tree-ssa-uninit.cc source code [gcc/tree-ssa-uninit.cc]

1	/ Predicate aware uninitialized variable warning.*
2	Copyright (C) 2001-2024 Free Software Foundation, Inc.
3	Contributed by Xinliang David Li <davidxl@google.com>
4
5	This file is part of GCC.
6
7	GCC is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3, or (at your option)
10	any later version.
11
12	GCC is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with GCC; see the file COPYING3. If not see
19	<http://www.gnu.org/licenses/>. /*
20
21	#define INCLUDE_STRING
22	#include "config.h"
23	#include "system.h"
24	#include "coretypes.h"
25	#include "backend.h"
26	#include "tree.h"
27	#include "gimple.h"
28	#include "tree-pass.h"
29	#include "ssa.h"
30	#include "gimple-pretty-print.h"
31	#include "diagnostic-core.h"
32	#include "fold-const.h"
33	#include "gimple-iterator.h"
34	#include "tree-ssa.h"
35	#include "tree-cfg.h"
36	#include "cfghooks.h"
37	#include "attribs.h"
38	#include "builtins.h"
39	#include "calls.h"
40	#include "gimple-range.h"
41	#include "gimple-predicate-analysis.h"
42	#include "domwalk.h"
43	#include "tree-ssa-sccvn.h"
44	#include "cfganal.h"
45
46	/ This implements the pass that does predicate aware warning on uses of*
47	possibly uninitialized variables. The pass first collects the set of
48	possibly uninitialized SSA names. For each such name, it walks through
49	all its immediate uses. For each immediate use, it rebuilds the condition
50	expression (the predicate) that guards the use. The predicate is then
51	examined to see if the variable is always defined under that same condition.
52	This is done either by pruning the unrealizable paths that lead to the
53	default definitions or by checking if the predicate set that guards the
54	defining paths is a superset of the use predicate. /*
55
56	/ Pointer set of potentially undefined ssa names, i.e.,*
57	ssa names that are defined by phi with operands that
58	are not defined or potentially undefined. /*
59	static hash_set<tree> *possibly_undefined_names;
60	static hash_map<gphi , uninit_analysis::func_t::phi_arg_set_t> defined_args;
61
62	/ Returns the first bit position (starting from LSB)*
63	in mask that is non zero. Returns -1 if the mask is empty. /*
64	static int
65	get_mask_first_set_bit (unsigned mask)
66	{
67	int pos = `0`;
68	if (mask == `0`)
69	return -`1`;
70
71	while ((mask & (`1` << pos)) == `0`)
72	pos++;
73
74	return pos;
75	}
76	#define MASK_FIRST_SET_BIT(mask) get_mask_first_set_bit (mask)
77
78	/ Return true if T, an SSA_NAME, has an undefined value. /
79	static bool
80	has_undefined_value_p (tree t)
81	{
82	return (ssa_undefined_value_p (t)
83	\|\| (possibly_undefined_names
84	&& possibly_undefined_names->contains (k: t)));
85	}
86
87	/ Return true if EXPR should suppress either uninitialized warning. /
88
89	static inline bool
90	get_no_uninit_warning (tree expr)
91	{
92	return warning_suppressed_p (expr, OPT_Wuninitialized);
93	}
94
95	/ Suppress both uninitialized warnings for EXPR. /
96
97	static inline void
98	set_no_uninit_warning (tree expr)
99	{
100	suppress_warning (expr, OPT_Wuninitialized);
101	}
102
103	/ Like has_undefined_value_p, but don't return true if the no-warning*
104	bit is set on SSA_NAME_VAR for either uninit warning. /*
105
106	static inline bool
107	uninit_undefined_value_p (tree t)
108	{
109	if (!has_undefined_value_p (t))
110	return false;
111	if (!SSA_NAME_VAR (t))
112	return true;
113	return !get_no_uninit_warning (SSA_NAME_VAR (t));
114	}
115
116	/ Emit warnings for uninitialized variables. This is done in two passes.*
117
118	The first pass notices real uses of SSA names with undefined values.
119	Such uses are unconditionally uninitialized, and we can be certain that
120	such a use is a mistake. This pass is run before most optimizations,
121	so that we catch as many as we can.
122
123	The second pass follows PHI nodes to find uses that are potentially
124	uninitialized. In this case we can't necessarily prove that the use
125	is really uninitialized. This pass is run after most optimizations,
126	so that we thread as many jumps and possible, and delete as much dead
127	code as possible, in order to reduce false positives. We also look
128	again for plain uninitialized variables, since optimization may have
129	changed conditionally uninitialized to unconditionally uninitialized. /*
130
131	/ Emit warning OPT for variable VAR at the point in the program where*
132	the SSA_NAME T is being used uninitialized. The warning text is in
133	MSGID and STMT is the statement that does the uninitialized read.
134	PHI_ARG_LOC is the location of the PHI argument if T and VAR are one,
135	or UNKNOWN_LOCATION otherwise. /*
136
137	static void
138	warn_uninit (opt_code opt, tree t, tree var, gimple *context,
139	location_t phi_arg_loc = UNKNOWN_LOCATION)
140	{
141	/ Bail if the value isn't provably uninitialized. /
142	if (!has_undefined_value_p (t))
143	return;
144
145	/ Ignore COMPLEX_EXPR as initializing only a part of a complex*
146	turns in a COMPLEX_EXPR with the not initialized part being
147	set to its previous (undefined) value. /*
148	if (is_gimple_assign (gs: context)
149	&& gimple_assign_rhs_code (gs: context) == COMPLEX_EXPR)
150	return;
151
152	/ Ignore REALPART_EXPR or IMAGPART_EXPR if its operand is a call to*
153	.DEFERRED_INIT. This is for handling the following case correctly:
154
155	1 typedef _Complex float C;
156	2 C foo (int cond)
157	3 {
158	4 C f;
159	5 __imag__ f = 0;
160	6 if (cond)
161	7 {
162	8 __real__ f = 1;
163	9 return f;
164	10 }
165	11 return f;
166	12 }
167
168	with -ftrivial-auto-var-init, compiler will insert the following
169	artificial initialization at line 4:
170	f = .DEFERRED_INIT (f, 2);
171	_1 = REALPART_EXPR <f>;
172
173	without the following special handling, _1 = REALPART_EXPR <f> will
174	be treated as the uninitialized use point, which is incorrect. (the
175	real uninitialized use point is at line 11). /*
176	if (is_gimple_assign (gs: context)
177	&& (gimple_assign_rhs_code (gs: context) == REALPART_EXPR
178	\|\| gimple_assign_rhs_code (gs: context) == IMAGPART_EXPR))
179	{
180	tree v = gimple_assign_rhs1 (gs: context);
181	if (TREE_CODE (TREE_OPERAND (v, `0`)) == SSA_NAME
182	&& gimple_call_internal_p (SSA_NAME_DEF_STMT (TREE_OPERAND (v, `0`)),
183	fn: IFN_DEFERRED_INIT))
184	return;
185	}
186
187	/ Anonymous SSA_NAMEs shouldn't be uninitialized, but ssa_undefined_value_p*
188	can return true if the def stmt of an anonymous SSA_NAME is
189	1. A COMPLEX_EXPR created for conversion from scalar to complex. Use the
190	underlying var of the COMPLEX_EXPRs real part in that case. See PR71581.
