tree-ssa-uninit.cc source code [gcc/tree-ssa-uninit.cc]

1	/ Predicate aware uninitialized variable warning.*
2	Copyright (C) 2001-2023 Free Software Foundation, Inc.
3	Contributed by Xinliang David Li <davidxl@google.com>
4
5	This file is part of GCC.
6
7	GCC is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3, or (at your option)
10	any later version.
11
12	GCC is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with GCC; see the file COPYING3. If not see
19	<http://www.gnu.org/licenses/>. /*
20
21	#define INCLUDE_STRING
22	#include "config.h"
23	#include "system.h"
24	#include "coretypes.h"
25	#include "backend.h"
26	#include "tree.h"
27	#include "gimple.h"
28	#include "tree-pass.h"
29	#include "ssa.h"
30	#include "gimple-pretty-print.h"
31	#include "diagnostic-core.h"
32	#include "fold-const.h"
33	#include "gimple-iterator.h"
34	#include "tree-ssa.h"
35	#include "tree-cfg.h"
36	#include "cfghooks.h"
37	#include "attribs.h"
38	#include "builtins.h"
39	#include "calls.h"
40	#include "gimple-range.h"
41	#include "gimple-predicate-analysis.h"
42	#include "domwalk.h"
43	#include "tree-ssa-sccvn.h"
44	#include "cfganal.h"
45
46	/ This implements the pass that does predicate aware warning on uses of*
47	possibly uninitialized variables. The pass first collects the set of
48	possibly uninitialized SSA names. For each such name, it walks through
49	all its immediate uses. For each immediate use, it rebuilds the condition
50	expression (the predicate) that guards the use. The predicate is then
51	examined to see if the variable is always defined under that same condition.
52	This is done either by pruning the unrealizable paths that lead to the
53	default definitions or by checking if the predicate set that guards the
54	defining paths is a superset of the use predicate. /*
55
56	/ Pointer set of potentially undefined ssa names, i.e.,*
57	ssa names that are defined by phi with operands that
58	are not defined or potentially undefined. /*
59	static hash_set<tree> *possibly_undefined_names;
60	static hash_map<gphi , uninit_analysis::func_t::phi_arg_set_t> defined_args;
61
62	/ Returns the first bit position (starting from LSB)*
63	in mask that is non zero. Returns -1 if the mask is empty. /*
64	static int
65	get_mask_first_set_bit (unsigned mask)
66	{
67	int pos = `0`;
68	if (mask == `0`)
69	return -`1`;
70
71	while ((mask & (`1` << pos)) == `0`)
72	pos++;
73
74	return pos;
75	}
76	#define MASK_FIRST_SET_BIT(mask) get_mask_first_set_bit (mask)
77
78	/ Return true if T, an SSA_NAME, has an undefined value. /
79	static bool
80	has_undefined_value_p (tree t)
81	{
82	return (ssa_undefined_value_p (t)
83	\|\| (possibly_undefined_names
84	&& possibly_undefined_names->contains (k: t)));
85	}
86
87	/ Return true if EXPR should suppress either uninitialized warning. /
88
89	static inline bool
90	get_no_uninit_warning (tree expr)
91	{
92	return warning_suppressed_p (expr, OPT_Wuninitialized);
93	}
94
95	/ Suppress both uninitialized warnings for EXPR. /
96
97	static inline void
98	set_no_uninit_warning (tree expr)
99	{
100	suppress_warning (expr, OPT_Wuninitialized);
101	}
102
103	/ Like has_undefined_value_p, but don't return true if the no-warning*
104	bit is set on SSA_NAME_VAR for either uninit warning. /*
105
106	static inline bool
107	uninit_undefined_value_p (tree t)
108	{
109	if (!has_undefined_value_p (t))
110	return false;
111	if (!SSA_NAME_VAR (t))
112	return true;
113	return !get_no_uninit_warning (SSA_NAME_VAR (t));
114	}
115
116	/ Emit warnings for uninitialized variables. This is done in two passes.*
117
118	The first pass notices real uses of SSA names with undefined values.
119	Such uses are unconditionally uninitialized, and we can be certain that
120	such a use is a mistake. This pass is run before most optimizations,
121	so that we catch as many as we can.
122
123	The second pass follows PHI nodes to find uses that are potentially
124	uninitialized. In this case we can't necessarily prove that the use
125	is really uninitialized. This pass is run after most optimizations,
126	so that we thread as many jumps and possible, and delete as much dead
127	code as possible, in order to reduce false positives. We also look
128	again for plain uninitialized variables, since optimization may have
129	changed conditionally uninitialized to unconditionally uninitialized. /*
130
131	/ Emit warning OPT for variable VAR at the point in the program where*
132	the SSA_NAME T is being used uninitialized. The warning text is in
133	MSGID and STMT is the statement that does the uninitialized read.
134	PHI_ARG_LOC is the location of the PHI argument if T and VAR are one,
135	or UNKNOWN_LOCATION otherwise. /*
136
137	static void
138	warn_uninit (opt_code opt, tree t, tree var, gimple *context,
139	location_t phi_arg_loc = UNKNOWN_LOCATION)
140	{
141	/ Bail if the value isn't provably uninitialized. /
142	if (!has_undefined_value_p (t))
143	return;
144
145	/ Ignore COMPLEX_EXPR as initializing only a part of a complex*
146	turns in a COMPLEX_EXPR with the not initialized part being
147	set to its previous (undefined) value. /*
148	if (is_gimple_assign (gs: context)
149	&& gimple_assign_rhs_code (gs: context) == COMPLEX_EXPR)
150	return;
151
152	/ Ignore REALPART_EXPR or IMAGPART_EXPR if its operand is a call to*
153	.DEFERRED_INIT. This is for handling the following case correctly:
154
155	1 typedef _Complex float C;
156	2 C foo (int cond)
157	3 {
158	4 C f;
159	5 __imag__ f = 0;
160	6 if (cond)
161	7 {
162	8 __real__ f = 1;
163	9 return f;
164	10 }
165	11 return f;
166	12 }
167
168	with -ftrivial-auto-var-init, compiler will insert the following
169	artificial initialization at line 4:
170	f = .DEFERRED_INIT (f, 2);
171	_1 = REALPART_EXPR <f>;
172
173	without the following special handling, _1 = REALPART_EXPR <f> will
174	be treated as the uninitialized use point, which is incorrect. (the
175	real uninitialized use point is at line 11). /*
176	if (is_gimple_assign (gs: context)
177	&& (gimple_assign_rhs_code (gs: context) == REALPART_EXPR
178	\|\| gimple_assign_rhs_code (gs: context) == IMAGPART_EXPR))
179	{
180	tree v = gimple_assign_rhs1 (gs: context);
181	if (TREE_CODE (TREE_OPERAND (v, `0`)) == SSA_NAME
182	&& gimple_call_internal_p (SSA_NAME_DEF_STMT (TREE_OPERAND (v, `0`)),
183	fn: IFN_DEFERRED_INIT))
184	return;
185	}
186
187	/ Anonymous SSA_NAMEs shouldn't be uninitialized, but ssa_undefined_value_p*
188	can return true if the def stmt of an anonymous SSA_NAME is
189	1. A COMPLEX_EXPR created for conversion from scalar to complex. Use the
190	underlying var of the COMPLEX_EXPRs real part in that case. See PR71581.
