gcc-bugs@gcc.gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105264 --- Comment #6 from David Malcolm --- There are some fiddly issues where the analyzer fails to figure out that ptr + i and &ptr[i] refer to the same memory, for certain symbolic values of i. I'm testing a partial fix for GCC 12, which at least

[Bug analyzer/105273] -Wanalyzer-use-of-uninitialized-value warns on "missing" default for switch when callers can be statically determined

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105273 --- Comment #4 from David Malcolm --- Thanks for filing this bug. IIRC in the initial GCC 10 release of the analyzer, it didn't directly explore within static functions, and instead only explored them via callsites. I tweaked the policy for th

gcc-bugs@gcc.gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105264 --- Comment #8 from David Malcolm --- The above patch hopefully fixes the false positive you're seeing, but as noted, there are some deeper issues that it doesn't fix; keeping this bug open.

[Bug analyzer/105287] [12 Regression] ICE in get_region_for_local, at analyzer/region.cc:874

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105287 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 --- Comment #3 from David Malcolm --- Thanks for filing this bug; I can reproduce it with the initial attachment; it's unclear to me yet what's going on.

[Bug analyzer/105365] [12 Regression] ICE: in cmp_cst, at analyzer/svalue.cc:309 with -fanalyzer since r12-2337-g33255ad3ac14e395

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105365 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #2 from David Malc

[Bug analyzer/105366] [11/12 Regression] ICE: in cmp_cst, at analyzer/svalue.cc:309 with -O -fanalyzer since r11-4511-gf635f0ce87d687b1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105366 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #2 from David Malc

[Bug analyzer/105382] New: Support for coroutines in -fanalyzer

Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 97110 Target Milestone: --- -fanalyzer doesn't work well with C++ coroutines. For example, trying it on gcc/testsuite/g++.dg/coroutines/torture/co-yield-01-multi.C lea

[Bug analyzer/105287] [12 Regression] ICE in analyzer get_region_for_local on C++ await cond_var

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105287 --- Comment #5 from David Malcolm --- Thanks. FWIW I've filed PR 105382 to track the various other issues I'm seeing with -fanalyzer with coroutines (though given that we don't properly support C++ yet, that's relatively low priority for me).

[Bug analyzer/105365] [12 Regression] ICE: in cmp_cst, at analyzer/svalue.cc:309 with -fanalyzer since r12-2337-g33255ad3ac14e395

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105365 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/105366] [11 Regression] ICE: in cmp_cst, at analyzer/svalue.cc:309 with -O -fanalyzer since r11-4511-gf635f0ce87d687b1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105366 David Malcolm changed: What|Removed |Added Summary|[11/12 Regression] ICE: in |[11 Regression] ICE: in

[Bug analyzer/104308] no location info provided for [-Wanalyzer-use-of-uninitialized-value] warnings

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104308 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|WAITING

[Bug analyzer/105382] Support for coroutines in -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105382 --- Comment #1 from David Malcolm --- Looks like the analyzer is assuming that all of the different _Coro_resume_index values are possible at each entry to f(f()::_Z1fv.Frame*), but AIUI that value is expressing which basic block the coroutine i

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 --- Comment #4 from David Malcolm --- Created attachment 52892 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52892&action=edit Partially reduced reproducer I reduced the reproducer and am attaching it.

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 --- Comment #5 from David Malcolm --- I've been attempting to debug this. I think that there is a bug in both (a) the analyzer, and, possibly (b) in the software under test (git).

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 --- Comment #6 from David Malcolm --- For (a): If I'm reading this right: reader_init_block_reader has: struct reftable_block block = {((void *)0)}; reader_init_block_reader checks for (next_off >= r->size) and bails out, otherwise, block

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 --- Comment #7 from David Malcolm --- For (b), I'm not convinced git's code is totally correct here. The early-reject case in reader_get_block returns 0: if (off >= r->size) return 0; but at the caller, the condition is < 0: err = re

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 David Malcolm changed: What|Removed |Added Last reconfirmed||2022-04-27 Ever confirmed|0

[Bug analyzer/105287] [12/13 Regression] ICE in analyzer get_region_for_local on C++ await cond_var

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105287 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 --- Comment #11 from David Malcolm --- Should be fixed on trunk for GCC 13 by the above commit. I hope to backport this to GCC 12; keeping this open until that's done.

