analyzer: Thinks result of `__builtin_mul_overflow` can be uninitialized

[Zentrik]

#include <stddef.h>

int test(size_t nel, size_t elsz) {
  size_t nbytes;
  int overflow = __builtin_mul_overflow(nel, elsz, &nbytes);
  int overflow2 = __builtin_add_overflow(nel, nbytes, &nbytes);
  return overflow * overflow2;
}

> clang++ --analyze -Xclang -analyzer-output=text -std=c++20
clang++: warning: argument unused during compilation: '-S' [-Wunused-command-line-argument]
<source>:6:19: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
    6 |   int overflow2 = __builtin_add_overflow(nel, nbytes, &nbytes);
      |                   ^                           ~~~~~~
<source>:4:3: note: 'nbytes' declared without an initial value
    4 |   size_t nbytes;
      |   ^~~~~~~~~~~~~
<source>:5:18: note: Assuming overflow
    5 |   int overflow = __builtin_mul_overflow(nel, elsz, &nbytes);
      |                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:6:19: note: 2nd function call argument is an uninitialized value
    6 |   int overflow2 = __builtin_add_overflow(nel, nbytes, &nbytes);
      |                   ^                           ~~~~~~
1 warning generated.
Compiler returned: 0

Godbolt: https://godbolt.org/z/4q4Efcax8

[Zentrik]

Actually looks like this is intended,

llvm-project/clang/test/Analysis/builtin_overflow_notes.c

Line 26 in c5d5972

int var = res; // expected-warning{{Assigned value is uninitialized}}

. Maybe the warning is correct then?

[llvmbot]

@llvm/issue-subscribers-clang-static-analyzer

Author: None (Zentrik)

```c++ #include <stddef.h>

int test(size_t nel, size_t elsz) {
size_t nbytes;
int overflow = __builtin_mul_overflow(nel, elsz, &nbytes);
int overflow2 = __builtin_add_overflow(nel, nbytes, &nbytes);
return overflow * overflow2;
}

> clang++ --analyze -Xclang -analyzer-output=text -std=c++20
clang++: warning: argument unused during compilation: '-S' [-Wunused-command-line-argument]
<source>:6:19: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
6 | int overflow2 = __builtin_add_overflow(nel, nbytes, &nbytes);
| ^ ~~~~~~
<source>:4:3: note: 'nbytes' declared without an initial value
4 | size_t nbytes;
| ^~~~~~~~~~~~~
<source>:5:18: note: Assuming overflow
5 | int overflow = __builtin_mul_overflow(nel, elsz, &nbytes);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<source>:6:19: note: 2nd function call argument is an uninitialized value
6 | int overflow2 = __builtin_add_overflow(nel, nbytes, &nbytes);
| ^ ~~~~~~
1 warning generated.
Compiler returned: 0

Godbolt: https://godbolt.org/z/4q4Efcax8
</details>

[frederick-vs-ja]

See #102602.

[efriedma-quic]

Even if it's "intentional" from the original author, it's not actually right... the result is in fact intialized, and there isn't any good reason to report it as uninitialized. CC @pskrgag @NagyDonat @steakhal

[pskrgag]

Reading through docs [1], result will be indeed initialized even in case of overflow.

Thanks for the report, will prepare patch in couple of days

[1] https://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins

[steakhal]

Even if it's "intentional" from the original author, it's not actually right... the result is in fact intialized, and there isn't any good reason to report it as uninitialized. CC @pskrgag @NagyDonat @steakhal

Thanks for the report. Sometimes we all make mistakes. We will look into this once we have some free time.