191
192	Or
193
194	2. A call to .DEFERRED_INIT internal function. Since the original variable
195	has been eliminated by optimziation, we need to get the variable name,
196	and variable declaration location from this call. We recorded variable
197	name into VAR_NAME_STR, and will get location info and record warning
198	suppressed info to VAR_DEF_STMT, which is the .DEFERRED_INIT call. /*
199
200	const char *var_name_str = NULL;
201	gimple *var_def_stmt = NULL;
202
203	if (!var && !SSA_NAME_VAR (t))
204	{
205	var_def_stmt = SSA_NAME_DEF_STMT (t);
206
207	if (gassign ass = dyn_cast <gassign > (p: var_def_stmt))
208	{
209	switch (gimple_assign_rhs_code (gs: var_def_stmt))
210	{
211	case COMPLEX_EXPR:
212	{
213	tree v = gimple_assign_rhs1 (gs: ass);
214	if (TREE_CODE (v) == SSA_NAME
215	&& has_undefined_value_p (t: v)
216	&& zerop (gimple_assign_rhs2 (gs: ass)))
217	var = SSA_NAME_VAR (v);
218	break;
219	}
220	case SSA_NAME:
221	{
222	tree v = gimple_assign_rhs1 (gs: ass);
223	if (TREE_CODE (v) == SSA_NAME
224	&& SSA_NAME_VAR (v))
225	var = SSA_NAME_VAR (v);
226	break;
227	}
228	default:;
229	}
230	}
231
232	if (gimple_call_internal_p (gs: var_def_stmt, fn: IFN_DEFERRED_INIT))
233	{
234	/ Ignore the call to .DEFERRED_INIT that define the original*
235	var itself as the following case:
236	temp = .DEFERRED_INIT (4, 2, “alt_reloc");
237	alt_reloc = temp;
238	In order to avoid generating warning for the fake usage
239	at alt_reloc = temp.
240	*/
241	tree lhs_var = NULL_TREE;
242
243	/ Get the variable name from the 3rd argument of call. /
244	tree var_name = gimple_call_arg (gs: var_def_stmt, index: `2`);
245	var_name = TREE_OPERAND (TREE_OPERAND (var_name, `0`), `0`);
246	var_name_str = TREE_STRING_POINTER (var_name);
247
248	if (is_gimple_assign (gs: context))
249	{
250	if (VAR_P (gimple_assign_lhs (context)))
251	lhs_var = gimple_assign_lhs (gs: context);
252	else if (TREE_CODE (gimple_assign_lhs (context)) == SSA_NAME)
253	lhs_var = SSA_NAME_VAR (gimple_assign_lhs (context));
254	}
255	if (lhs_var)
256	{
257	/ Get the name string for the LHS_VAR.*
258	Refer to routine gimple_add_init_for_auto_var. /*
259	if (DECL_NAME (lhs_var)
260	&& (strcmp (IDENTIFIER_POINTER (DECL_NAME (lhs_var)),
261	s2: var_name_str) == `0`))
262	return;
263	else if (!DECL_NAME (lhs_var))
264	{
265	char lhs_var_name_str_buf[`3` + (HOST_BITS_PER_INT + `2`) / `3`];
266	sprintf (s: lhs_var_name_str_buf, format: "D.%u", DECL_UID (lhs_var));
267	if (strcmp (s1: lhs_var_name_str_buf, s2: var_name_str) == `0`)
268	return;
269	}
270	}
271	gcc_assert (var_name_str && var_def_stmt);
272	}
273	}
274
275	if (var == NULL_TREE && var_name_str == NULL)
276	return;
277
278	/ Avoid warning if we've already done so or if the warning has been*
279	suppressed. /*
280	if (((warning_suppressed_p (context, OPT_Wuninitialized)
281	\|\| (gimple_assign_single_p (gs: context)
282	&& get_no_uninit_warning (expr: gimple_assign_rhs1 (gs: context)))))
283	\|\| (var && get_no_uninit_warning (expr: var))
284	\|\| (var_name_str
285	&& warning_suppressed_p (var_def_stmt, OPT_Wuninitialized)))
286	return;
287
288	/ Use either the location of the read statement or that of the PHI*
289	argument, or that of the uninitialized variable, in that order,
290	whichever is valid. /*
291	location_t location = UNKNOWN_LOCATION;
292	if (gimple_has_location (g: context))
293	location = gimple_location (g: context);
294	else if (phi_arg_loc != UNKNOWN_LOCATION)
295	location = phi_arg_loc;
296	else if (var)
297	location = DECL_SOURCE_LOCATION (var);
298	else if (var_name_str)
299	location = gimple_location (g: var_def_stmt);
300
301	auto_diagnostic_group d;
302	gcc_assert (opt == OPT_Wuninitialized \|\| opt == OPT_Wmaybe_uninitialized);
303	if (var)
304	{
305	if ((opt == OPT_Wuninitialized
306	&& !warning_at (location, opt, "%qD is used uninitialized", var))
307	\|\| (opt == OPT_Wmaybe_uninitialized
308	&& !warning_at (location, opt, "%qD may be used uninitialized",
309	var)))
310	return;
311	}
312	else if (var_name_str)
313	{
314	if ((opt == OPT_Wuninitialized
315	&& !warning_at (location, opt, "%qs is used uninitialized",
316	var_name_str))
317	\|\| (opt == OPT_Wmaybe_uninitialized
318	&& !warning_at (location, opt, "%qs may be used uninitialized",
319	var_name_str)))
320	return;
321	}
322
323	/ Avoid subsequent warnings for reads of the same variable again. /
324	if (var)
325	suppress_warning (var, opt);
326	else if (var_name_str)
327	suppress_warning (var_def_stmt, opt);
328
329	/ Issue a note pointing to the read variable unless the warning*
330	is at the same location. /*
331	location_t var_loc = var ? DECL_SOURCE_LOCATION (var)
332	: gimple_location (g: var_def_stmt);
333	if (location == var_loc)
334	return;
335
336	if (var)
337	inform (var_loc, "%qD was declared here", var);
338	else if (var_name_str)
339	inform (var_loc, "%qs was declared here", var_name_str);
340	}
341
342	struct check_defs_data
343	{
344	/ If we found any may-defs besides must-def clobbers. /
345	bool found_may_defs;
346	};
347
348	/ Return true if STMT is a call to built-in function all of whose*
349	by-reference arguments are const-qualified (i.e., the function can
350	be assumed not to modify them). /*
351
352	static bool
353	builtin_call_nomodifying_p (gimple *stmt)
354	{
355	if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
356	return false;
357
358	tree fndecl = gimple_call_fndecl (gs: stmt);
359	if (!fndecl)
360	return false;
361
362	tree fntype = TREE_TYPE (fndecl);
363	if (!fntype)
364	return false;
365
366	/ Check the called function's signature for non-constc pointers.*
367	If one is found, return false. /*
368	unsigned argno = `0`;
369	tree argtype;
370	function_args_iterator it;
371	FOREACH_FUNCTION_ARGS (fntype, argtype, it)
372	{
373	if (VOID_TYPE_P (argtype))
374	return true;
375
376	++argno;
377
378	if (!POINTER_TYPE_P (argtype))
379	continue;
380
381	if (TYPE_READONLY (TREE_TYPE (argtype)))
382	continue;
383
384	return false;
385	}
386
387	/ If the number of actual arguments to the call is less than or*
388	equal to the number of parameters, return false. /*