191
192	Or
193
194	2. A call to .DEFERRED_INIT internal function. Since the original variable
195	has been eliminated by optimziation, we need to get the variable name,
196	and variable declaration location from this call. We recorded variable
197	name into VAR_NAME_STR, and will get location info and record warning
198	suppressed info to VAR_DEF_STMT, which is the .DEFERRED_INIT call. /*
199
200	const char *var_name_str = NULL;
201	gimple *var_def_stmt = NULL;
202
203	if (!var && !SSA_NAME_VAR (t))
204	{
205	var_def_stmt = SSA_NAME_DEF_STMT (t);
206
207	if (is_gimple_assign (gs: var_def_stmt)
208	&& gimple_assign_rhs_code (gs: var_def_stmt) == COMPLEX_EXPR)
209	{
210	tree v = gimple_assign_rhs1 (gs: var_def_stmt);
211	if (TREE_CODE (v) == SSA_NAME
212	&& has_undefined_value_p (t: v)
213	&& zerop (gimple_assign_rhs2 (gs: var_def_stmt)))
214	var = SSA_NAME_VAR (v);
215	}
216
217	if (gimple_call_internal_p (gs: var_def_stmt, fn: IFN_DEFERRED_INIT))
218	{
219	/ Ignore the call to .DEFERRED_INIT that define the original*
220	var itself as the following case:
221	temp = .DEFERRED_INIT (4, 2, “alt_reloc");
222	alt_reloc = temp;
223	In order to avoid generating warning for the fake usage
224	at alt_reloc = temp.
225	*/
226	tree lhs_var = NULL_TREE;
227
228	/ Get the variable name from the 3rd argument of call. /
229	tree var_name = gimple_call_arg (gs: var_def_stmt, index: `2`);
230	var_name = TREE_OPERAND (TREE_OPERAND (var_name, `0`), `0`);
231	var_name_str = TREE_STRING_POINTER (var_name);
232
233	if (is_gimple_assign (gs: context))
234	{
235	if (VAR_P (gimple_assign_lhs (context)))
236	lhs_var = gimple_assign_lhs (gs: context);
237	else if (TREE_CODE (gimple_assign_lhs (context)) == SSA_NAME)
238	lhs_var = SSA_NAME_VAR (gimple_assign_lhs (context));
239	}
240	if (lhs_var)
241	{
242	/ Get the name string for the LHS_VAR.*
243	Refer to routine gimple_add_init_for_auto_var. /*
244	if (DECL_NAME (lhs_var)
245	&& (strcmp (IDENTIFIER_POINTER (DECL_NAME (lhs_var)),
246	s2: var_name_str) == `0`))
247	return;
248	else if (!DECL_NAME (lhs_var))
249	{
250	char lhs_var_name_str_buf[`3` + (HOST_BITS_PER_INT + `2`) / `3`];
251	sprintf (s: lhs_var_name_str_buf, format: "D.%u", DECL_UID (lhs_var));
252	if (strcmp (s1: lhs_var_name_str_buf, s2: var_name_str) == `0`)
253	return;
254	}
255	}
256	gcc_assert (var_name_str && var_def_stmt);
257	}
258	}
259
260	if (var == NULL_TREE && var_name_str == NULL)
261	return;
262
263	/ Avoid warning if we've already done so or if the warning has been*
264	suppressed. /*
265	if (((warning_suppressed_p (context, OPT_Wuninitialized)
266	\|\| (gimple_assign_single_p (gs: context)
267	&& get_no_uninit_warning (expr: gimple_assign_rhs1 (gs: context)))))
268	\|\| (var && get_no_uninit_warning (expr: var))
269	\|\| (var_name_str
270	&& warning_suppressed_p (var_def_stmt, OPT_Wuninitialized)))
271	return;
272
273	/ Use either the location of the read statement or that of the PHI*
274	argument, or that of the uninitialized variable, in that order,
275	whichever is valid. /*
276	location_t location = UNKNOWN_LOCATION;
277	if (gimple_has_location (g: context))
278	location = gimple_location (g: context);
279	else if (phi_arg_loc != UNKNOWN_LOCATION)
280	location = phi_arg_loc;
281	else if (var)
282	location = DECL_SOURCE_LOCATION (var);
283	else if (var_name_str)
284	location = gimple_location (g: var_def_stmt);
285
286	auto_diagnostic_group d;
287	gcc_assert (opt == OPT_Wuninitialized \|\| opt == OPT_Wmaybe_uninitialized);
288	if (var)
289	{
290	if ((opt == OPT_Wuninitialized
291	&& !warning_at (location, opt, "%qD is used uninitialized", var))
292	\|\| (opt == OPT_Wmaybe_uninitialized
293	&& !warning_at (location, opt, "%qD may be used uninitialized",
294	var)))
295	return;
296	}
297	else if (var_name_str)
298	{
299	if ((opt == OPT_Wuninitialized
300	&& !warning_at (location, opt, "%qs is used uninitialized",
301	var_name_str))
302	\|\| (opt == OPT_Wmaybe_uninitialized
303	&& !warning_at (location, opt, "%qs may be used uninitialized",
304	var_name_str)))
305	return;
306	}
307
308	/ Avoid subsequent warnings for reads of the same variable again. /
309	if (var)
310	suppress_warning (var, opt);
311	else if (var_name_str)
312	suppress_warning (var_def_stmt, opt);
313
314	/ Issue a note pointing to the read variable unless the warning*
315	is at the same location. /*
316	location_t var_loc = var ? DECL_SOURCE_LOCATION (var)
317	: gimple_location (g: var_def_stmt);
318	if (location == var_loc)
319	return;
320
321	if (var)
322	inform (var_loc, "%qD was declared here", var);
323	else if (var_name_str)
324	inform (var_loc, "%qs was declared here", var_name_str);
325	}
326
327	struct check_defs_data
328	{
329	/ If we found any may-defs besides must-def clobbers. /
330	bool found_may_defs;
331	};
332
333	/ Return true if STMT is a call to built-in function all of whose*
334	by-reference arguments are const-qualified (i.e., the function can
335	be assumed not to modify them). /*
336
337	static bool
338	builtin_call_nomodifying_p (gimple *stmt)
339	{
340	if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
341	return false;
342
343	tree fndecl = gimple_call_fndecl (gs: stmt);
344	if (!fndecl)
345	return false;
346
347	tree fntype = TREE_TYPE (fndecl);
348	if (!fntype)
349	return false;
350
351	/ Check the called function's signature for non-constc pointers.*
352	If one is found, return false. /*
353	unsigned argno = `0`;
354	tree argtype;
355	function_args_iterator it;
356	FOREACH_FUNCTION_ARGS (fntype, argtype, it)
357	{
358	if (VOID_TYPE_P (argtype))
359	return true;
360
361	++argno;
362
363	if (!POINTER_TYPE_P (argtype))
364	continue;
365
366	if (TYPE_READONLY (TREE_TYPE (argtype)))
367	continue;
368
369	return false;
370	}
371
372	/ If the number of actual arguments to the call is less than or*
373	equal to the number of parameters, return false. /*
374	unsigned nargs = gimple_call_num_args (gs: stmt);
375	if (nargs <= argno)
376	return false;
377