[Bug analyzer/105366] [11 Regression] ICE: in cmp_cst, at analyzer/svalue.cc:309 with -O -fanalyzer since r11-4511-gf635f0ce87d687b1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105366 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106373] New: False positives from -Wanalyzer-tainted-array-index with casts

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- See: https://godbolt.org/z/P5nGMohxd Am seeing false positive with -O1 -fanalyzer -fanalyzer-checker=taint

[Bug analyzer/106373] False positives from -Wanalyzer-tainted-array-index on comparison with non-const

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106373 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/106374] New: -fanalyzer ICE with certain const static vars

: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- I'm seeing an ICE in -fanalyzer on the Linux kernel's fs/crypto/hkdf.c in function hkdf_extract. Reduced reproducer: typedef unsign

[Bug analyzer/106374] -fanalyzer ICE with certain const static vars

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106374 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/106373] False positives from -Wanalyzer-tainted-array-index on comparison with non-const

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106373 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106373, which changed state. Bug 106373 Summary: False positives from -Wanalyzer-tainted-array-index on comparison with non-const https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106373 What|Removed

[Bug analyzer/106374] [13 Regression] -fanalyzer ICE with certain const static vars

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106374 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106374, which changed state. Bug 106374 Summary: [13 Regression] -fanalyzer ICE with certain const static vars https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106374 What|Removed |Added

[Bug analyzer/106383] New: False positives from -Wanalyzer-va-list-exhausted

Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- https://godbolt.org/z/c87abh5vc Given: typedef __builtin_va_list va_list; struct printf_spec { unsigned int type; }; int format_decode

[Bug analyzer/106383] False positives from -Wanalyzer-va-list-exhausted

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383 David Malcolm changed: What|Removed |Added Last reconfirmed||2022-07-21 Status|UNCONFIRM

[Bug analyzer/106394] New: Possible false positive from -Wanalyzer-allocation-size with empty array

: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org CC: tlange at gcc dot gnu.org Blocks: 106358 Target Milestone: --- Given: struct msm_gpu { // [...snip...] const

[Bug analyzer/106383] False positives from -Wanalyzer-va-list-exhausted

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106383, which changed state. Bug 106383 Summary: False positives from -Wanalyzer-va-list-exhausted https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383 What|Removed |Added -

[Bug analyzer/106394] Possible false positive from -Wanalyzer-allocation-size with empty array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106394 David Malcolm changed: What|Removed |Added Assignee|dmalcolm at gcc dot gnu.org|tlange at gcc dot gnu.org

[Bug analyzer/106413] New: State explosion on va_arg when va_start is in top-level function of analysis

: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- I accidentally introduced: FAIL: gcc.dg/analyzer/stdarg-3.c (test for excess errors) in r13-1786-gb852aa7f265424; the

[Bug analyzer/106413] State explosion on va_arg when va_start is in top-level function of analysis

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106413 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/106401] [13 Regression] ICE: in binding_cluster, at analyzer/store.cc:1110 with -fanalyzer since r13-1761-g68871a008e686dbe

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106401 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/106413] State explosion on va_arg when va_start is in top-level function of analysis

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106413 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106003] RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 --- Comment #6 from David Malcolm --- I don't think we were tracking the RFE for this in bugzilla, so just a note that Immad had now committed his patch for the three new attributes for functions that make use of file descriptors: https://gcc.gn

[Bug analyzer/106441] New: Analyzer has some issues with nested functions extension to C

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- See: https://gcc.gnu.org/onlinedocs/gcc/Nested-Functions.html Given: #include "analyzer-decls.h" static int __attribute__

[Bug analyzer/106441] Analyzer has some issues with nested functions extension to C

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106441 --- Comment #1 from David Malcolm --- Above example on Compiler Explorer: https://godbolt.org/z/Pv1GoonE6

[Bug analyzer/106319] False positives from -Wanalyzer-va-arg-type-mismatch on int promotion

