[Bug analyzer/110112] [11/12/13 Regression] gcc -fanalyzer takes an excessive amount of time

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110112 Tim Lange changed: What|Removed |Added CC||tlange at gcc dot gnu.org --- Comment #2 fr

[Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107882 --- Comment #2 from Tim Lange --- Created attachment 53979 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53979&action=edit patch for pr107882 I think the assertion here uncovered a bug. Currently, if the OTHER parameter of bit_range::con

[Bug analyzer/106845] [13 Regression] ICE in exceeds_p, at analyzer/store.cc:464 since r13-2029-g7e3b45befdbbf1a1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106845 Tim Lange changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/106845] [13 Regression] ICE in exceeds_p, at analyzer/store.cc:464 since r13-2029-g7e3b45befdbbf1a1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106845 Tim Lange changed: What|Removed |Added Assignee|dmalcolm at gcc dot gnu.org|tlange at gcc dot gnu.org

[Bug analyzer/106845] [13 Regression] ICE in exceeds_p, at analyzer/store.cc:464 since r13-2029-g7e3b45befdbbf1a1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106845 --- Comment #3 from Tim Lange --- Thanks for the report! (In reply to David Malcolm from comment #2) > (gdb) call this->dump() > bytes 1-0 This should be the read_bytes in region_model::check_region_bounds, with the start being the offset and

[Bug analyzer/106181] [13 Regression] ICE in capacity_compatible_with_type, at analyzer/region-model.cc:2909

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106181 Tim Lange changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/106551] [13 Regression] dup2 causes -fanalyzer ICE in valid_to_unchecked_state, at analyzer/sm-fd.cc:751

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106551 Tim Lange changed: What|Removed |Added CC||tlange at gcc dot gnu.org --- Comment #4 fr

[Bug analyzer/106597] New: False positive Wanalyzer-out-of-bounds warnings in coreutils/gnulib

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106597 Bug ID: 106597 Summary: False positive Wanalyzer-out-of-bounds warnings in coreutils/gnulib Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal

[Bug analyzer/105898] RFE: -fanalyzer should complain about overlapping args to memcpy and mempcpy

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105898 --- Comment #3 from Tim Lange --- This checker is nearly finished, but is blocked by: https://gcc.gnu.org/pipermail/gcc/2022-July/239213.html tl;dr: the current draft of the C standard does include new examples of how the restrict keyword sho

[Bug analyzer/106595] New: False positive Wanalyzer-out-of-bounds warnings in yacc generated files

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106595 Bug ID: 106595 Summary: False positive Wanalyzer-out-of-bounds warnings in yacc generated files Product: gcc Version: unknown Status: UNCONFIRMED Severity: nor

[Bug analyzer/106007] RFE: analyzer should complain about exec/system/putenv of tainted args

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007 Tim Lange changed: What|Removed |Added CC||tlange at gcc dot gnu.org --- Comment #3 fr

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106394, which changed state. Bug 106394 Summary: False positive from -Wanalyzer-allocation-size with empty array https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106394 What|Removed |Adde

[Bug analyzer/106394] False positive from -Wanalyzer-allocation-size with empty array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106394 Tim Lange changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106394] Possible false positive from -Wanalyzer-allocation-size with empty array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106394 Tim Lange changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed|

[Bug analyzer/106181] [13 Regression] ICE in capacity_compatible_with_type, at analyzer/region-model.cc:2909

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106181 --- Comment #2 from Tim Lange --- Posted a fix to the mailing list here: https://gcc.gnu.org/pipermail/gcc-patches/2022-July/597871.html

[Bug analyzer/105888] RFE: -fanalyzer should complain when an on-stack address escapes/outlives the function

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105888 --- Comment #3 from Tim Lange --- (In reply to Tim Lange from comment #2) > I do have a fast prototype of this feature, but polishing that would require > PR105888 first. I plan to work on other checkers and get more familiar with > the code fir

[Bug analyzer/105888] RFE: -fanalyzer should complain when an on-stack address escapes/outlives the function

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105888 Tim Lange changed: What|Removed |Added CC||tlange at gcc dot gnu.org --- Comment #2 fr

[Bug analyzer/106203] New: Allow to emit diagnostics at return edges for the exit point as well as the call site

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106203 Bug ID: 106203 Summary: Allow to emit diagnostics at return edges for the exit point as well as the call site Product: gcc Version: unknown Status: UNCONFIRMED

[Bug analyzer/106181] [13 Regression] ICE in capacity_compatible_with_type, at analyzer/region-model.cc:2909

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106181 --- Comment #1 from Tim Lange --- Can confirm. I've missed that I might receive non-ints from get_capacity. I'm working on a fix right now.

[Bug analyzer/106181] [13 Regression] ICE in capacity_compatible_with_type, at analyzer/region-model.cc:2909

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106181 Tim Lange changed: What|Removed |Added Last reconfirmed||2022-07-04 Assignee|dmalcolm at g

[Bug analyzer/105898] RFE: -fanalyzer should complain about overlapping args to memcpy and mempcpy

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105898 Tim Lange changed: What|Removed |Added CC||tlange at gcc dot gnu.org --- Comment #2 fr

[Bug analyzer/105887] [meta-bug] clang analyzer warnings that GCC's -fanalyzer could implement

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887 Bug 105887 depends on bug 105900, which changed state. Bug 105900 Summary: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 What|Removed

[Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 Tim Lange changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 --- Comment #3 from Tim Lange --- See also this mailing list thread: https://gcc.gnu.org/pipermail/gcc/2022-June/238907.html