378	/ Check arguments passed through the ellipsis in calls to variadic*
379	functions for pointers. If one is found that's a non-constant
380	pointer, return false. /*
381	for (; argno < nargs; ++argno)
382	{
383	tree arg = gimple_call_arg (gs: stmt, index: argno);
384	argtype = TREE_TYPE (arg);
385	if (!POINTER_TYPE_P (argtype))
386	continue;
387
388	if (TYPE_READONLY (TREE_TYPE (argtype)))
389	continue;
390
391	return false;
392	}
393
394	return true;
395	}
396
397	/ If ARG is a FNDECL parameter declared with attribute access none or*
398	write_only issue a warning for its read access via PTR. /*
399
400	static void
401	maybe_warn_read_write_only (tree fndecl, gimple *stmt, tree arg, tree ptr)
402	{
403	if (!fndecl)
404	return;
405
406	if (get_no_uninit_warning (expr: arg))
407	return;
408
409	tree fntype = TREE_TYPE (fndecl);
410	if (!fntype)
411	return;
412
413	/ Initialize a map of attribute access specifications for arguments*
414	to the function call. /*
415	rdwr_map rdwr_idx;
416	init_attr_rdwr_indices (&rdwr_idx, TYPE_ATTRIBUTES (fntype));
417
418	unsigned argno = `0`;
419	tree parms = DECL_ARGUMENTS (fndecl);
420	for (tree parm = parms; parm; parm = TREE_CHAIN (parm), ++argno)
421	{
422	if (parm != arg)
423	continue;
424
425	const attr_access* access = rdwr_idx.get (k: argno);
426	if (!access)
427	break;
428
429	if (access->mode != access_none
430	&& access->mode != access_write_only)
431	continue;
432
433	location_t stmtloc = gimple_location (g: stmt);
434	if (!warning_at (stmtloc, OPT_Wmaybe_uninitialized,
435	"%qE may be used uninitialized", ptr))
436	break;
437
438	suppress_warning (arg, OPT_Wmaybe_uninitialized);
439
440	const char* const access_str =
441	TREE_STRING_POINTER (access->to_external_string ());
442
443	location_t parmloc = DECL_SOURCE_LOCATION (parm);
444	inform (parmloc, "accessing argument %u of a function declared with "
445	"attribute %<%s%>",
446	argno + `1`, access_str);
447
448	break;
449	}
450	}
451
452	/ Callback for walk_aliased_vdefs. /
453
454	static bool
455	check_defs (ao_ref ref, tree vdef, void* *data_)
456	{
457	check_defs_data data = (check_defs_data )data_;
458	gimple *def_stmt = SSA_NAME_DEF_STMT (vdef);
459
460	/ Ignore the vdef if the definition statement is a call*
461	to .DEFERRED_INIT function. /*
462	if (gimple_call_internal_p (gs: def_stmt, fn: IFN_DEFERRED_INIT))
463	return false;
464
465	/ For address taken variable, a temporary variable is added between*
466	the variable and the call to .DEFERRED_INIT function as:
467	_1 = .DEFERRED_INIT (4, 2, &"i1"[0]);
468	i1 = _1;
469	Ignore this vdef as well. /*
470	if (is_gimple_assign (gs: def_stmt)
471	&& gimple_assign_rhs_code (gs: def_stmt) == SSA_NAME)
472	{
473	tree tmp_var = gimple_assign_rhs1 (gs: def_stmt);
474	if (gimple_call_internal_p (SSA_NAME_DEF_STMT (tmp_var),
475	fn: IFN_DEFERRED_INIT))
476	return false;
477	}
478
479	/ The ASAN_MARK intrinsic doesn't modify the variable. /
480	if (is_gimple_call (gs: def_stmt))
481	{
482	/ The ASAN_MARK intrinsic doesn't modify the variable. /
483	if (gimple_call_internal_p (gs: def_stmt)
484	&& gimple_call_internal_fn (gs: def_stmt) == IFN_ASAN_MARK)
485	return false;
486
487	if (tree fndecl = gimple_call_fndecl (gs: def_stmt))
488	{
489	/ Some sanitizer calls pass integer arguments to built-ins*
490	that expect pointets. Avoid using gimple_call_builtin_p()
491	which fails for such calls. /*
492	if (DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
493	{
494	built_in_function fncode = DECL_FUNCTION_CODE (decl: fndecl);
495	if (fncode > BEGIN_SANITIZER_BUILTINS
496	&& fncode < END_SANITIZER_BUILTINS)
497	return false;
498	}
499	}
500	}
501
502	/ End of VLA scope is not a kill. /
503	if (gimple_call_builtin_p (def_stmt, BUILT_IN_STACK_RESTORE))
504	return false;
505
506	/ If this is a clobber then if it is not a kill walk past it. /
507	if (gimple_clobber_p (s: def_stmt))
508	{
509	if (stmt_kills_ref_p (def_stmt, ref))
510	return true;
511	return false;
512	}
513
514	if (builtin_call_nomodifying_p (stmt: def_stmt))
515	return false;
516
517	/ Found a may-def on this path. /
518	data->found_may_defs = true;
519	return true;
520	}
521
522	/ Counters and limits controlling the depth of analysis and*
523	strictness of the warning. /*
524	struct wlimits
525	{
526	/ Number of VDEFs encountered. /
527	unsigned int vdef_cnt;
528	/ Number of statements examined by walk_aliased_vdefs. /
529	unsigned int oracle_cnt;
530	/ Limit on the number of statements visited by walk_aliased_vdefs. /
531	unsigned limit;
532	/ Set when basic block with statement is executed unconditionally. /
533	bool always_executed;
534	/ Set to issue -Wmaybe-uninitialized. /
535	bool wmaybe_uninit;
536	};
537
538	/ Determine if REF references an uninitialized operand and diagnose*
539	it if so. STMS is the referencing statement. LHS is the result
540	of the access and may be null. RHS is the variable referenced by
541	the access; it may not be null. /*
542
543	static tree
544	maybe_warn_operand (ao_ref &ref, gimple *stmt, tree lhs, tree rhs,
545	wlimits &wlims)
546	{
547	bool has_bit_insert = false;
548	use_operand_p luse_p;
549	imm_use_iterator liter;
550
551	if (get_no_uninit_warning (expr: rhs))
552	return NULL_TREE;
553
554	/ Do not warn if the base was marked so or this is a*
555	hard register var. /*
556	tree base = ao_ref_base (&ref);
557	if ((VAR_P (base)
558	&& DECL_HARD_REGISTER (base))
559	\|\| get_no_uninit_warning (expr: base))
560	return NULL_TREE;
561
562	/ Do not warn if the access is zero size or if it's fully outside*
563	the object. /*
564	poly_int64 decl_size;
565	if (known_size_p (a: ref.size)
566	&& known_eq (ref.max_size, ref.size)
567	&& (known_eq (ref.size, `0`)
568	\|\| known_le (ref.offset + ref.size, `0`)))
569	return NULL_TREE;
570
571	if (DECL_P (base)
572	&& known_ge (ref.offset, `0`)
573	&& DECL_SIZE (base)
574	&& poly_int_tree_p (DECL_SIZE (base), value: &decl_size)
575	&& known_le (decl_size, ref.offset))
576	return NULL_TREE;
577
