build: warn on potentially uninitialized reads

vasild · PiRK · commit 9c7bed4ea4b8 · 2021-04-08T10:29:36.000+02:00
Summary: > Enable -Wconditional-uninitialized to warn on potentially uninitialized reads. > > Fix the sole such warning in Bitcoin Core in GetRdRand(): r1 would be > set to 0 on rdrand failure, so initializing it to 0 is a non-functional > change. > > From "Intel 64 and IA-32 ArchitecturesSoftware Developer's Manual" [1], > page 1711: "CF=1 indicates that the data in the destination is valid. > Otherwise CF=0 and the data in the destination operand will be returned > as zeros for the specified width." > > [1] https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf This is a backport of Core [[bitcoin/bitcoin#18843 | PR18843]] Test Plan: ``` cmake .. -GNinja \ -DCMAKE_C_COMPILER=clang \ -DCMAKE_CXX_COMPILER=clang++ \ -DENABLE_CLANG_TIDY=ON \ -DCMAKE_C_FLAGS="-Werror" ninja all check-all ``` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D9110
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -228,6 +228,7 @@ add_compiler_flags(
 	-Wredundant-decls
 	-Wunreachable-code-loop-increment
 	-Wsign-compare
+	-Wconditional-uninitialized
 )
 add_compiler_flag_group(-Wformat -Wformat-security)
 add_cxx_compiler_flags(
diff --git a/src/leveldb/CMakeLists.txt b/src/leveldb/CMakeLists.txt
@@ -16,6 +16,7 @@ add_compiler_flags(
 	-Wno-shadow
 	-Wno-sign-compare
 	-Wno-unused-const-variable
+	-Wno-conditional-uninitialized
 )
 add_c_compiler_flags(-Wno-strict-prototypes)
 
diff --git a/src/random.cpp b/src/random.cpp
@@ -119,7 +119,10 @@ static uint64_t GetRdRand() noexcept {
     // this risk.
 #ifdef __i386__
     uint8_t ok;
-    uint32_t r1, r2;
+    // Initialize to 0 to silence a compiler warning that r1 or r2 may be used
+    // uninitialized. Even if rdrand fails (!ok) it will set the output to 0,
+    // but there is no way that the compiler could know that.
+    uint32_t r1 = 0, r2 = 0;
     for (int i = 0; i < 10; ++i) {
         // rdrand %eax
         __asm__ volatile(".byte 0x0f, 0xc7, 0xf0; setc %1"
@@ -139,7 +142,7 @@ static uint64_t GetRdRand() noexcept {
     return (uint64_t(r2) << 32) | r1;
 #elif defined(__x86_64__) || defined(__amd64__)
     uint8_t ok;
-    uint64_t r1;
+    uint64_t r1 = 0; // See above why we initialize to 0.
     for (int i = 0; i < 10; ++i) {
         // rdrand %rax
         __asm__ volatile(".byte 0x48, 0x0f, 0xc7, 0xf0; setc %1"

Original file line number	Diff line number	Diff line change
`@@ -228,6 +228,7 @@ add_compiler_flags(`
`228`	`228`	`-Wredundant-decls`
`229`	`229`	`-Wunreachable-code-loop-increment`
`230`	`230`	`-Wsign-compare`
	`231`	`+ -Wconditional-uninitialized`
`231`	`232`	`)`
`232`	`233`	`add_compiler_flag_group(-Wformat -Wformat-security)`
`233`	`234`	`add_cxx_compiler_flags(`
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ add_compiler_flags(`
`16`	`16`	`-Wno-shadow`
`17`	`17`	`-Wno-sign-compare`
`18`	`18`	`-Wno-unused-const-variable`
	`19`	`+ -Wno-conditional-uninitialized`
`19`	`20`	`)`
`20`	`21`	`add_c_compiler_flags(-Wno-strict-prototypes)`
`21`	`22`