https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106325
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
Last reconfirmed| |2022-07-16
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this bug report.
Near the start of the analysis, it sees:
‘arranger_object_unsplit’: event 1
|
|../src/gui/backend/arranger_object.c:3021:1:
| 3021 | arranger_object_unsplit (
| | ^~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘arranger_object_unsplit’
|
‘arranger_object_unsplit’: event 2
|
|../src/gui/backend/arranger_object.c:3043:10:
| 3043 | *obj = arranger_object_clone (r1);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘arranger_object_clone’ from
‘arranger_object_unsplit’
|
+--> ‘arranger_object_clone’: events 3-6
|
|../src/gui/backend/arranger_object.c:2568:1:
| 2568 | arranger_object_clone (const ArrangerObject * self)
| | ^~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) entry to ‘arranger_object_clone’
| 2569 | {
| 2570 | g_return_val_if_fail (self, NULL);
| | ~ ~~~~~~
| | | |
|
| | | (5) ...to here
(6) ‘r1’ is NULL
| | (4) following ‘false’ branch (when ‘self’ is
NULL)...
|
<------+
...and so within the g_return_val_if_fail in arranger_object_clone it considers
the case in which "self" (and thus the "r1" param passed to
arranger_object_unsplit) is NULL.
However, I see this declaration in the preprocessed code:
__attribute__((nonnull(1, 2)))
void
arranger_object_unsplit (
ArrangerObject * r1,
ArrangerObject * r2,
ArrangerObject ** obj,
_Bool fire_events);
and hence the analyzer *ought* to be assuming that r1 and r2 are non-NULL, and
thus not consider the early-bailout case in that g_return_val_if_fail.
Looks like a bug in the analyzer to me; marking as confirmed (reproduced on gcc
trunk).