389	unsigned nargs = gimple_call_num_args (gs: stmt);
390	if (nargs <= argno)
391	return false;
392
393	/ Check arguments passed through the ellipsis in calls to variadic*
394	functions for pointers. If one is found that's a non-constant
395	pointer, return false. /*
396	for (; argno < nargs; ++argno)
397	{
398	tree arg = gimple_call_arg (gs: stmt, index: argno);
399	argtype = TREE_TYPE (arg);
400	if (!POINTER_TYPE_P (argtype))
401	continue;
402
403	if (TYPE_READONLY (TREE_TYPE (argtype)))
404	continue;
405
406	return false;
407	}
408
409	return true;
410	}
411
412	/ If ARG is a FNDECL parameter declared with attribute access none or*
413	write_only issue a warning for its read access via PTR. /*
414
415	static void
416	maybe_warn_read_write_only (tree fndecl, gimple *stmt, tree arg, tree ptr)
417	{
418	if (!fndecl)
419	return;
420
421	if (get_no_uninit_warning (expr: arg))
422	return;
423
424	tree fntype = TREE_TYPE (fndecl);
425	if (!fntype)
426	return;
427
428	/ Initialize a map of attribute access specifications for arguments*
429	to the function call. /*
430	rdwr_map rdwr_idx;
431	init_attr_rdwr_indices (&rdwr_idx, TYPE_ATTRIBUTES (fntype));
432
433	unsigned argno = `0`;
434	tree parms = DECL_ARGUMENTS (fndecl);
435	for (tree parm = parms; parm; parm = TREE_CHAIN (parm), ++argno)
436	{
437	if (parm != arg)
438	continue;
439
440	const attr_access* access = rdwr_idx.get (k: argno);
441	if (!access)
442	break;
443
444	if (access->mode != access_none
445	&& access->mode != access_write_only)
446	continue;
447
448	location_t stmtloc = gimple_location (g: stmt);
449	if (!warning_at (stmtloc, OPT_Wmaybe_uninitialized,
450	"%qE may be used uninitialized", ptr))
451	break;
452
453	suppress_warning (arg, OPT_Wmaybe_uninitialized);
454
455	const char* const access_str =
456	TREE_STRING_POINTER (access->to_external_string ());
457
458	location_t parmloc = DECL_SOURCE_LOCATION (parm);
459	inform (parmloc, "accessing argument %u of a function declared with "
460	"attribute %<%s%>",
461	argno + `1`, access_str);
462
463	break;
464	}
465	}
466
467	/ Callback for walk_aliased_vdefs. /
468
469	static bool
470	check_defs (ao_ref ref, tree vdef, void* *data_)
471	{
472	check_defs_data data = (check_defs_data )data_;
473	gimple *def_stmt = SSA_NAME_DEF_STMT (vdef);
474
475	/ Ignore the vdef if the definition statement is a call*
476	to .DEFERRED_INIT function. /*
477	if (gimple_call_internal_p (gs: def_stmt, fn: IFN_DEFERRED_INIT))
478	return false;
479
480	/ For address taken variable, a temporary variable is added between*
481	the variable and the call to .DEFERRED_INIT function as:
482	_1 = .DEFERRED_INIT (4, 2, &"i1"[0]);
483	i1 = _1;
484	Ignore this vdef as well. /*
485	if (is_gimple_assign (gs: def_stmt)
486	&& gimple_assign_rhs_code (gs: def_stmt) == SSA_NAME)
487	{
488	tree tmp_var = gimple_assign_rhs1 (gs: def_stmt);
489	if (gimple_call_internal_p (SSA_NAME_DEF_STMT (tmp_var),
490	fn: IFN_DEFERRED_INIT))
491	return false;
492	}
493
494	/ The ASAN_MARK intrinsic doesn't modify the variable. /
495	if (is_gimple_call (gs: def_stmt))
496	{
497	/ The ASAN_MARK intrinsic doesn't modify the variable. /
498	if (gimple_call_internal_p (gs: def_stmt)
499	&& gimple_call_internal_fn (gs: def_stmt) == IFN_ASAN_MARK)
500	return false;
501
502	if (tree fndecl = gimple_call_fndecl (gs: def_stmt))
503	{
504	/ Some sanitizer calls pass integer arguments to built-ins*
505	that expect pointets. Avoid using gimple_call_builtin_p()
506	which fails for such calls. /*
507	if (DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
508	{
509	built_in_function fncode = DECL_FUNCTION_CODE (decl: fndecl);
510	if (fncode > BEGIN_SANITIZER_BUILTINS
511	&& fncode < END_SANITIZER_BUILTINS)
512	return false;
513	}
514	}
515	}
516
517	/ End of VLA scope is not a kill. /
518	if (gimple_call_builtin_p (def_stmt, BUILT_IN_STACK_RESTORE))
519	return false;
520
521	/ If this is a clobber then if it is not a kill walk past it. /
522	if (gimple_clobber_p (s: def_stmt))
523	{
524	if (stmt_kills_ref_p (def_stmt, ref))
525	return true;
526	return false;
527	}
528
529	if (builtin_call_nomodifying_p (stmt: def_stmt))
530	return false;
531
532	/ Found a may-def on this path. /
533	data->found_may_defs = true;
534	return true;
535	}
536
537	/ Counters and limits controlling the depth of analysis and*
538	strictness of the warning. /*
539	struct wlimits
540	{
541	/ Number of VDEFs encountered. /
542	unsigned int vdef_cnt;
543	/ Number of statements examined by walk_aliased_vdefs. /
544	unsigned int oracle_cnt;
545	/ Limit on the number of statements visited by walk_aliased_vdefs. /
546	unsigned limit;
547	/ Set when basic block with statement is executed unconditionally. /
548	bool always_executed;
549	/ Set to issue -Wmaybe-uninitialized. /
550	bool wmaybe_uninit;
551	};
552
553	/ Determine if REF references an uninitialized operand and diagnose*
554	it if so. STMS is the referencing statement. LHS is the result
555	of the access and may be null. RHS is the variable referenced by
556	the access; it may not be null. /*
557
558	static tree
559	maybe_warn_operand (ao_ref &ref, gimple *stmt, tree lhs, tree rhs,
560	wlimits &wlims)
561	{
562	bool has_bit_insert = false;
563	use_operand_p luse_p;
564	imm_use_iterator liter;
565
566	if (get_no_uninit_warning (expr: rhs))
567	return NULL_TREE;
568
569	/ Do not warn if the base was marked so or this is a*
570	hard register var. /*
571	tree base = ao_ref_base (&ref);
572	if ((VAR_P (base)
573	&& DECL_HARD_REGISTER (base))
574	\|\| get_no_uninit_warning (expr: base))
575	return NULL_TREE;
576
577	/ Do not warn if the access is zero size or if it's fully outside*
578	the object. /*
579	poly_int64 decl_size;
580	if (known_size_p (a: ref.size)
581	&& known_eq (ref.max_size, ref.size)
582	&& (known_eq (ref.size, `0`)
583	\|\| known_le (ref.offset + ref.size, `0`)))
584	return NULL_TREE;
585
586	if (DECL_P (base)
587	&& known_ge (ref.offset, `0`)
588	&& DECL_SIZE (base)
589	&& poly_int_tree_p (DECL_SIZE (base), value: &decl_size)
590	&& known_le (decl_size, ref.offset))