578	/ Do not warn if the result of the access is then used for*
579	a BIT_INSERT_EXPR. /*
580	if (lhs && TREE_CODE (lhs) == SSA_NAME)
581	FOR_EACH_IMM_USE_FAST (luse_p, liter, lhs)
582	{
583	gimple *use_stmt = USE_STMT (luse_p);
584	/ BIT_INSERT_EXPR first operand should not be considered*
585	a use for the purpose of uninit warnings. /*
586	if (gassign ass = dyn_cast <gassign > (p: use_stmt))
587	{
588	if (gimple_assign_rhs_code (gs: ass) == BIT_INSERT_EXPR
589	&& luse_p->use == gimple_assign_rhs1_ptr (gs: ass))
590	{
591	has_bit_insert = true;
592	break;
593	}
594	}
595	}
596
597	if (has_bit_insert)
598	return NULL_TREE;
599
600	/ Limit the walking to a constant number of stmts after*
601	we overcommit quadratic behavior for small functions
602	and O(n) behavior. /*
603	if (wlims.oracle_cnt > `128` * `128`
604	&& wlims.oracle_cnt > wlims.vdef_cnt * `2`)
605	wlims.limit = `32`;
606
607	check_defs_data data;
608	bool fentry_reached = false;
609	data.found_may_defs = false;
610	tree use = gimple_vuse (g: stmt);
611	if (!use)
612	return NULL_TREE;
613	int res = walk_aliased_vdefs (&ref, use,
614	check_defs, &data, NULL,
615	function_entry_reached: &fentry_reached, limit: wlims.limit);
616	if (res == -`1`)
617	{
618	wlims.oracle_cnt += wlims.limit;
619	return NULL_TREE;
620	}
621
622	wlims.oracle_cnt += res;
623	if (data.found_may_defs)
624	return NULL_TREE;
625
626	bool found_alloc = false;
627
628	if (fentry_reached)
629	{
630	if (TREE_CODE (base) == MEM_REF)
631	base = TREE_OPERAND (base, `0`);
632
633	/ Follow the chain of SSA_NAME assignments looking for an alloca*
634	call (or VLA) or malloc/realloc, or for decls. If any is found
635	(and in the latter case, the operand is a local variable) issue
636	a warning. /*
637	while (TREE_CODE (base) == SSA_NAME)
638	{
639	gimple *def_stmt = SSA_NAME_DEF_STMT (base);
640
641	if (is_gimple_call (gs: def_stmt)
642	&& gimple_call_builtin_p (def_stmt))
643	{
644	/ Detect uses of uninitialized alloca/VLAs. /
645	tree fndecl = gimple_call_fndecl (gs: def_stmt);
646	const built_in_function fncode = DECL_FUNCTION_CODE (decl: fndecl);
647	if (fncode == BUILT_IN_ALLOCA
648	\|\| fncode == BUILT_IN_ALLOCA_WITH_ALIGN
649	\|\| fncode == BUILT_IN_MALLOC)
650	found_alloc = true;
651	break;
652	}
653
654	if (!is_gimple_assign (gs: def_stmt))
655	break;
656
657	tree_code code = gimple_assign_rhs_code (gs: def_stmt);
658	if (code != ADDR_EXPR && code != POINTER_PLUS_EXPR)
659	break;
660
661	base = gimple_assign_rhs1 (gs: def_stmt);
662	if (TREE_CODE (base) == ADDR_EXPR)
663	base = TREE_OPERAND (base, `0`);
664
665	if (DECL_P (base)
666	\|\| TREE_CODE (base) == COMPONENT_REF)
667	rhs = base;
668
669	if (TREE_CODE (base) == MEM_REF)
670	base = TREE_OPERAND (base, `0`);
671
672	if (tree ba = get_base_address (t: base))
673	base = ba;
674	}
675
676	/ Replace the RHS expression with BASE so that it*
677	refers to it in the diagnostic (instead of to
678	'<unknown>'). /*
679	if (DECL_P (base)
680	&& EXPR_P (rhs)
681	&& TREE_CODE (rhs) != COMPONENT_REF)
682	rhs = base;
683	}
684
685	/ Do not warn if it can be initialized outside this function.*
686	If we did not reach function entry then we found killing
687	clobbers on all paths to entry. /*
688	if (!found_alloc && fentry_reached)
689	{
690	if (TREE_CODE (base) == SSA_NAME)
691	{
692	tree var = SSA_NAME_VAR (base);
693	if (var && TREE_CODE (var) == PARM_DECL)
694	{
695	maybe_warn_read_write_only (cfun->decl, stmt, arg: var, ptr: rhs);
696	return NULL_TREE;
697	}
698	}
699
700	if (!VAR_P (base)
701	\|\| is_global_var (t: base))
702	/ ??? We'd like to use ref_may_alias_global_p but that*
703	excludes global readonly memory and thus we get bogus
704	warnings from p = cond ? "a" : "b" for example. /*
705	return NULL_TREE;
706	}
707
708	/ Strip the address-of expression from arrays passed to functions. /
709	if (TREE_CODE (rhs) == ADDR_EXPR)
710	rhs = TREE_OPERAND (rhs, `0`);
711
712	/ Check again since RHS may have changed above. /
713	if (get_no_uninit_warning (expr: rhs))
714	return NULL_TREE;
715
716	/ Avoid warning about empty types such as structs with no members.*
717	The first_field() test is important for C++ where the predicate
718	alone isn't always sufficient. /*
719	tree rhstype = TREE_TYPE (rhs);
720	if (POINTER_TYPE_P (rhstype))
721	rhstype = TREE_TYPE (rhstype);
722	if (is_empty_type (rhstype))
723	return NULL_TREE;
724
725	bool warned = false;
726	/ We didn't find any may-defs so on all paths either*
727	reached function entry or a killing clobber. /*
728	location_t location = gimple_location (g: stmt);
729	if (wlims.always_executed)
730	{
731	if (warning_at (location, OPT_Wuninitialized,
732	"%qE is used uninitialized", rhs))
733	{
734	/ ??? This is only effective for decls as in*
735	gcc.dg/uninit-B-O0.c. Avoid doing this for maybe-uninit
736	uses or accesses by functions as it may hide important
737	locations. /*
738	if (lhs)
739	set_no_uninit_warning (rhs);
740	warned = true;
741	}
742	}
743	else if (wlims.wmaybe_uninit)
744	warned = warning_at (location, OPT_Wmaybe_uninitialized,
745	"%qE may be used uninitialized", rhs);
746
747	return warned ? base : NULL_TREE;
748	}
749
750
751	/ Diagnose passing addresses of uninitialized objects to either const*
752	pointer arguments to functions, or to functions declared with attribute
753	access implying read access to those objects. /*
754
755	static void
756	maybe_warn_pass_by_reference (gcall *stmt, wlimits &wlims)
757	{
758	if (!wlims.wmaybe_uninit)
759	return;
760
761	unsigned nargs = gimple_call_num_args (gs: stmt);
762	if (!nargs)
763	return;
764
765	tree fndecl = gimple_call_fndecl (gs: stmt);
766	tree fntype = gimple_call_fntype (gs: stmt);
767	if (!fntype)
768	return;
769
770	/ Const function do not read their arguments. /
771	if (gimple_call_flags (stmt) & ECF_CONST)
772	return;
773
774	const built_in_function fncode
775	= (fndecl && gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)
776	? DECL_FUNCTION_CODE (decl: fndecl) : (built_in_function)BUILT_IN_LAST);