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106319 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106319, which changed state. Bug 106319 Summary: False positives from -Wanalyzer-va-arg-type-mismatch on int promotion https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106319 What|Removed

[Bug analyzer/106454] -Wanalyzer-malloc-leak false positive when returning heap-allocation through array in struct after function call

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106454 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/106454] -Wanalyzer-malloc-leak false positive when returning heap-allocation through array in struct after function call

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106454 --- Comment #2 from David Malcolm --- ...i.e. it's getting confused about liveness. It's considering that the call to c could have overwritten the old value of d with a new value (or d->args), and thus that this hypothetical new value of d->arg

[Bug analyzer/106298] RFE: analyzer handling of dup, dup2, and dup3

at gcc dot gnu.org|mir at gcc dot gnu.org Ever confirmed|0 |1 Status|UNCONFIRMED |ASSIGNED --- Comment #2 from David Malcolm --- Immad's looking at this one.

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106225, which changed state. Bug 106225 Summary: False positives from -Wanalyzer-tainted-divisor https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225 What|Removed |Added ---

[Bug analyzer/106225] False positives from -Wanalyzer-tainted-divisor

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/106204] False positive from -Wanalyzer-use-of-uninitialized-value with -ftrivial-auto-var-init=zero

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106204 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106204, which changed state. Bug 106204 Summary: False positive from -Wanalyzer-use-of-uninitialized-value with -ftrivial-auto-var-init=zero https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106204 What|Remov

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/99860] RFE: analyzer does not respect "restrict"

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99860 --- Comment #2 from David Malcolm --- Quoting Paul Eggert here: https://lists.gnu.org/archive/html/bug-gnulib/2022-07/msg00066.html > I looked into this a bit more, and it turns out that GCC was wrong > about > what happens when some paramete

[Bug analyzer/105893] RFE: -fanalyzer could check putenv calls

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 David Malcolm changed: What|Removed |Added Last reconfirmed||2022-07-28 Ever confirmed|0

[Bug analyzer/106007] RFE: analyzer should complain about exec/system of tainted args

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007 --- Comment #1 from David Malcolm --- Similarly, putenv should check for tainted string args.

[Bug analyzer/106007] RFE: analyzer should complain about exec/system of tainted args

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007 --- Comment #2 from David Malcolm --- Currently the taint analysis only has handling for numeric arguments being bounds-checked. How can string arguments transition to a "sanitized" state? Or are string arguments always tainted once they've ac

[Bug analyzer/105893] RFE: -fanalyzer could check putenv calls

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/105887] [meta-bug] clang analyzer warnings that GCC's -fanalyzer could implement

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887 Bug 105887 depends on bug 105893, which changed state. Bug 105893 Summary: RFE: -fanalyzer could check putenv calls https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 What|Removed |Added --

[Bug analyzer/106147] RFE: -fanalyzer could complain about some cases of infinite loops and infinite recursion

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106147 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/106539] New: -fanalyzer doesn't consider that realloc could shrink the buffer

ormal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- realloc's success_with_move::update_model uses the new size of the buffer when copying the contents of the old buffer,

[Bug analyzer/105947] RFE: -fanalyzer should complain about jumps through NULL function pointers

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105947 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/105887] [meta-bug] clang analyzer warnings that GCC's -fanalyzer could implement

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887 Bug 105887 depends on bug 105947, which changed state. Bug 105947 Summary: RFE: -fanalyzer should complain about jumps through NULL function pointers https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105947 What|Removed

[Bug analyzer/106551] [13 Regression] dup2 causes -fanalyser ICE in valid_to_unchecked_state, at analyzer/sm-fd.cc:751

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106551 David Malcolm changed: What|Removed |Added CC||mir at gcc dot gnu.org --- Comment #1 f

[Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines

Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org CC: mir at gcc dot gnu.org Target Milestone: --- Consider: int dup (int old_fd); int not_dup (int old_fd); int test_1

[Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106203] Allow to emit diagnostics at return edges for the exit point as well as the call site

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106203 --- Comment #1 from David Malcolm --- I've been prototyping an implementation of PR 106147 (infinite loop detection), and in some cases there aren't any statements at all for my warnings, just location_t values (if that). So as part of that I'v