591	return NULL_TREE;
592
593	/ Do not warn if the result of the access is then used for*
594	a BIT_INSERT_EXPR. /*
595	if (lhs && TREE_CODE (lhs) == SSA_NAME)
596	FOR_EACH_IMM_USE_FAST (luse_p, liter, lhs)
597	{
598	gimple *use_stmt = USE_STMT (luse_p);
599	/ BIT_INSERT_EXPR first operand should not be considered*
600	a use for the purpose of uninit warnings. /*
601	if (gassign ass = dyn_cast <gassign > (p: use_stmt))
602	{
603	if (gimple_assign_rhs_code (gs: ass) == BIT_INSERT_EXPR
604	&& luse_p->use == gimple_assign_rhs1_ptr (gs: ass))
605	{
606	has_bit_insert = true;
607	break;
608	}
609	}
610	}
611
612	if (has_bit_insert)
613	return NULL_TREE;
614
615	/ Limit the walking to a constant number of stmts after*
616	we overcommit quadratic behavior for small functions
617	and O(n) behavior. /*
618	if (wlims.oracle_cnt > `128` * `128`
619	&& wlims.oracle_cnt > wlims.vdef_cnt * `2`)
620	wlims.limit = `32`;
621
622	check_defs_data data;
623	bool fentry_reached = false;
624	data.found_may_defs = false;
625	tree use = gimple_vuse (g: stmt);
626	if (!use)
627	return NULL_TREE;
628	int res = walk_aliased_vdefs (&ref, use,
629	check_defs, &data, NULL,
630	function_entry_reached: &fentry_reached, limit: wlims.limit);
631	if (res == -`1`)
632	{
633	wlims.oracle_cnt += wlims.limit;
634	return NULL_TREE;
635	}
636
637	wlims.oracle_cnt += res;
638	if (data.found_may_defs)
639	return NULL_TREE;
640
641	bool found_alloc = false;
642
643	if (fentry_reached)
644	{
645	if (TREE_CODE (base) == MEM_REF)
646	base = TREE_OPERAND (base, `0`);
647
648	/ Follow the chain of SSA_NAME assignments looking for an alloca*
649	call (or VLA) or malloc/realloc, or for decls. If any is found
650	(and in the latter case, the operand is a local variable) issue
651	a warning. /*
652	while (TREE_CODE (base) == SSA_NAME)
653	{
654	gimple *def_stmt = SSA_NAME_DEF_STMT (base);
655
656	if (is_gimple_call (gs: def_stmt)
657	&& gimple_call_builtin_p (def_stmt))
658	{
659	/ Detect uses of uninitialized alloca/VLAs. /
660	tree fndecl = gimple_call_fndecl (gs: def_stmt);
661	const built_in_function fncode = DECL_FUNCTION_CODE (decl: fndecl);
662	if (fncode == BUILT_IN_ALLOCA
663	\|\| fncode == BUILT_IN_ALLOCA_WITH_ALIGN
664	\|\| fncode == BUILT_IN_MALLOC)
665	found_alloc = true;
666	break;
667	}
668
669	if (!is_gimple_assign (gs: def_stmt))
670	break;
671
672	tree_code code = gimple_assign_rhs_code (gs: def_stmt);
673	if (code != ADDR_EXPR && code != POINTER_PLUS_EXPR)
674	break;
675
676	base = gimple_assign_rhs1 (gs: def_stmt);
677	if (TREE_CODE (base) == ADDR_EXPR)
678	base = TREE_OPERAND (base, `0`);
679
680	if (DECL_P (base)
681	\|\| TREE_CODE (base) == COMPONENT_REF)
682	rhs = base;
683
684	if (TREE_CODE (base) == MEM_REF)
685	base = TREE_OPERAND (base, `0`);
686
687	if (tree ba = get_base_address (t: base))
688	base = ba;
689	}
690
691	/ Replace the RHS expression with BASE so that it*
692	refers to it in the diagnostic (instead of to
693	'<unknown>'). /*
694	if (DECL_P (base)
695	&& EXPR_P (rhs)
696	&& TREE_CODE (rhs) != COMPONENT_REF)
697	rhs = base;
698	}
699
700	/ Do not warn if it can be initialized outside this function.*
701	If we did not reach function entry then we found killing
702	clobbers on all paths to entry. /*
703	if (!found_alloc && fentry_reached)
704	{
705	if (TREE_CODE (base) == SSA_NAME)
706	{
707	tree var = SSA_NAME_VAR (base);
708	if (var && TREE_CODE (var) == PARM_DECL)
709	{
710	maybe_warn_read_write_only (cfun->decl, stmt, arg: var, ptr: rhs);
711	return NULL_TREE;
712	}
713	}
714
715	if (!VAR_P (base)
716	\|\| is_global_var (t: base))
717	/ ??? We'd like to use ref_may_alias_global_p but that*
718	excludes global readonly memory and thus we get bogus
719	warnings from p = cond ? "a" : "b" for example. /*
720	return NULL_TREE;
721	}
722
723	/ Strip the address-of expression from arrays passed to functions. /
724	if (TREE_CODE (rhs) == ADDR_EXPR)
725	rhs = TREE_OPERAND (rhs, `0`);
726
727	/ Check again since RHS may have changed above. /
728	if (get_no_uninit_warning (expr: rhs))
729	return NULL_TREE;
730
731	/ Avoid warning about empty types such as structs with no members.*
732	The first_field() test is important for C++ where the predicate
733	alone isn't always sufficient. /*
734	tree rhstype = TREE_TYPE (rhs);
735	if (POINTER_TYPE_P (rhstype))
736	rhstype = TREE_TYPE (rhstype);
737	if (is_empty_type (rhstype))
738	return NULL_TREE;
739
740	bool warned = false;
741	/ We didn't find any may-defs so on all paths either*
742	reached function entry or a killing clobber. /*
743	location_t location = gimple_location (g: stmt);
744	if (wlims.always_executed)
745	{
746	if (warning_at (location, OPT_Wuninitialized,
747	"%qE is used uninitialized", rhs))
748	{
749	/ ??? This is only effective for decls as in*
750	gcc.dg/uninit-B-O0.c. Avoid doing this for maybe-uninit
751	uses or accesses by functions as it may hide important
752	locations. /*
753	if (lhs)
754	set_no_uninit_warning (rhs);
755	warned = true;
756	}
757	}
758	else if (wlims.wmaybe_uninit)
759	warned = warning_at (location, OPT_Wmaybe_uninitialized,
760	"%qE may be used uninitialized", rhs);
761
762	return warned ? base : NULL_TREE;
763	}
764
765
766	/ Diagnose passing addresses of uninitialized objects to either const*
767	pointer arguments to functions, or to functions declared with attribute
768	access implying read access to those objects. /*
769
770	static void
771	maybe_warn_pass_by_reference (gcall *stmt, wlimits &wlims)
772	{
773	if (!wlims.wmaybe_uninit)
774	return;
775
776	unsigned nargs = gimple_call_num_args (gs: stmt);
777	if (!nargs)
778	return;
779
780	tree fndecl = gimple_call_fndecl (gs: stmt);
781	tree fntype = gimple_call_fntype (gs: stmt);
782	if (!fntype)
783	return;
784
785	/ Const function do not read their arguments. /
786	if (gimple_call_flags (stmt) & ECF_CONST)
787	return;
788
789	const built_in_function fncode
790	= (fndecl && gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)
791	? DECL_FUNCTION_CODE (decl: fndecl) : (built_in_function)BUILT_IN_LAST);
792
793	if (fncode == BUILT_IN_MEMCPY \|\| fncode == BUILT_IN_MEMMOVE)