777
778	if (fncode == BUILT_IN_MEMCPY \|\| fncode == BUILT_IN_MEMMOVE)
779	/ Avoid diagnosing calls to raw memory functions (this is overly*
780	permissive; consider tightening it up). /*
781	return;
782
783	/ Save the current warning setting and replace it either a "maybe"*
784	when passing addresses of uninitialized variables to const-qualified
785	pointers or arguments declared with attribute read_write, or with
786	a "certain" when passing them to arguments declared with attribute
787	read_only. /*
788	const bool save_always_executed = wlims.always_executed;
789
790	/ Initialize a map of attribute access specifications for arguments*
791	to the function call. /*
792	rdwr_map rdwr_idx;
793	init_attr_rdwr_indices (&rdwr_idx, TYPE_ATTRIBUTES (fntype));
794
795	tree argtype;
796	unsigned argno = `0`;
797	function_args_iterator it;
798
799	FOREACH_FUNCTION_ARGS (fntype, argtype, it)
800	{
801	++argno;
802
803	if (argno > nargs)
804	break;
805
806	if (!POINTER_TYPE_P (argtype))
807	continue;
808
809	tree access_size = NULL_TREE;
810	const attr_access* access = rdwr_idx.get (k: argno - `1`);
811	if (access)
812	{
813	if (access->mode == access_none
814	\|\| access->mode == access_write_only)
815	continue;
816
817	if (access->mode == access_deferred
818	&& !TYPE_READONLY (TREE_TYPE (argtype)))
819	continue;
820
821	if (save_always_executed && access->mode == access_read_only)
822	/ Attribute read_only arguments imply read access. /
823	wlims.always_executed = true;
824	else
825	/ Attribute read_write arguments are documented as requiring*
826	initialized objects but it's expected that aggregates may
827	be only partially initialized regardless. /*
828	wlims.always_executed = false;
829
830	if (access->sizarg < nargs)
831	access_size = gimple_call_arg (gs: stmt, index: access->sizarg);
832	}
833	else if (!TYPE_READONLY (TREE_TYPE (argtype)))
834	continue;
835	else if (save_always_executed && fncode != BUILT_IN_LAST)
836	/ Const-qualified arguments to built-ins imply read access. /
837	wlims.always_executed = true;
838	else
839	/ Const-qualified arguments to ordinary functions imply a likely*
840	(but not definitive) read access. /*
841	wlims.always_executed = false;
842
843	/ Ignore args we are not going to read from. /
844	if (gimple_call_arg_flags (stmt, argno - `1`)
845	& (EAF_UNUSED \| EAF_NO_DIRECT_READ))
846	continue;
847
848	tree arg = gimple_call_arg (gs: stmt, index: argno - `1`);
849	if (!POINTER_TYPE_P (TREE_TYPE (arg)))
850	/ Avoid actual arguments with invalid types. /
851	continue;
852
853	ao_ref ref;
854	ao_ref_init_from_ptr_and_size (&ref, arg, access_size);
855	tree argbase = maybe_warn_operand (ref, stmt, NULL_TREE, rhs: arg, wlims);
856	if (!argbase)
857	continue;
858
859	if (access && access->mode != access_deferred)
860	{
861	const char* const access_str =
862	TREE_STRING_POINTER (access->to_external_string ());
863
864	if (fndecl)
865	{
866	location_t loc = DECL_SOURCE_LOCATION (fndecl);
867	inform (loc, "in a call to %qD declared with "
868	"attribute %<%s%> here", fndecl, access_str);
869	}
870	else
871	{
872	/ Handle calls through function pointers. /
873	location_t loc = gimple_location (g: stmt);
874	inform (loc, "in a call to %qT declared with "
875	"attribute %<%s%>", fntype, access_str);
876	}
877	}
878	else
879	{
880	/ For a declaration with no relevant attribute access create*
881	a dummy object and use the formatting function to avoid
882	having to complicate things here. /*
883	attr_access ptr_access = { };
884	if (!access)
885	access = &ptr_access;
886	const std::string argtypestr = access->array_as_string (argtype);
887	if (fndecl)
888	{
889	location_t loc (DECL_SOURCE_LOCATION (fndecl));
890	inform (loc, "by argument %u of type %s to %qD "
891	"declared here",
892	argno, argtypestr.c_str (), fndecl);
893	}
894	else
895	{
896	/ Handle calls through function pointers. /
897	location_t loc (gimple_location (g: stmt));
898	inform (loc, "by argument %u of type %s to %qT",
899	argno, argtypestr.c_str (), fntype);
900	}
901	}
902
903	if (DECL_P (argbase))
904	{
905	location_t loc = DECL_SOURCE_LOCATION (argbase);
906	inform (loc, "%qD declared here", argbase);
907	}
908	}
909
910	wlims.always_executed = save_always_executed;
911	}
912
913	/ Warn about an uninitialized PHI argument on the fallthru path to*
914	an always executed block BB. /*
915
916	static void
917	warn_uninit_phi_uses (basic_block bb)
918	{
919	edge_iterator ei;
920	edge e, found = NULL, found_back = NULL;
921	/ Look for a fallthru and possibly a single backedge. /
922	FOR_EACH_EDGE (e, ei, bb->preds)
923	{
924	/ Ignore backedges. /
925	if (dominated_by_p (CDI_DOMINATORS, e->src, bb))
926	{
927	if (found_back)
928	{
929	found = NULL;
930	break;
931	}
932	found_back = e;
933	continue;
934	}
935	if (found)
936	{
937	found = NULL;
938	break;
939	}
940	found = e;
941	}
942	if (!found)
943	return;
944
945	basic_block succ = single_succ (ENTRY_BLOCK_PTR_FOR_FN (cfun));
946	for (gphi_iterator si = gsi_start_phis (bb); !gsi_end_p (i: si);
947	gsi_next (i: &si))
948	{
949	gphi *phi = si.phi ();
950	tree def = PHI_ARG_DEF_FROM_EDGE (phi, found);
951	if (TREE_CODE (def) != SSA_NAME
952	\|\| !SSA_NAME_IS_DEFAULT_DEF (def)
953	\|\| virtual_operand_p (op: def))
954	continue;
955	/ If there's a default def on the fallthru edge PHI*
956	value and there's a use that post-dominates entry
957	then that use is uninitialized and we can warn. /*
958	imm_use_iterator iter;
959	use_operand_p use_p;
960	gimple *use_stmt = NULL;
961	FOR_EACH_IMM_USE_FAST (use_p, iter, gimple_phi_result (phi))
962	{
963	use_stmt = USE_STMT (use_p);
964	if (gimple_location (g: use_stmt) != UNKNOWN_LOCATION
965	&& dominated_by_p (CDI_POST_DOMINATORS, succ,
966	gimple_bb (g: use_stmt))
967	/ If we found a non-fallthru edge make sure the*
968	use is inside the loop, otherwise the backedge
969	can serve as initialization. /*
970	&& (!found_back
971	\|\| dominated_by_p (CDI_DOMINATORS, found_back->src,
972	gimple_bb (g: use_stmt))))
973	break;
974	use_stmt = NULL;
975	}
976	if (use_stmt)
977	warn_uninit (opt: OPT_Wuninitialized, t: def,
978	SSA_NAME_VAR (def), context: use_stmt);
979	}
980	}
981
982	/ Issue warnings about reads of uninitialized variables. WMAYBE_UNINIT*
983	is true to issue -Wmaybe-uninitialized, otherwise -Wuninitialized. /*
984
985	static void
986	warn_uninitialized_vars (bool wmaybe_uninit)
987	{
988	/ Counters and limits controlling the depth of the warning. /
989	wlimits wlims = { };
990	wlims.wmaybe_uninit = wmaybe_uninit;
991
992	auto_bb_flag ft_reachable (cfun);
993
994	/ Mark blocks that are always executed when we ignore provably*
995	not executed and EH and abnormal edges. /*
996	basic_block bb = single_succ (ENTRY_BLOCK_PTR_FOR_FN (cfun));
997	while (!(bb->flags & ft_reachable))
998	{
999	bb->flags \|= ft_reachable;
1000	edge e = find_fallthru_edge (edges: bb->succs);
1001	if (e && e->flags & EDGE_EXECUTABLE)
1002	{
1003	bb = e->dest;
1004	continue;
1005	}
1006	/ Find a single executable edge. /
1007	edge_iterator ei;
1008	edge ee = NULL;
1009	FOR_EACH_EDGE (e, ei, bb->succs)
1010	if (e->flags & EDGE_EXECUTABLE)
1011	{
1012	if (!ee)
1013	ee = e;
1014	else
1015	{
1016	ee = NULL;
1017	break;
1018	}
1019	}
1020	if (ee)
1021	bb = ee->dest;
1022	else
1023	bb = get_immediate_dominator (CDI_POST_DOMINATORS, bb);
1024	if (!bb \|\| bb->index == EXIT_BLOCK)
1025	break;
1026	}
1027
1028	FOR_EACH_BB_FN (bb, cfun)
1029	{
1030	wlims.always_executed = (bb->flags & ft_reachable);
1031	bb->flags &= ~ft_reachable;
1032
1033	edge_iterator ei;
1034	edge e;
1035	FOR_EACH_EDGE (e, ei, bb->preds)
1036	if (e->flags & EDGE_EXECUTABLE)
1037	break;
1038	/ Skip unreachable blocks. For early analysis we use VN to*
1039	determine edge executability when wmaybe_uninit. /*
1040	if (!e)
1041	continue;
1042
1043	if (wlims.always_executed)
1044	warn_uninit_phi_uses (bb);
1045
1046	gimple_stmt_iterator gsi;
1047	for (gsi = gsi_start_bb (bb); !gsi_end_p (i: gsi); gsi_next (i: &gsi))
1048	{
1049	gimple *stmt = gsi_stmt (i: gsi);
1050
1051	/ The call is an artificial use, will not provide meaningful*
1052	error message. If the result of the call is used somewhere
1053	else, we warn there instead. /*
1054	if (gimple_call_internal_p (gs: stmt, fn: IFN_DEFERRED_INIT))
1055	continue;
1056
1057	if (is_gimple_debug (gs: stmt))
1058	continue;
1059
1060	/ We only do data flow with SSA_NAMEs, so that's all we*
1061	can warn about. /*
1062	use_operand_p use_p;
1063	ssa_op_iter op_iter;
1064	FOR_EACH_SSA_USE_OPERAND (use_p, stmt, op_iter, SSA_OP_USE)
1065	{
1066	/ BIT_INSERT_EXPR first operand should not be considered*
1067	a use for the purpose of uninit warnings. /*
1068	if (gassign ass = dyn_cast <gassign > (p: stmt))
1069	{
1070	if (gimple_assign_rhs_code (gs: ass) == BIT_INSERT_EXPR
1071	&& use_p->use == gimple_assign_rhs1_ptr (gs: ass))
1072	continue;
1073	}
1074	tree use = USE_FROM_PTR (use_p);
1075	if (wlims.always_executed)
1076	warn_uninit (opt: OPT_Wuninitialized, t: use,
1077	SSA_NAME_VAR (use), context: stmt);
1078	else if (wlims.wmaybe_uninit)
1079	warn_uninit (opt: OPT_Wmaybe_uninitialized, t: use,
1080	SSA_NAME_VAR (use), context: stmt);
1081	}
1082
1083	/ For limiting the alias walk below we count all*
1084	vdefs in the function. /*
1085	if (gimple_vdef (g: stmt))
1086	wlims.vdef_cnt++;
1087
1088	if (gcall call = dyn_cast <gcall > (p: stmt))
1089	maybe_warn_pass_by_reference (stmt: call, wlims);
1090	else if (gimple_assign_load_p (stmt)
1091	&& gimple_has_location (g: stmt))
1092	{
1093	tree rhs = gimple_assign_rhs1 (gs: stmt);
1094	tree lhs = gimple_assign_lhs (gs: stmt);
1095
1096	ao_ref ref;
1097	ao_ref_init (&ref, rhs);
1098	tree var = maybe_warn_operand (ref, stmt, lhs, rhs, wlims);
1099	if (!var)
1100	continue;
1101
1102	if (DECL_P (var))
1103	{
1104	location_t loc = DECL_SOURCE_LOCATION (var);
1105	inform (loc, "%qD declared here", var);
1106	}
1107	}
1108	}
1109	}
1110	}
1111
1112	/ Checks if the operand OPND of PHI is defined by*
1113	another phi with one operand defined by this PHI,
1114	but the rest operands are all defined. If yes,
1115	returns true to skip this operand as being
1116	redundant. Can be enhanced to be more general. /*
1117
1118	static bool
1119	can_skip_redundant_opnd (tree opnd, gimple *phi)
1120	{
1121	tree phi_def = gimple_phi_result (gs: phi);
1122	gimple *op_def = SSA_NAME_DEF_STMT (opnd);
1123	if (gimple_code (g: op_def) != GIMPLE_PHI)
1124	return false;
1125
1126	unsigned n = gimple_phi_num_args (gs: op_def);
1127	for (unsigned i = `0`; i < n; ++i)
1128	{
1129	tree op = gimple_phi_arg_def (gs: op_def, index: i);
1130	if (TREE_CODE (op) != SSA_NAME)
1131	continue;
1132	if (op != phi_def && uninit_undefined_value_p (t: op))
1133	return false;
1134	}
1135
1136	return true;
1137	}
1138
1139	/ Return a bitset holding the positions of arguments in PHI with empty*
1140	(or possibly empty) definitions. /*
1141
1142	static unsigned
1143	compute_uninit_opnds_pos (gphi *phi)
1144	{
1145	unsigned uninit_opnds = `0`;
1146
1147	unsigned n = gimple_phi_num_args (gs: phi);
1148	/ Bail out for phi with too many args. /
1149	if (n > uninit_analysis::func_t::max_phi_args)
1150	return `0`;
1151
1152	for (unsigned i = `0`; i < n; ++i)
1153	{
1154	tree op = gimple_phi_arg_def (gs: phi, index: i);
1155	if (TREE_CODE (op) == SSA_NAME
1156	&& uninit_undefined_value_p (t: op)
1157	&& !can_skip_redundant_opnd (opnd: op, phi))
1158	{
1159	if (cfun->has_nonlocal_label \|\| cfun->calls_setjmp)
1160	{
1161	/ Ignore SSA_NAMEs that appear on abnormal edges*
1162	somewhere. /*
1163	if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (op))
1164	continue;
1165	}
1166	MASK_SET_BIT (uninit_opnds, i);
1167	}
1168	}
1169	/ If we have recorded guarded uses of may-uninit values mask those. /
1170	if (auto *def_mask = defined_args->get (k: phi))
1171	uninit_opnds &= ~*def_mask;
1172	return uninit_opnds;
1173	}
1174
1175	/ Function object type used to determine whether an expression*
1176	is of interest to the predicate analyzer. /*
1177
1178	struct uninit_undef_val_t: public uninit_analysis::func_t
1179	{
1180	virtual unsigned phi_arg_set (gphi *) override;
1181	};
1182
1183	/ Return a bitset of PHI arguments of interest. /
1184
1185	unsigned
1186	uninit_undef_val_t::phi_arg_set (gphi *phi)
1187	{
1188	return compute_uninit_opnds_pos (phi);
1189	}
1190
1191	/ sort helper for find_uninit_use. /
1192
1193	static int
1194	cand_cmp (const void a, const* void b, void* *data)
1195	{
1196	int bb_to_rpo = (int* *)data;
1197	const gimple sa = (const gimple * const *)a;
1198	const gimple sb = (const gimple * const *)b;
1199	if (bb_to_rpo[gimple_bb (g: sa)->index] < bb_to_rpo[gimple_bb (g: sb)->index])
1200	return -`1`;
1201	else if (bb_to_rpo[gimple_bb (g: sa)->index] > bb_to_rpo[gimple_bb (g: sb)->index])
1202	return `1`;
1203	return `0`;
1204	}
1205
1206	/ Searches through all uses of a potentially*
1207	uninitialized variable defined by PHI and returns a use
1208	statement if the use is not properly guarded. It returns
1209	NULL if all uses are guarded. UNINIT_OPNDS is a bitvector
1210	holding the position(s) of uninit PHI operands. /*
1211
1212	static gimple *
1213	find_uninit_use (gphi phi, unsigned* uninit_opnds, int *bb_to_rpo)
1214	{
1215	/ The Boolean predicate guarding the PHI definition. Initialized*
1216	lazily from PHI in the first call to is_use_guarded() and cached
1217	for subsequent iterations. /*
1218	uninit_undef_val_t eval;
1219	uninit_analysis def_preds (eval);
1220
1221	/ First process PHIs and record other candidates. /
1222	auto_vec<gimple *, `64`> cands;
1223	use_operand_p use_p;
1224	imm_use_iterator iter;
1225	tree phi_result = gimple_phi_result (gs: phi);
1226	FOR_EACH_IMM_USE_FAST (use_p, iter, phi_result)
1227	{
1228	gimple *use_stmt = USE_STMT (use_p);
1229	if (is_gimple_debug (gs: use_stmt))
1230	continue;
1231
1232	if (gphi use_phi = dyn_cast<gphi > (p: use_stmt))
1233	{
1234	unsigned idx = PHI_ARG_INDEX_FROM_USE (use_p);
1235	edge e = gimple_phi_arg_edge (phi: use_phi, i: idx);
1236	/ Do not look for uses in the next iteration of a loop, predicate*
1237	analysis will not use the appropriate predicates to prove
1238	reachability. /*
1239	if (e->flags & EDGE_DFS_BACK)
1240	continue;
1241
1242	basic_block use_bb = e->src;
1243	if (def_preds.is_use_guarded (use_stmt, use_bb, phi, uninit_opnds))
1244	{
1245	/ For a guarded use in a PHI record the PHI argument as*
1246	initialized. /*
1247	if (idx < uninit_analysis::func_t::max_phi_args)
1248	{
1249	bool existed_p;
1250	auto &def_mask
1251	= defined_args->get_or_insert (k: use_phi, existed: &existed_p);
1252	if (!existed_p)
1253	def_mask = `0`;
1254	MASK_SET_BIT (def_mask, idx);
1255	}
1256	continue;
1257	}
1258
1259	if (dump_file && (dump_flags & TDF_DETAILS))
1260	{
1261	fprintf (stream: dump_file, format: "Found unguarded use on edge %u -> %u: ",
1262	e->src->index, e->dest->index);
1263	print_gimple_stmt (dump_file, use_stmt, `0`);
1264	}
1265	/ Found a phi use that is not guarded, mark the phi_result as*
1266	possibly undefined. /*
1267	possibly_undefined_names->add (k: phi_result);
1268	}
1269	else
1270	cands.safe_push (obj: use_stmt);
1271	}
1272
1273	/ Sort candidates after RPO. /
1274	cands.stablesort (cmp: cand_cmp, data: bb_to_rpo);
1275	basic_block use_bb = NULL;
1276	for (gimple *use_stmt : cands)
1277	{
1278	/ We only have to try diagnosing the first use in each block. /
1279	if (gimple_bb (g: use_stmt) == use_bb)
1280	continue;
1281
1282	use_bb = gimple_bb (g: use_stmt);
1283	if (def_preds.is_use_guarded (use_stmt, use_bb, phi, uninit_opnds))
1284	continue;
1285
1286	if (dump_file && (dump_flags & TDF_DETAILS))
1287	{
1288	fprintf (stream: dump_file, format: "Found unguarded use in bb %u: ",
1289	use_bb->index);
1290	print_gimple_stmt (dump_file, use_stmt, `0`);
1291	}
1292	return use_stmt;
1293	}
1294
1295	return NULL;
1296	}
1297
1298	/ Look for inputs to PHI that are SSA_NAMEs that have empty definitions*
1299	and gives warning if there exists a runtime path from the entry to a
1300	use of the PHI def that does not contain a definition. In other words,
1301	the warning is on the real use. The more dead paths that can be pruned
1302	by the compiler, the fewer false positives the warning is. /*
1303
1304	static void
1305	warn_uninitialized_phi (gphi phi, unsigned* uninit_opnds, int *bb_to_rpo)
1306	{
1307	if (dump_file && (dump_flags & TDF_DETAILS))
1308	{
1309	fprintf (stream: dump_file, format: "Examining phi: ");
1310	print_gimple_stmt (dump_file, phi, `0`);
1311	}
1312
1313	gimple *uninit_use_stmt = find_uninit_use (phi, uninit_opnds, bb_to_rpo);
1314
1315	/ All uses are properly guarded. /
1316	if (!uninit_use_stmt)
1317	return;
1318
1319	unsigned phiarg_index = MASK_FIRST_SET_BIT (uninit_opnds);
1320	tree uninit_op = gimple_phi_arg_def (gs: phi, index: phiarg_index);
1321	if (SSA_NAME_VAR (uninit_op) == NULL_TREE)
1322	return;
1323
1324	location_t loc = UNKNOWN_LOCATION;
1325	if (gimple_phi_arg_has_location (phi, i: phiarg_index))
1326	loc = gimple_phi_arg_location (phi, i: phiarg_index);
1327	else
1328	{
1329	tree arg_def = gimple_phi_arg_def (gs: phi, index: phiarg_index);
1330	if (TREE_CODE (arg_def) == SSA_NAME)
1331	{
1332	gimple *def_stmt = SSA_NAME_DEF_STMT (arg_def);
1333	if (gphi arg_phi = dyn_cast<gphi > (p: def_stmt))
1334	{
1335	unsigned uop = compute_uninit_opnds_pos (phi: arg_phi);
1336	unsigned idx = MASK_FIRST_SET_BIT (uop);
1337	if (idx < gimple_phi_num_args (gs: arg_phi)
1338	&& gimple_phi_arg_has_location (phi: arg_phi, i: idx))
1339	loc = gimple_phi_arg_location (phi: arg_phi, i: idx);
1340	}
1341	}
1342	}
1343
1344	warn_uninit (opt: OPT_Wmaybe_uninitialized, t: uninit_op,
1345	SSA_NAME_VAR (uninit_op),
1346	context: uninit_use_stmt, phi_arg_loc: loc);
1347	}
1348
1349	static bool
1350	gate_warn_uninitialized (void)
1351	{
1352	return warn_uninitialized \|\| warn_maybe_uninitialized;
1353	}
1354
1355	namespace {
1356
1357	const pass_data pass_data_late_warn_uninitialized =
1358	{
1359	.type: GIMPLE_PASS, / type /
1360	.name: "uninit", / name /
1361	.optinfo_flags: OPTGROUP_NONE, / optinfo_flags /
1362	.tv_id: TV_NONE, / tv_id /
1363	PROP_ssa, / properties_required /
1364	.properties_provided: `0`, / properties_provided /
1365	.properties_destroyed: `0`, / properties_destroyed /
1366	.todo_flags_start: `0`, / todo_flags_start /
1367	.todo_flags_finish: `0`, / todo_flags_finish /
1368	};
1369
1370	class pass_late_warn_uninitialized : public gimple_opt_pass
1371	{
1372	public:
1373	pass_late_warn_uninitialized (gcc::context *ctxt)
1374	: gimple_opt_pass (pass_data_late_warn_uninitialized, ctxt)
1375	{}
1376
1377	/ opt_pass methods: /
1378	opt_pass *clone () final override
1379	{
1380	return new pass_late_warn_uninitialized (m_ctxt);
1381	}
1382	bool gate (function ) final override { return* gate_warn_uninitialized (); }
1383	unsigned int execute (function *) final override;
1384
1385	}; // class pass_late_warn_uninitialized
1386
1387	static void
1388	execute_late_warn_uninitialized (function *fun)
1389	{
1390	calculate_dominance_info (CDI_DOMINATORS);
1391	calculate_dominance_info (CDI_POST_DOMINATORS);
1392
1393	/ Mark all edges executable, warn_uninitialized_vars will skip*
1394	unreachable blocks. /*
1395	set_all_edges_as_executable (fun);
1396	mark_dfs_back_edges (fun);
1397	int rpo = XNEWVEC (int*, n_basic_blocks_for_fn (fun));
1398	int n = pre_and_rev_post_order_compute_fn (fun, NULL, rpo, false);
1399	int bb_to_rpo = XNEWVEC (int*, last_basic_block_for_fn (fun));
1400	for (int i = `0`; i < n; ++i)
1401	bb_to_rpo[rpo[i]] = i;
1402
1403	/ Re-do the plain uninitialized variable check, as optimization may have*
1404	straightened control flow. Do this first so that we don't accidentally
1405	get a "may be" warning when we'd have seen an "is" warning later. /*
1406	warn_uninitialized_vars (/warn_maybe_uninitialized=/wmaybe_uninit: `1`);
1407
1408	timevar_push (tv: TV_TREE_UNINIT);
1409
1410	/ Avoid quadratic beahvior when looking up case labels for edges. /
1411	start_recording_case_labels ();
1412
1413	possibly_undefined_names = new hash_set<tree>;
1414	defined_args = new hash_map<gphi *, uninit_analysis::func_t::phi_arg_set_t>;
1415
1416	/ Walk the CFG in RPO order so we visit PHIs with defs that are*
1417	possibly uninitialized from other PHIs after those. The uninit
1418	predicate analysis will then expand the PHIs predicate with
1419	the predicates of the edges from such PHI defs. /*
1420	for (int i = `0`; i < n; ++i)
1421	for (auto gsi = gsi_start_phis (BASIC_BLOCK_FOR_FN (fun, rpo[i]));
1422	!gsi_end_p (i: gsi); gsi_next (i: &gsi))
1423	{
1424	gphi *phi = gsi.phi ();
1425
1426	/ Don't look at virtual operands. /
1427	if (virtual_operand_p (op: gimple_phi_result (gs: phi)))
1428	continue;
1429
1430	unsigned uninit_opnds = compute_uninit_opnds_pos (phi);
1431	if (MASK_EMPTY (uninit_opnds))
1432	continue;
1433
1434	warn_uninitialized_phi (phi, uninit_opnds, bb_to_rpo);
1435	}
1436
1437	free (ptr: rpo);
1438	free (ptr: bb_to_rpo);
1439	delete possibly_undefined_names;
1440	possibly_undefined_names = NULL;
1441	delete defined_args;
1442	defined_args = NULL;
1443	end_recording_case_labels ();
1444	free_dominance_info (CDI_POST_DOMINATORS);
1445	timevar_pop (tv: TV_TREE_UNINIT);
1446	}
1447
1448	unsigned int
1449	pass_late_warn_uninitialized::execute (function *fun)
1450	{
1451	execute_late_warn_uninitialized (fun);
1452	return `0`;
1453	}
1454
1455	} // anon namespace
1456
1457	gimple_opt_pass *
1458	make_pass_late_warn_uninitialized (gcc::context *ctxt)
1459	{
1460	return new pass_late_warn_uninitialized (ctxt);
1461	}
1462
1463	static unsigned int
1464	execute_early_warn_uninitialized (struct function *fun)
1465	{
1466	/ Currently, this pass runs always but*
1467	execute_late_warn_uninitialized only runs with optimization. With
1468	optimization we want to warn about possible uninitialized as late
1469	as possible, thus don't do it here. However, without
1470	optimization we need to warn here about "may be uninitialized". /*
1471	calculate_dominance_info (CDI_DOMINATORS);
1472	calculate_dominance_info (CDI_POST_DOMINATORS);
1473
1474	/ Use VN in its cheapest incarnation and without doing any*
1475	elimination to compute edge reachability. Don't bother when
1476	we only warn for unconditionally executed code though. /*
1477	if (!optimize)
1478	do_rpo_vn (fun, NULL, NULL, false, false, VN_NOWALK);
1479	else
1480	set_all_edges_as_executable (fun);
1481
1482	warn_uninitialized_vars (/warn_maybe_uninitialized=/wmaybe_uninit: !optimize);
1483
1484	/ Post-dominator information cannot be reliably updated. Free it*
1485	after the use. /*
1486
1487	free_dominance_info (CDI_POST_DOMINATORS);
1488	return `0`;
1489	}
1490
1491	namespace {
1492
1493	const pass_data pass_data_early_warn_uninitialized =
1494	{
1495	.type: GIMPLE_PASS, / type /
1496	.name: "early_uninit", / name /
1497	.optinfo_flags: OPTGROUP_NONE, / optinfo_flags /
1498	.tv_id: TV_TREE_UNINIT, / tv_id /
1499	PROP_ssa, / properties_required /
1500	.properties_provided: `0`, / properties_provided /
1501	.properties_destroyed: `0`, / properties_destroyed /
1502	.todo_flags_start: `0`, / todo_flags_start /
1503	.todo_flags_finish: `0`, / todo_flags_finish /
1504	};
1505
1506	class pass_early_warn_uninitialized : public gimple_opt_pass
1507	{
1508	public:
1509	pass_early_warn_uninitialized (gcc::context *ctxt)
1510	: gimple_opt_pass (pass_data_early_warn_uninitialized, ctxt)
1511	{}
1512
1513	/ opt_pass methods: /
1514	bool gate (function ) final override { return* gate_warn_uninitialized (); }
1515	unsigned int execute (function *fun) final override
1516	{
1517	return execute_early_warn_uninitialized (fun);
1518	}
1519
1520	}; // class pass_early_warn_uninitialized
1521
1522	} // anon namespace
1523
1524	gimple_opt_pass *
1525	make_pass_early_warn_uninitialized (gcc::context *ctxt)
1526	{
1527	return new pass_early_warn_uninitialized (ctxt);
1528	}
1529

source code of gcc/tree-ssa-uninit.cc