https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886
Bug ID: 99886
Summary: Infinite loop in -fanalyzer seen on
gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Reproducer:
#include <stdlib.h>
struct coord {
float x;
float y;
};
void test_34 (void)
{
float *q;
struct coord *p = malloc (sizeof (struct coord));
if (!p)
return;
p->x = 0.0f;
q = &p->x;
free (p);
*q = 1.0f; /* { dg-warning "use after 'free' of 'q'" } */
};
when compiled with:
-fanalyzer -fanalyzer-verbosity=0
Doesn't happen at other verbosity levels.
Seems to be getting stuck here in diagnostic_manager::consolidate_conditions:
(gdb) bt
#0 0x00000000024a8777 in vec<ana::checker_event*, va_heap, vl_ptr>::length
(this=0x7fffffffca98) at ../../src/gcc/vec.h:1439
#1 0x00000000024c0d30 in ana::checker_path::num_events (this=0x7fffffffca90)
at ../../src/gcc/analyzer/checker-path.h:503
#2 0x00000000024c0138 in ana::diagnostic_manager::consolidate_conditions
(this=0x7fffffffcf00, path=0x7fffffffca90)
at ../../src/gcc/analyzer/diagnostic-manager.cc:2203
#3 0x00000000024bf433 in ana::diagnostic_manager::prune_path
(this=0x7fffffffcf00, path=0x7fffffffca90, sm=0x0, sval=0x0, state=0x0)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1783
#4 0x00000000024be1b6 in ana::diagnostic_manager::emit_saved_diagnostic
(this=0x7fffffffcf00, eg=..., sd=...)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1131
#5 0x00000000024c1af1 in ana::dedupe_winners::emit_best (this=0x7fffffffcc20,
dm=0x7fffffffcf00, eg=...)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1051
#6 0x00000000024bdfa6 in ana::diagnostic_manager::emit_saved_diagnostics
(this=0x7fffffffcf00, eg=...)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1100
#7 0x0000000001830e13 in ana::impl_run_checkers (logger=0x35ccbf0) at
../../src/gcc/analyzer/engine.cc:4892