794	/ Avoid diagnosing calls to raw memory functions (this is overly*
795	permissive; consider tightening it up). /*
796	return;
797
798	/ Save the current warning setting and replace it either a "maybe"*
799	when passing addresses of uninitialized variables to const-qualified
800	pointers or arguments declared with attribute read_write, or with
801	a "certain" when passing them to arguments declared with attribute
802	read_only. /*
803	const bool save_always_executed = wlims.always_executed;
804
805	/ Initialize a map of attribute access specifications for arguments*
806	to the function call. /*
807	rdwr_map rdwr_idx;
808	init_attr_rdwr_indices (&rdwr_idx, TYPE_ATTRIBUTES (fntype));
809
810	tree argtype;
811	unsigned argno = `0`;
812	function_args_iterator it;
813
814	FOREACH_FUNCTION_ARGS (fntype, argtype, it)
815	{
816	++argno;
817
818	if (argno > nargs)
819	break;
820
821	if (!POINTER_TYPE_P (argtype))
822	continue;
823
824	tree access_size = NULL_TREE;
825	const attr_access* access = rdwr_idx.get (k: argno - `1`);
826	if (access)
827	{
828	if (access->mode == access_none
829	\|\| access->mode == access_write_only)
830	continue;
831
832	if (access->mode == access_deferred
833	&& !TYPE_READONLY (TREE_TYPE (argtype)))
834	continue;
835
836	if (save_always_executed && access->mode == access_read_only)
837	/ Attribute read_only arguments imply read access. /
838	wlims.always_executed = true;
839	else
840	/ Attribute read_write arguments are documented as requiring*
841	initialized objects but it's expected that aggregates may
842	be only partially initialized regardless. /*
843	wlims.always_executed = false;
844
845	if (access->sizarg < nargs)
846	access_size = gimple_call_arg (gs: stmt, index: access->sizarg);
847	}
848	else if (!TYPE_READONLY (TREE_TYPE (argtype)))
849	continue;
850	else if (save_always_executed && fncode != BUILT_IN_LAST)
851	/ Const-qualified arguments to built-ins imply read access. /
852	wlims.always_executed = true;
853	else
854	/ Const-qualified arguments to ordinary functions imply a likely*
855	(but not definitive) read access. /*
856	wlims.always_executed = false;
857
858	/ Ignore args we are not going to read from. /
859	if (gimple_call_arg_flags (stmt, argno - `1`)
860	& (EAF_UNUSED \| EAF_NO_DIRECT_READ))
861	continue;
862
863	tree arg = gimple_call_arg (gs: stmt, index: argno - `1`);
864	if (!POINTER_TYPE_P (TREE_TYPE (arg)))
865	/ Avoid actual arguments with invalid types. /
866	continue;
867
868	ao_ref ref;
869	ao_ref_init_from_ptr_and_size (&ref, arg, access_size);
870	tree argbase = maybe_warn_operand (ref, stmt, NULL_TREE, rhs: arg, wlims);
871	if (!argbase)
872	continue;
873
874	if (access && access->mode != access_deferred)
875	{
876	const char* const access_str =
877	TREE_STRING_POINTER (access->to_external_string ());
878
879	if (fndecl)
880	{
881	location_t loc = DECL_SOURCE_LOCATION (fndecl);
882	inform (loc, "in a call to %qD declared with "
883	"attribute %<%s%> here", fndecl, access_str);
884	}
885	else
886	{
887	/ Handle calls through function pointers. /
888	location_t loc = gimple_location (g: stmt);
889	inform (loc, "in a call to %qT declared with "
890	"attribute %<%s%>", fntype, access_str);
891	}
892	}
893	else
894	{
895	/ For a declaration with no relevant attribute access create*
896	a dummy object and use the formatting function to avoid
897	having to complicate things here. /*
898	attr_access ptr_access = { };
899	if (!access)
900	access = &ptr_access;
901	const std::string argtypestr = access->array_as_string (argtype);
902	if (fndecl)
903	{
904	location_t loc (DECL_SOURCE_LOCATION (fndecl));
905	inform (loc, "by argument %u of type %s to %qD "
906	"declared here",
907	argno, argtypestr.c_str (), fndecl);
908	}
909	else
910	{
911	/ Handle calls through function pointers. /
912	location_t loc (gimple_location (g: stmt));
913	inform (loc, "by argument %u of type %s to %qT",
914	argno, argtypestr.c_str (), fntype);
915	}
916	}
917
918	if (DECL_P (argbase))
919	{
920	location_t loc = DECL_SOURCE_LOCATION (argbase);
921	inform (loc, "%qD declared here", argbase);
922	}
923	}
924
925	wlims.always_executed = save_always_executed;
926	}
927
928	/ Warn about an uninitialized PHI argument on the fallthru path to*
929	an always executed block BB. /*
930
931	static void
932	warn_uninit_phi_uses (basic_block bb)
933	{
934	edge_iterator ei;
935	edge e, found = NULL, found_back = NULL;
936	/ Look for a fallthru and possibly a single backedge. /
937	FOR_EACH_EDGE (e, ei, bb->preds)
938	{
939	/ Ignore backedges. /
940	if (dominated_by_p (CDI_DOMINATORS, e->src, bb))
941	{
942	if (found_back)
943	{
944	found = NULL;
945	break;
946	}
947	found_back = e;
948	continue;
949	}
950	if (found)
951	{
952	found = NULL;
953	break;
954	}
955	found = e;
956	}
957	if (!found)
958	return;
959
960	basic_block succ = single_succ (ENTRY_BLOCK_PTR_FOR_FN (cfun));
961	for (gphi_iterator si = gsi_start_phis (bb); !gsi_end_p (i: si);
962	gsi_next (i: &si))
963	{
964	gphi *phi = si.phi ();
965	tree def = PHI_ARG_DEF_FROM_EDGE (phi, found);
966	if (TREE_CODE (def) != SSA_NAME
967	\|\| !SSA_NAME_IS_DEFAULT_DEF (def)
968	\|\| virtual_operand_p (op: def))
969	continue;
970	/ If there's a default def on the fallthru edge PHI*
971	value and there's a use that post-dominates entry
972	then that use is uninitialized and we can warn. /*
973	imm_use_iterator iter;
974	use_operand_p use_p;
975	gimple *use_stmt = NULL;
976	FOR_EACH_IMM_USE_FAST (use_p, iter, gimple_phi_result (phi))
977	{
978	use_stmt = USE_STMT (use_p);
979	if (gimple_location (g: use_stmt) != UNKNOWN_LOCATION
980	&& dominated_by_p (CDI_POST_DOMINATORS, succ,
981	gimple_bb (g: use_stmt))
982	/ If we found a non-fallthru edge make sure the*
983	use is inside the loop, otherwise the backedge
984	can serve as initialization. /*
985	&& (!found_back
986	\|\| dominated_by_p (CDI_DOMINATORS, found_back->src,
987	gimple_bb (g: use_stmt))))
988	break;
989	use_stmt = NULL;
990	}
991	if (use_stmt)
992	warn_uninit (opt: OPT_Wuninitialized, t: def,
993	SSA_NAME_VAR (def), context: use_stmt);
