https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99391
Bug ID: 99391
Summary: Analyzer call summaries don't handle longjmp
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 99390
Target Milestone: ---
Consider:
/* Verify that call summaries respect longjmp. */
/* { dg-additional-options "-fanalyzer-call-summaries
--param=analyzer-min-snodes-for-call-summary=0" } */
#include "test-setjmp.h"
#include "analyzer-decls.h"
static void inner ();
static jmp_buf env;
void outer (void)
{
if (SETJMP (env))
__analyzer_dump_path (); /* { dg-message "path" } */
else
{
inner ();
inner ();
}
}
static void inner ()
{
longjmp (env, 42); /* { dg-message "rewinding from 'longjmp' in 'inner'" } */
}
Currently the summary sees the interprocedural edge at the first call to inner,
and treats it as a regular call and thus misses the longjmp, and never reaches
the __analyzer_dump_path. A correct implementation of summarizing the call
would somehow turn it into an unwind-from-longjmp edge, or not summarize
functions that can call longjmp (or call something that can call longjmp,
transitively)
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99390
[Bug 99390] [meta-bug] tracker bug for call summaries in -fanalyzer