[Bug analyzer/106147] RFE: -fanalyzer could complain about some cases of infinite loops and infinite recursion

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106147 --- Comment #3 from David Malcolm --- See also https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106203#c1 (w.r.t possible revamp of how source locations are tracked in the analyzer, given that an infinite loop might not contain any statements)

[Bug c/90885] GCC should warn about 2^16 and 2^32 and 2^64 [-Wxor-used-as-pow]

||dmalcolm at gcc dot gnu.org Component|c++ |c Assignee|unassigned at gcc dot gnu.org |dmalcolm at gcc dot gnu.org --- Comment #24 from David Malcolm --- I'm working on an implementation of this.

[Bug c/90885] GCC should warn about 2^16 and 2^32 and 2^64 [-Wxor-used-as-pow]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90885 --- Comment #25 from David Malcolm --- Created attachment 53435 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53435&action=edit v1 of a patch to implement -Wxor-used-as-pow This patch implements the warning, but doesn't work well; as note

[Bug c/90885] GCC should warn about 2^16 and 2^32 and 2^64 [-Wxor-used-as-pow]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90885 David Malcolm changed: What|Removed |Added Keywords||patch Status|ASSIGNED

[Bug analyzer/106625] New: RFE: support some symbolic values in -Wanalyzer-out-of-bounds

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Currently -Wanalyzer-out-of-bounds only warns when: * the size of the memory access is constant, rather than symbolic, and * the

[Bug analyzer/106625] RFE: support some symbolic values in -Wanalyzer-out-of-bounds

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106625 David Malcolm changed: What|Removed |Added CC||tlange at gcc dot gnu.org --- Comment #

[Bug analyzer/106626] New: Improvements to wording of -Wanalyzer-out-of-bounds

Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org CC: tlange at gcc dot gnu.org Target Milestone: --- During the patch review of -Wanalyzer-out-of-bounds we decided to focus on getting the feature implemented in trunk

[Bug analyzer/106620] Incorrectly thinks execution can continue after a return statement

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106620 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/106620] Incorrectly thinks execution can continue after a return statement

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106620 --- Comment #2 from David Malcolm --- (In reply to David Malcolm from comment #1) > I've made lots of implementation changes to -fanalyzer in gcc 12 in beyond "and beyond", I meant to say

[Bug analyzer/106634] [13 Regression] ICE in get_region_for_local, at analyzer/region.cc:874 since r13-2029-g7e3b45befdbbf1a1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106634 David Malcolm changed: What|Removed |Added See Also||https://gcc.gnu.org/bugzill

[Bug analyzer/106539] -fanalyzer doesn't consider that realloc could shrink the buffer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106539 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/106551] [13 Regression] dup2 causes -fanalyzer ICE in valid_to_unchecked_state, at analyzer/sm-fd.cc:751

|--- |FIXED CC||dmalcolm at gcc dot gnu.org --- Comment #8 from David Malcolm --- Presumably fixed by the above commit; marking as resolved.

[Bug analyzer/106003] RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 Bug 106003 depends on bug 106551, which changed state. Bug 106551 Summary: [13 Regression] dup2 causes -fanalyzer ICE in valid_to_unchecked_state, at analyzer/sm-fd.cc:751 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106551 What|

[Bug analyzer/106181] [13 Regression] ICE in capacity_compatible_with_type, at analyzer/region-model.cc:2909

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106181 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org

[Bug analyzer/106703] during IPA pass: analyzer ICE: error reporting routines re-entered. with -fanalyzer -fsanitize-address-use-after-scope -fsanitize=kernel-address -fdiagnostics-format=sarif-stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106703 David Malcolm changed: What|Removed |Added Last reconfirmed||2022-08-21 Ever confirmed|0

[Bug analyzer/98247] RFE: detect Flexible Array Member misuse in analyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98247 David Malcolm changed: What|Removed |Added See Also||https://gcc.gnu.org/bugzill

