc version and/or some
kernel options, as gcc-7, 8 and 9 do emit the warning for me on your
code when I build it by hand. You may want to double-check this
aspect before asking GCC people.
Willy
next prev parent reply other threads:[~2021-10-28 2:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 20:12 GCC not detecting use of uninitialized variable? Alan Stern
2021-10-27 20:48 ` Willy Tarreau
2021-10-28 1:47 ` Alan Stern
2021-10-28 2:35 ` Willy Tarreau [this message]
2021-10-28 15:24 ` Alan Stern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211028023554.GA14193@1wt.eu \
--to=w@1wt.eu \
--cc=linux-kernel@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox