search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

ioctl() leads to false warning #6485

Open Quuxplusone opened 14 years ago

Quuxplusone commented 14 years ago
Bugzilla Link PR6011
Status CONFIRMED
Importance P normal
Reported by Pierre-Francois HUGUES (pfhugues@freebox.fr)
Reported on 2010-01-12 09:47:14 -0800
Last modified on 2010-02-22 12:48:15 -0800
Version trunk
Hardware PC Linux
CC kremenek@apple.com, llvm-bugs@lists.llvm.org
Fixed by commit(s)
Attachments ioctl_bug.c (1055 bytes, text/x-csrc)
bug.i (70747 bytes, application/octet-stream)
Blocks
Blocked by
See also 
Created attachment 4038
testcase to reproduce bug

Hi,

The attached testcase code tested with clang leads to this warning:

bug.c:53:2: warning: Assigned value is garbage or undefined
        *stream = req.field_id;
        ^         ~~~~~~~~~~~~

The field_id of foobar_ioctl is filled by kernel code during the ioctl call.

Command line used for the test :

$ clang -cc1 -fsyntax-only -fcolor-diagnostics -analyze -analyzer-eagerly-
assume -analyzer-opt-analyze-nested-blocks -warn-objc-unused-ivars -warn-
security-syntactic -warn-objc-methodsigs -checker-cfref -warn-dead-stores -
analyzer-opt-analyze-headers -analyzer-store=region -analyzer-constraints=range
-o /tmp/ bug.c

Bug reproduced with revision 93238 of the svn.
Quuxplusone commented 14 years ago

Attached ioctl_bug.c (1055 bytes, text/x-csrc): testcase to reproduce bug

Quuxplusone commented 14 years ago

This is a static analyzer warning. Move to that component.

Quuxplusone commented 14 years ago

Can you attached a preprocessed version of this file? I am not using Linux.

Quuxplusone commented 14 years ago 
(In reply to comment #2)
> Can you attached a preprocessed version of this file?  I am not using Linux.
>

Just a gcc -E output or something else?

Sorry for the wrong chosen component...
Quuxplusone commented 14 years ago 
(In reply to comment #3)
> (In reply to comment #2)
> > Can you attached a preprocessed version of this file?  I am not using Linux.
> >
>
> Just a gcc -E output or something else?

Yes, but use Clang instead of GCC.

$ clang -E bug.c -o bug.i

>
> Sorry for the wrong chosen component...

No problem at all!

Also, can you include the output of:

$ clang -c bug.c -###

This should be a bunch of command line flags, which should include architecture
specific flags that will help me reproduce your problem correctly on my machine.
Quuxplusone commented 14 years ago

Attached bug.i (70747 bytes, application/octet-stream): Preprocessed version of bug.c

Quuxplusone commented 14 years ago 
(In reply to comment #4)
> (In reply to comment #3)
> > (In reply to comment #2)
> > > Can you attached a preprocessed version of this file?  I am not using
Linux.
> > >
> >
> > Just a gcc -E output or something else?
>
> Yes, but use Clang instead of GCC.
>
> $ clang -E bug.c -o bug.i

Of course Clang :)

Output sent as attached file.

> Also, can you include the output of:
>
> $ clang -c bug.c -###
>
> This should be a bunch of command line flags, which should include
architecture
> specific flags that will help me reproduce your problem correctly on my
> machine.
>

clang version 1.1 (trunk 93238)
Target: x86_64-unknown-linux-gnu
Thread model: posix
 "/usr/local/bin/clang" "-cc1" "-triple" "x86_64-unknown-linux-gnu" "-S" "-disable-free" "-main-file-name" "bug.c" "-mrelocation-model" "static" "-mdisable-fp-elim" "-munwind-tables" "-target-cpu" "x86-64" "-resource-dir" "/usr/local/lib/clang/1.1" "-fmessage-length" "188" "-fgnu-runtime" "-fdiagnostics-show-option" "-fcolor-diagnostics" "-o" "/tmp/cc-2FWh0l.s" "-x" "c" "bug.c"
 "/usr/bin/gcc" "-c" "-m64" "-o" "bug.o" "-x" "assembler" "/tmp/cc-2FWh0l.s"