994	}
995	}
996
997	/ Issue warnings about reads of uninitialized variables. WMAYBE_UNINIT*
998	is true to issue -Wmaybe-uninitialized, otherwise -Wuninitialized. /*
999
1000	static void
1001	warn_uninitialized_vars (bool wmaybe_uninit)
1002	{
1003	/ Counters and limits controlling the depth of the warning. /
1004	wlimits wlims = { };
1005	wlims.wmaybe_uninit = wmaybe_uninit;
1006
1007	auto_bb_flag ft_reachable (cfun);
1008
1009	/ Mark blocks that are always executed when we ignore provably*
1010	not executed and EH and abnormal edges. /*
1011	basic_block bb = single_succ (ENTRY_BLOCK_PTR_FOR_FN (cfun));
1012	while (!(bb->flags & ft_reachable))
1013	{
1014	bb->flags \|= ft_reachable;
1015	edge e = find_fallthru_edge (edges: bb->succs);
1016	if (e && e->flags & EDGE_EXECUTABLE)
1017	{
1018	bb = e->dest;
1019	continue;
1020	}
1021	/ Find a single executable edge. /
1022	edge_iterator ei;
1023	edge ee = NULL;
1024	FOR_EACH_EDGE (e, ei, bb->succs)
1025	if (e->flags & EDGE_EXECUTABLE)
1026	{
1027	if (!ee)
1028	ee = e;
1029	else
1030	{
1031	ee = NULL;
1032	break;
1033	}
1034	}
1035	if (ee)
1036	bb = ee->dest;
1037	else
1038	bb = get_immediate_dominator (CDI_POST_DOMINATORS, bb);
1039	if (!bb \|\| bb->index == EXIT_BLOCK)
1040	break;
1041	}
1042
1043	FOR_EACH_BB_FN (bb, cfun)
1044	{
1045	wlims.always_executed = (bb->flags & ft_reachable);
1046	bb->flags &= ~ft_reachable;
1047
1048	edge_iterator ei;
1049	edge e;
1050	FOR_EACH_EDGE (e, ei, bb->preds)
1051	if (e->flags & EDGE_EXECUTABLE)
1052	break;
1053	/ Skip unreachable blocks. For early analysis we use VN to*
1054	determine edge executability when wmaybe_uninit. /*
1055	if (!e)
1056	continue;
1057
1058	if (wlims.always_executed)
1059	warn_uninit_phi_uses (bb);
1060
1061	gimple_stmt_iterator gsi;
1062	for (gsi = gsi_start_bb (bb); !gsi_end_p (i: gsi); gsi_next (i: &gsi))
1063	{
1064	gimple *stmt = gsi_stmt (i: gsi);
1065
1066	/ The call is an artificial use, will not provide meaningful*
1067	error message. If the result of the call is used somewhere
1068	else, we warn there instead. /*
1069	if (gimple_call_internal_p (gs: stmt, fn: IFN_DEFERRED_INIT))
1070	continue;
1071
1072	if (is_gimple_debug (gs: stmt))
1073	continue;
1074
1075	/ We only do data flow with SSA_NAMEs, so that's all we*
1076	can warn about. /*
1077	use_operand_p use_p;
1078	ssa_op_iter op_iter;
1079	FOR_EACH_SSA_USE_OPERAND (use_p, stmt, op_iter, SSA_OP_USE)
1080	{
1081	/ BIT_INSERT_EXPR first operand should not be considered*
1082	a use for the purpose of uninit warnings. /*
1083	if (gassign ass = dyn_cast <gassign > (p: stmt))
1084	{
1085	if (gimple_assign_rhs_code (gs: ass) == BIT_INSERT_EXPR
1086	&& use_p->use == gimple_assign_rhs1_ptr (gs: ass))
1087	continue;
1088	}
1089	tree use = USE_FROM_PTR (use_p);
1090	if (wlims.always_executed)
1091	warn_uninit (opt: OPT_Wuninitialized, t: use,
1092	SSA_NAME_VAR (use), context: stmt);
1093	else if (wlims.wmaybe_uninit)
1094	warn_uninit (opt: OPT_Wmaybe_uninitialized, t: use,
1095	SSA_NAME_VAR (use), context: stmt);
1096	}
1097
1098	/ For limiting the alias walk below we count all*
1099	vdefs in the function. /*
1100	if (gimple_vdef (g: stmt))
1101	wlims.vdef_cnt++;
1102
1103	if (gcall call = dyn_cast <gcall > (p: stmt))
1104	maybe_warn_pass_by_reference (stmt: call, wlims);
1105	else if (gimple_assign_load_p (stmt)
1106	&& gimple_has_location (g: stmt))
1107	{
1108	tree rhs = gimple_assign_rhs1 (gs: stmt);
1109	tree lhs = gimple_assign_lhs (gs: stmt);
1110
1111	ao_ref ref;
1112	ao_ref_init (&ref, rhs);
1113	tree var = maybe_warn_operand (ref, stmt, lhs, rhs, wlims);
1114	if (!var)
1115	continue;
1116
1117	if (DECL_P (var))
1118	{
1119	location_t loc = DECL_SOURCE_LOCATION (var);
1120	inform (loc, "%qD declared here", var);
1121	}
1122	}
1123	}
1124	}
1125	}
1126
1127	/ Checks if the operand OPND of PHI is defined by*
1128	another phi with one operand defined by this PHI,
1129	but the rest operands are all defined. If yes,
1130	returns true to skip this operand as being
1131	redundant. Can be enhanced to be more general. /*
1132
1133	static bool
1134	can_skip_redundant_opnd (tree opnd, gimple *phi)
1135	{
1136	tree phi_def = gimple_phi_result (gs: phi);
1137	gimple *op_def = SSA_NAME_DEF_STMT (opnd);
1138	if (gimple_code (g: op_def) != GIMPLE_PHI)
1139	return false;
1140
1141	unsigned n = gimple_phi_num_args (gs: op_def);
1142	for (unsigned i = `0`; i < n; ++i)
1143	{
1144	tree op = gimple_phi_arg_def (gs: op_def, index: i);
1145	if (TREE_CODE (op) != SSA_NAME)
1146	continue;
1147	if (op != phi_def && uninit_undefined_value_p (t: op))
1148	return false;
1149	}
1150
1151	return true;
1152	}
1153
1154	/ Return a bitset holding the positions of arguments in PHI with empty*
1155	(or possibly empty) definitions. /*
1156
1157	static unsigned
1158	compute_uninit_opnds_pos (gphi *phi)
1159	{
1160	unsigned uninit_opnds = `0`;
1161
1162	unsigned n = gimple_phi_num_args (gs: phi);
1163	/ Bail out for phi with too many args. /
1164	if (n > uninit_analysis::func_t::max_phi_args)
1165	return `0`;
1166
1167	for (unsigned i = `0`; i < n; ++i)
1168	{
1169	tree op = gimple_phi_arg_def (gs: phi, index: i);
1170	if (TREE_CODE (op) == SSA_NAME
1171	&& uninit_undefined_value_p (t: op)
1172	&& !can_skip_redundant_opnd (opnd: op, phi))
1173	{
1174	if (cfun->has_nonlocal_label \|\| cfun->calls_setjmp)
1175	{
1176	/ Ignore SSA_NAMEs that appear on abnormal edges*
1177	somewhere. /*
1178	if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (op))
1179	continue;
1180	}
1181	MASK_SET_BIT (uninit_opnds, i);
1182	}
1183	}
1184	/ If we have recorded guarded uses of may-uninit values mask those. /
1185	if (auto *def_mask = defined_args->get (k: phi))
1186	uninit_opnds &= ~*def_mask;
1187	return uninit_opnds;
1188	}
1189
1190	/ Function object type used to determine whether an expression*
1191	is of interest to the predicate analyzer. /*
1192
1193	struct uninit_undef_val_t: public uninit_analysis::func_t
1194	{
1195	virtual unsigned phi_arg_set (gphi *) override;
1196	};
1197
1198	/ Return a bitset of PHI arguments of interest. /
1199
1200	unsigned
1201	uninit_undef_val_t::phi_arg_set (gphi *phi)
1202	{
1203	return compute_uninit_opnds_pos (phi);
1204	}
1205
1206	/ sort helper for find_uninit_use. /
1207
1208	static int
1209	cand_cmp (const void a, const* void b, void* *data)
1210	{
1211	int bb_to_rpo = (int* *)data;
1212	const gimple sa = (const gimple * const *)a;
1213	const gimple sb = (const gimple * const *)b;
1214	if (bb_to_rpo[gimple_bb (g: sa)->index] < bb_to_rpo[gimple_bb (g: sb)->index])
1215	return -`1`;
1216	else if (bb_to_rpo[gimple_bb (g: sa)->index] > bb_to_rpo[gimple_bb (g: sb)->index])
1217	return `1`;
1218	return `0`;
1219	}
1220
1221	/ Searches through all uses of a potentially*
1222	uninitialized variable defined by PHI and returns a use
1223	statement if the use is not properly guarded. It returns
1224	NULL if all uses are guarded. UNINIT_OPNDS is a bitvector
1225	holding the position(s) of uninit PHI operands. /*
1226
1227	static gimple *
1228	find_uninit_use (gphi phi, unsigned* uninit_opnds, int *bb_to_rpo)
1229	{
1230	/ The Boolean predicate guarding the PHI definition. Initialized*
1231	lazily from PHI in the first call to is_use_guarded() and cached
1232	for subsequent iterations. /*
1233	uninit_undef_val_t eval;
1234	uninit_analysis def_preds (eval);
1235
1236	/ First process PHIs and record other candidates. /
1237	auto_vec<gimple *, `64`> cands;
1238	use_operand_p use_p;
1239	imm_use_iterator iter;
1240	tree phi_result = gimple_phi_result (gs: phi);
1241	FOR_EACH_IMM_USE_FAST (use_p, iter, phi_result)
1242	{
1243	gimple *use_stmt = USE_STMT (use_p);
1244	if (is_gimple_debug (gs: use_stmt))
1245	continue;
1246
1247	/ Look through a single level of SSA name copies. This is*
1248	important for copies involving abnormals which we can't always
1249	proapgate out but which result in spurious unguarded uses. /*
1250	use_operand_p use2_p;
1251	gimple *use2_stmt;
1252	if (gimple_assign_ssa_name_copy_p (use_stmt)
1253	&& single_imm_use (var: gimple_assign_lhs (gs: use_stmt), use_p: &use2_p, stmt: &use2_stmt))
1254	{
1255	use_p = use2_p;
1256	use_stmt = use2_stmt;
1257	}
1258
1259	if (gphi use_phi = dyn_cast<gphi > (p: use_stmt))
1260	{
1261	unsigned idx = PHI_ARG_INDEX_FROM_USE (use_p);
1262	edge e = gimple_phi_arg_edge (phi: use_phi, i: idx);
1263	/ Do not look for uses in the next iteration of a loop, predicate*
1264	analysis will not use the appropriate predicates to prove
1265	reachability. /*
1266	if (e->flags & EDGE_DFS_BACK)
1267	continue;
1268
1269	basic_block use_bb = e->src;
1270	if (def_preds.is_use_guarded (use_stmt, use_bb, phi, uninit_opnds))
1271	{
1272	/ For a guarded use in a PHI record the PHI argument as*
1273	initialized. /*
1274	if (idx < uninit_analysis::func_t::max_phi_args)
1275	{
1276	bool existed_p;
1277	auto &def_mask
1278	= defined_args->get_or_insert (k: use_phi, existed: &existed_p);
1279	if (!existed_p)
1280	def_mask = `0`;
1281	MASK_SET_BIT (def_mask, idx);
1282	}
1283	continue;
1284	}
1285
1286	if (dump_file && (dump_flags & TDF_DETAILS))
1287	{
1288	fprintf (stream: dump_file, format: "Found unguarded use on edge %u -> %u: ",
1289	e->src->index, e->dest->index);
1290	print_gimple_stmt (dump_file, use_stmt, `0`);
1291	}
1292	/ Found a phi use that is not guarded, mark the use as*
1293	possibly undefined. /*
1294	possibly_undefined_names->add (USE_FROM_PTR (use_p));
1295	}
1296	else
1297	cands.safe_push (obj: use_stmt);
1298	}
1299
1300	/ Sort candidates after RPO. /
1301	cands.stablesort (cmp: cand_cmp, data: bb_to_rpo);
1302	basic_block use_bb = NULL;
1303	for (gimple *use_stmt : cands)
1304	{
1305	/ We only have to try diagnosing the first use in each block. /
1306	if (gimple_bb (g: use_stmt) == use_bb)
1307	continue;
1308
1309	use_bb = gimple_bb (g: use_stmt);
1310	if (def_preds.is_use_guarded (use_stmt, use_bb, phi, uninit_opnds))
1311	continue;
1312
1313	if (dump_file && (dump_flags & TDF_DETAILS))
1314	{
1315	fprintf (stream: dump_file, format: "Found unguarded use in bb %u: ",
1316	use_bb->index);
1317	print_gimple_stmt (dump_file, use_stmt, `0`);
1318	}
1319	return use_stmt;
1320	}
1321
1322	return NULL;
1323	}
1324
1325	/ Look for inputs to PHI that are SSA_NAMEs that have empty definitions*
1326	and gives warning if there exists a runtime path from the entry to a
1327	use of the PHI def that does not contain a definition. In other words,
1328	the warning is on the real use. The more dead paths that can be pruned
1329	by the compiler, the fewer false positives the warning is. /*
1330
1331	static void
1332	warn_uninitialized_phi (gphi phi, unsigned* uninit_opnds, int *bb_to_rpo)
1333	{
1334	if (dump_file && (dump_flags & TDF_DETAILS))
1335	{
1336	fprintf (stream: dump_file, format: "Examining phi: ");
1337	print_gimple_stmt (dump_file, phi, `0`);
1338	}
1339
1340	gimple *uninit_use_stmt = find_uninit_use (phi, uninit_opnds, bb_to_rpo);
1341
1342	/ All uses are properly guarded. /
1343	if (!uninit_use_stmt)
1344	return;
1345
1346	unsigned phiarg_index = MASK_FIRST_SET_BIT (uninit_opnds);
1347	tree uninit_op = gimple_phi_arg_def (gs: phi, index: phiarg_index);
1348
1349	location_t loc = UNKNOWN_LOCATION;
1350	if (gimple_phi_arg_has_location (phi, i: phiarg_index))
1351	loc = gimple_phi_arg_location (phi, i: phiarg_index);
1352	else
1353	{
1354	tree arg_def = gimple_phi_arg_def (gs: phi, index: phiarg_index);
1355	if (TREE_CODE (arg_def) == SSA_NAME)
1356	{
1357	gimple *def_stmt = SSA_NAME_DEF_STMT (arg_def);
1358	if (gphi arg_phi = dyn_cast<gphi > (p: def_stmt))
1359	{
1360	unsigned uop = compute_uninit_opnds_pos (phi: arg_phi);
1361	unsigned idx = MASK_FIRST_SET_BIT (uop);
1362	if (idx < gimple_phi_num_args (gs: arg_phi)
1363	&& gimple_phi_arg_has_location (phi: arg_phi, i: idx))
1364	loc = gimple_phi_arg_location (phi: arg_phi, i: idx);
1365	}
1366	}
1367	}
1368
1369	warn_uninit (opt: OPT_Wmaybe_uninitialized, t: uninit_op,
1370	SSA_NAME_VAR (uninit_op),
1371	context: uninit_use_stmt, phi_arg_loc: loc);
1372	}
1373
1374	static bool
1375	gate_warn_uninitialized (void)
1376	{
1377	return warn_uninitialized \|\| warn_maybe_uninitialized;
