https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106626
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:1d86af242bc4a8e68aebf1f3b8c985f2d17fa791 commit r13-4429-g1d86af242bc4a8e68aebf1f3b8c985f2d17fa791 Author: David Malcolm <dmalc...@redhat.com> Date: Wed Nov 30 21:26:43 2022 -0500 diagnostics: tweak diagnostic_path::interprocedural_p [PR106626] The region-creation event at the start of... <source>: In function 'int_arr_write_element_after_end_off_by_one': <source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds] 14 | arr[10] = x; | ~~~~~~~~^~~ event 1 | | 10 | int32_t arr[10]; | | ^~~ | | | | | (1) capacity is 40 bytes | +--> 'int_arr_write_element_after_end_off_by_one': events 2-3 | | 12 | void int_arr_write_element_after_end_off_by_one(int32_t x) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) entry to 'int_arr_write_element_after_end_off_by_one' | 13 | { | 14 | arr[10] = x; /* { dg-line line } */ | | ~~~~~~~~~~~ | | | | | (3) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40 | <source>:14:11: note: write of 4 bytes to beyond the end of 'arr' 14 | arr[10] = x; | ~~~~~~~~^~~ <source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]' ...makes diagnostic_manager::finish_pruning consider the path to be interprocedural, and so it doesn't prune the function entry event. This patch tweaks diagnostic_path::interprocedural_p to ignore leading events outside of any function, so that it considers the path to be intraprocedural, and thus diagnostic_manager::finish_pruning prunes the function entry event, leading to this simpler output: <source>: In function 'int_arr_write_element_after_end_off_by_one': <source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds] 14 | arr[10] = x; | ~~~~~~~~^~~ event 1 | | 10 | int32_t arr[10]; | | ^~~ | | | | | (1) capacity is 40 bytes | +--> 'int_arr_write_element_after_end_off_by_one': event 2 | | 14 | arr[10] = x; | | ~~~~~~~~^~~ | | | | | (2) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40 | <source>:14:11: note: write of 4 bytes to beyond the end of 'arr' <source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]' gcc/ChangeLog: PR analyzer/106626 * diagnostic-path.h (diagnostic_path::get_first_event_in_a_function): New decl. * diagnostic.cc (diagnostic_path::get_first_event_in_a_function): New. (diagnostic_path::interprocedural_p): Ignore leading events that are outside of any function. gcc/testsuite/ChangeLog: PR analyzer/106626 * gcc.dg/analyzer/out-of-bounds-multiline-1.c: New test. Signed-off-by: David Malcolm <dmalc...@redhat.com>
