-Cllvm-args=-fanalyzer reports uses of uninitialized values #781
Description
#[unsafe(no_mangle)] fn main() { let _ = Box::new(42); }and then compile with -Cllvm-args=-fanalyzer results in
libgccjit.so: warning: : use of uninitialized value 'undefined' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 1 │ │ (1): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 2 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:78:17: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 3 │ │libgccjit.so: │ (3): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 4 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:138:18: │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 5 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:75:14: │ <──────┘ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 6 │ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 7 │ │libgccjit.so: │ (7): use of uninitialized value 'undefined' here │ libgccjit.so: warning: : use of uninitialized value 'undefined' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] '_ZN5alloc5alloc15exchange_malloc17h3ccaf01f6c22a3acE': event 1 │ │libgccjit.so: │ (1): entry to '_ZN5alloc5alloc15exchange_malloc17h3ccaf01f6c22a3acE' │ '_ZN5alloc5alloc15exchange_malloc17h3ccaf01f6c22a3acE': event 2 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/alloc/src/alloc.rs:351:27: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 3 │ │libgccjit.so: │ (3): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 4 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:78:17: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 5 │ │libgccjit.so: │ (5): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 6 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:138:18: │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 7 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:75:14: │ <──────┘ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 8 │ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 9 │ │libgccjit.so: │ (9): use of uninitialized value 'undefined' here │ libgccjit.so: warning: : use of uninitialized value 'undefined' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 'main': event 1 │ │libgccjit.so: │ (1): entry to 'main' │ 'main': event 2 │ │<source>:3:13: │ 3 | let _ = Box::new(42); │ | ^ │ | | │ | (2) inlined call to '_ZN5alloc5boxed12Box$LT$T$GT$3new17h4d326128f3fc6045E' from 'main' │ └──> '_ZN5alloc5boxed12Box$LT$T$GT$3new17h4d326128f3fc6045E': event 3 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/alloc/src/boxed.rs:261:16: │ '_ZN5alloc5alloc15exchange_malloc17h3ccaf01f6c22a3acE': event 4 │ │libgccjit.so: │ (4): entry to '_ZN5alloc5alloc15exchange_malloc17h3ccaf01f6c22a3acE' │ '_ZN5alloc5alloc15exchange_malloc17h3ccaf01f6c22a3acE': event 5 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/alloc/src/alloc.rs:351:27: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 6 │ │libgccjit.so: │ (6): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 7 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:78:17: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 8 │ │libgccjit.so: │ (8): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 9 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:138:18: │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 10 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:75:14: │ <──────┘ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 11 │ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 12 │ │libgccjit.so: │ (12): use of uninitialized value 'undefined' here │ libgccjit.so: warning: : use of uninitialized value 'undefined' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] '_ZN5alloc5alloc6Global10alloc_impl17h0be00c1c456dfa5cE': events 1-2 /root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/alloc/src/alloc.rs:186:9: '_ZN5alloc5alloc6Global10alloc_impl17h0be00c1c456dfa5cE': event 3 libgccjit.so: (3): use of uninitialized value 'undefined' here libgccjit.so: warning: : use of uninitialized value 'undefined' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] '_ZN63_$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$8allocate17h69f42b4c603da6acE': event 1 │ │libgccjit.so: │ (1): entry to '_ZN63_$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$8allocate17h69f42b4c603da6acE' │ '_ZN63_$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$8allocate17h69f42b4c603da6acE': event 2 │ │ └──> '_ZN5alloc5alloc6Global10alloc_impl17h0be00c1c456dfa5cE': event 3 │ │libgccjit.so: │ (3): entry to '_ZN5alloc5alloc6Global10alloc_impl17h0be00c1c456dfa5cE' │ '_ZN5alloc5alloc6Global10alloc_impl17h0be00c1c456dfa5cE': events 4-5 │ │ '_ZN5alloc5alloc6Global10alloc_impl17h0be00c1c456dfa5cE': event 6 │ │libgccjit.so: │ (6): use of uninitialized value 'undefined' here │ libgccjit.so: warning: : use of uninitialized value 'undefined' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E': event 1 │ │libgccjit.so: │ (1): entry to '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E' │ '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E': event 2 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:224:18: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 3 │ │libgccjit.so: │ (3): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 4 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:78:17: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 5 │ │libgccjit.so: │ (5): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 6 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:138:18: │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 7 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:75:14: │ <──────┘ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 8 │ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 9 │ │libgccjit.so: │ (9): use of uninitialized value 'undefined' here │ libgccjit.so: warning: : use of uninitialized value 'undefined' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] '_ZN72_$LT$alloc..boxed..Box$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$4drop17h7863c2941af28a7cE': event 1 │ │libgccjit.so: │ (1): entry to '_ZN72_$LT$alloc..boxed..Box$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$4drop17h7863c2941af28a7cE' │ '_ZN72_$LT$alloc..boxed..Box$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$4drop17h7863c2941af28a7cE': event 2 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/alloc/src/boxed.rs:1652:26: │ └──> '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E': event 3 │ │libgccjit.so: │ (3): entry to '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E' │ '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E': event 4 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:224:18: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 5 │ │libgccjit.so: │ (5): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 6 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:78:17: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 7 │ │libgccjit.so: │ (7): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 8 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:138:18: │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 9 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:75:14: │ <──────┘ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 10 │ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 11 │ │libgccjit.so: │ (11): use of uninitialized value 'undefined' here │ libgccjit.so: warning: : use of uninitialized value 'undefined' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] '_ZN4core3ptr49drop_in_place$LT$alloc..boxed..Box$LT$i32$GT$$GT$17h2d9920e239d4edd1E': event 1 │ │libgccjit.so: │ (1): entry to '_ZN4core3ptr49drop_in_place$LT$alloc..boxed..Box$LT$i32$GT$$GT$17h2d9920e239d4edd1E' │ '_ZN4core3ptr49drop_in_place$LT$alloc..boxed..Box$LT$i32$GT$$GT$17h2d9920e239d4edd1E': event 2 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ptr/mod.rs:804:1: │ └──> '_ZN72_$LT$alloc..boxed..Box$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$4drop17h7863c2941af28a7cE': event 3 │ │libgccjit.so: │ (3): entry to '_ZN72_$LT$alloc..boxed..Box$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$4drop17h7863c2941af28a7cE' │ '_ZN72_$LT$alloc..boxed..Box$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$4drop17h7863c2941af28a7cE': event 4 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/alloc/src/boxed.rs:1652:26: │ └──> '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E': event 5 │ │libgccjit.so: │ (5): entry to '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E' │ '_ZN4core5alloc6layout6Layout13for_value_raw17hfb84ae9010274903E': event 6 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:224:18: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 7 │ │libgccjit.so: │ (7): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 8 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:78:17: │ └──> '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 9 │ │libgccjit.so: │ (9): entry to '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E' │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 10 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/alloc/layout.rs:138:18: │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked18precondition_check17h7567f7e907a542e2E': event 11 │ │/root/build-rustc-cg-gcc/rustc_codegen_gcc/build/build_sysroot/sysroot_src/library/core/src/ub_checks.rs:75:14: │ <──────┘ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 12 │ │ '_ZN4core5alloc6layout6Layout25from_size_align_unchecked17h70ce6625d1a2bfa4E': event 13 │ │libgccjit.so: │ (13): use of uninitialized value 'undefined' here │ simple true UB things like
#[unsafe(no_mangle)] fn main() { unsafe { *core::ptr::null_mut() = 42; } }are correctly reported with -Cllvm-args=-fanalyzer -O though, so -fanalyzer is not completely broken:
libgccjit.so: <source>:3:14: warning: : dereference of NULL '0B' [CWE-476] [-Wanalyzer-null-dereference] 'main': event 1 <source>:3:14: 3 | unsafe { *core::ptr::null_mut() = 42; } | ^ | | | (1) ⚠️ dereference of NULL '0B' but something like
#[unsafe(no_mangle)] fn main() { let x = 42; let bad_box = unsafe { std::mem::transmute::<&i32, Box<i32>>(&x) }; drop(bad_box); }doesn't get any errors with -Cllvm-args=-fanalyzer -O (likely because __rust_dealloc is not recognized as free function by GCC, while without -O it produces the same warnings about uninitialized values.