1378	}
1379
1380	namespace {
1381
1382	const pass_data pass_data_late_warn_uninitialized =
1383	{
1384	.type: GIMPLE_PASS, / type /
1385	.name: "uninit", / name /
1386	.optinfo_flags: OPTGROUP_NONE, / optinfo_flags /
1387	.tv_id: TV_NONE, / tv_id /
1388	PROP_ssa, / properties_required /
1389	.properties_provided: `0`, / properties_provided /
1390	.properties_destroyed: `0`, / properties_destroyed /
1391	.todo_flags_start: `0`, / todo_flags_start /
1392	.todo_flags_finish: `0`, / todo_flags_finish /
1393	};
1394
1395	class pass_late_warn_uninitialized : public gimple_opt_pass
1396	{
1397	public:
1398	pass_late_warn_uninitialized (gcc::context *ctxt)
1399	: gimple_opt_pass (pass_data_late_warn_uninitialized, ctxt)
1400	{}
1401
1402	/ opt_pass methods: /
1403	opt_pass *clone () final override
1404	{
1405	return new pass_late_warn_uninitialized (m_ctxt);
1406	}
1407	bool gate (function ) final override { return* gate_warn_uninitialized (); }
1408	unsigned int execute (function *) final override;
1409
1410	}; // class pass_late_warn_uninitialized
1411
1412	static void
1413	execute_late_warn_uninitialized (function *fun)
1414	{
1415	calculate_dominance_info (CDI_DOMINATORS);
1416	calculate_dominance_info (CDI_POST_DOMINATORS);
1417
1418	/ Mark all edges executable, warn_uninitialized_vars will skip*
1419	unreachable blocks. /*
1420	set_all_edges_as_executable (fun);
1421	mark_dfs_back_edges (fun);
1422	int rpo = XNEWVEC (int*, n_basic_blocks_for_fn (fun));
1423	int n = pre_and_rev_post_order_compute_fn (fun, NULL, rpo, false);
1424	int bb_to_rpo = XNEWVEC (int*, last_basic_block_for_fn (fun));
1425	for (int i = `0`; i < n; ++i)
1426	bb_to_rpo[rpo[i]] = i;
1427
1428	/ Re-do the plain uninitialized variable check, as optimization may have*
1429	straightened control flow. Do this first so that we don't accidentally
1430	get a "may be" warning when we'd have seen an "is" warning later. /*
1431	warn_uninitialized_vars (/warn_maybe_uninitialized=/wmaybe_uninit: `1`);
1432
1433	timevar_push (tv: TV_TREE_UNINIT);
1434
1435	/ Avoid quadratic beahvior when looking up case labels for edges. /
1436	start_recording_case_labels ();
1437
1438	possibly_undefined_names = new hash_set<tree>;
1439	defined_args = new hash_map<gphi *, uninit_analysis::func_t::phi_arg_set_t>;
1440
1441	/ Walk the CFG in RPO order so we visit PHIs with defs that are*
1442	possibly uninitialized from other PHIs after those. The uninit
1443	predicate analysis will then expand the PHIs predicate with
1444	the predicates of the edges from such PHI defs. /*
1445	for (int i = `0`; i < n; ++i)
1446	for (auto gsi = gsi_start_phis (BASIC_BLOCK_FOR_FN (fun, rpo[i]));
1447	!gsi_end_p (i: gsi); gsi_next (i: &gsi))
1448	{
1449	gphi *phi = gsi.phi ();
1450
1451	/ Don't look at virtual operands. /
1452	if (virtual_operand_p (op: gimple_phi_result (gs: phi)))
1453	continue;
1454
1455	unsigned uninit_opnds = compute_uninit_opnds_pos (phi);
1456	if (MASK_EMPTY (uninit_opnds))
1457	continue;
1458
1459	warn_uninitialized_phi (phi, uninit_opnds, bb_to_rpo);
1460	}
1461
1462	free (ptr: rpo);
1463	free (ptr: bb_to_rpo);
1464	delete possibly_undefined_names;
1465	possibly_undefined_names = NULL;
1466	delete defined_args;
1467	defined_args = NULL;
1468	end_recording_case_labels ();
1469	free_dominance_info (CDI_POST_DOMINATORS);
1470	timevar_pop (tv: TV_TREE_UNINIT);
1471	}
1472
1473	unsigned int
1474	pass_late_warn_uninitialized::execute (function *fun)
1475	{
1476	execute_late_warn_uninitialized (fun);
1477	return `0`;
1478	}
1479
1480	} // anon namespace
1481
1482	gimple_opt_pass *
1483	make_pass_late_warn_uninitialized (gcc::context *ctxt)
1484	{
1485	return new pass_late_warn_uninitialized (ctxt);
1486	}
1487
1488	static unsigned int
1489	execute_early_warn_uninitialized (struct function *fun)
1490	{
1491	/ Currently, this pass runs always but*
1492	execute_late_warn_uninitialized only runs with optimization. With
1493	optimization we want to warn about possible uninitialized as late
1494	as possible, thus don't do it here. However, without
1495	optimization we need to warn here about "may be uninitialized". /*
1496	calculate_dominance_info (CDI_DOMINATORS);
1497	calculate_dominance_info (CDI_POST_DOMINATORS);
1498
1499	/ Use VN in its cheapest incarnation and without doing any*
1500	elimination to compute edge reachability. Don't bother when
1501	we only warn for unconditionally executed code though. /*
1502	if (!optimize)
1503	do_rpo_vn (fun, NULL, NULL, false, false, false, VN_NOWALK);
1504	else
1505	set_all_edges_as_executable (fun);
1506
1507	warn_uninitialized_vars (/warn_maybe_uninitialized=/wmaybe_uninit: !optimize);
1508
1509	/ Post-dominator information cannot be reliably updated. Free it*
1510	after the use. /*
1511
1512	free_dominance_info (CDI_POST_DOMINATORS);
1513	return `0`;
1514	}
1515
1516	namespace {
1517
1518	const pass_data pass_data_early_warn_uninitialized =
1519	{
1520	.type: GIMPLE_PASS, / type /
1521	.name: "early_uninit", / name /
1522	.optinfo_flags: OPTGROUP_NONE, / optinfo_flags /
1523	.tv_id: TV_TREE_UNINIT, / tv_id /
1524	PROP_ssa, / properties_required /
1525	.properties_provided: `0`, / properties_provided /
1526	.properties_destroyed: `0`, / properties_destroyed /
1527	.todo_flags_start: `0`, / todo_flags_start /
1528	.todo_flags_finish: `0`, / todo_flags_finish /
1529	};
1530
1531	class pass_early_warn_uninitialized : public gimple_opt_pass
1532	{
1533	public:
1534	pass_early_warn_uninitialized (gcc::context *ctxt)
1535	: gimple_opt_pass (pass_data_early_warn_uninitialized, ctxt)
1536	{}
1537
1538	/ opt_pass methods: /
1539	bool gate (function ) final override { return* gate_warn_uninitialized (); }
1540	unsigned int execute (function *fun) final override
1541	{
1542	return execute_early_warn_uninitialized (fun);
1543	}
1544
1545	}; // class pass_early_warn_uninitialized
1546
1547	} // anon namespace
1548
1549	gimple_opt_pass *
1550	make_pass_early_warn_uninitialized (gcc::context *ctxt)
1551	{
1552	return new pass_early_warn_uninitialized (ctxt);
1553	}
1554

source code of gcc/tree-ssa-uninit.cc