<html>
    <head>
      <base href="https://llvm.org/bugs/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW " title="NEW --- - msan false negative on a trivial uninitialized read" href="https://urldefense.proofpoint.com/v2/url?u=https-3A__llvm.org_bugs_show-5Fbug.cgi-3Fid-3D23786&d=AwMBaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=pF93YEPyB-J_PERP4DUZOJDzFVX5ZQ57vQk33wu0vio&m=DHqUYRnj1VAf9erUnRVb4DpKUu8rcDDEvD1tOk3q-xY&s=6FlKucN-5zFjkkJEdFtvQmtNuN_6-vMGdnIgTMd_mYw&e=">23786</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>msan false negative on a trivial uninitialized read
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>compiler-rt
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>3.6
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>compiler-rt
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>msebor@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvmbugs@cs.uiuc.edu
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Memory sanitizer doesn't report the uninitialized read in the call to printf in
the program below.  It does, however, report the uninitialized read of the same
object in the return statement when it's executed.  Similar false negatives can
be reproduced with similarly simple programs, including the one below the test
case.

$ cat t.c && /build/llvm-trunk/bin/clang -fsanitize=memory -O0 t.c && ./a.out
&& echo SUCCESS && ./a.out 1
#include <stdio.h>

void __attribute__ ((weak)) foo (int *p) { *p = *p + 1; }

int main (int argc, char *argv[]) {
    int a;
    int *p = &a;

    foo (p);

    printf ("%i\n", *p);

    if (1 < argc) return *p;
}
32756
SUCCESS
32697
==32134==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7fb8d6ce0946  (/build/msan/a.out+0x88945)
    #1 0x7fb8d5b4ffe0  (/lib64/libc.so.6+0x1ffdf)
    #2 0x7fb8d6c7135f  (/build/msan/a.out+0x1935e)

SUMMARY: MemorySanitizer: use-of-uninitialized-value
(/build/msan/a.out+0x88945) 
Exiting



Another program for which the sanitizer does't issue a diagnostic:

#include <stdlib.h>

void __attribute__ ((weak)) bar (int n) { exit (n | 1); }

int main (int argc, char *argv[]) {
    int a;

    bar (a);
}</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>