[Bug analyzer/98247] RFE: detect Flexible Array Member misuse in analyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98247 --- Comment #3 from David Malcolm --- Seems to work: Does not warn for provided example: https://godbolt.org/z/Wa3E8Mdqr If I increase the memset to access one beyond, it complains: https://godbolt.org/z/K6Wcneh8Y with the caveat th

[Bug c++/87403] [Meta-bug] Issues that suggest a new warning

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87403 Bug 87403 depends on bug 90885, which changed state. Bug 90885 Summary: GCC should warn about 2^16 and 2^32 and 2^64 [-Wxor-used-as-pow] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90885 What|Removed |Added --

[Bug c/90885] GCC should warn about 2^16 and 2^32 and 2^64 [-Wxor-used-as-pow]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90885 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|WAITING

[Bug analyzer/106845] [13 Regression] ICE in exceeds_p, at analyzer/store.cc:464 since r13-2029-g7e3b45befdbbf1a1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106845 --- Comment #2 from David Malcolm --- Failing assertion here: #1 0x014df116 in ana::byte_range::exceeds_p (this=0x7fffbf80, other=..., out_overhanging_byte_range=0x7fffbfc0) at ../../src/gcc/analyzer/store.cc:464 464

[Bug analyzer/106845] [13 Regression] ICE in exceeds_p, at analyzer/store.cc:464 since r13-2029-g7e3b45befdbbf1a1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106845 --- Comment #4 from David Malcolm --- (In reply to Tim Lange from comment #3) > It seems to me that the implementations of byte_range/bit_range > get_last_byte_offset () already assume that m_size_in_bytes should be > greater than zero. So I thi

[Bug c/106830] [13 Regression] ICE: in tree_to_uhwi, at tree.cc:6392 (from check_for_xor_used_as_pow) since r13-2386-gbedfca647a9e9c1a

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106830 David Malcolm changed: What|Removed |Added Assignee|unassigned at gcc dot gnu.org |dmalcolm at gcc dot gnu.org

[Bug analyzer/106854] [[gnu::malloc(deallocator)]] for non-pointer functions (e.g., fd)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106854 David Malcolm changed: What|Removed |Added CC||mir at gcc dot gnu.org --- Comment #3 f

[Bug c/106830] [13 Regression] ICE: in tree_to_uhwi, at tree.cc:6392 (from check_for_xor_used_as_pow) since r13-2386-gbedfca647a9e9c1a

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106830 David Malcolm changed: What|Removed |Added Status|ASSIGNED|WAITING Keywords|

[Bug analyzer/106854] [[gnu::malloc(deallocator)]] for non-pointer functions (e.g., fd)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106854 --- Comment #7 from David Malcolm --- (In reply to Alejandro Colomar from comment #6) > timerfd_create() might not be important if the timer is not correctly > deleted. pthread_mutex_init() is another one that is quite more important, > as leak

[Bug analyzer/98247] Analyzer fails to detect certain out-of-bounds uses of flexible array members

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98247 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Summary|RFE: detect Flexibl

[Bug c/106830] [13 Regression] ICE: in tree_to_uhwi, at tree.cc:6392 (from check_for_xor_used_as_pow) since r13-2386-gbedfca647a9e9c1a

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106830 David Malcolm changed: What|Removed |Added Status|WAITING |RESOLVED Resolution|---

[Bug c/107002] [13 Regression] ICE in column_range, at diagnostic-show-locus.cc:2236

|UNCONFIRMED |ASSIGNED Assignee|unassigned at gcc dot gnu.org |dmalcolm at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #1 from David Malcolm --- Probably introduced by r13-2386-gbedfca647a9e9c1a, which added -Wxor-used-as-pow. Failing

[Bug c/107016] New: [meta-bug] tracker bug for supporting "sparse" attributes in GCC

: meta-bug Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Depends on: 59850, 59851, 59852, 59856, 68524 Target Milestone: --- I've been looking at implementing s

[Bug analyzer/107017] New: RFE: support printf-style formatted functions in -fanalyzer

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- We currently have some support for parsing the insides of a printf-style format string in two places: * gcc/c-family/c-format.cc

[Bug c/59850] Support sparse-style pointer address spaces (type attributes)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59850 David Malcolm changed: What|Removed |Added Assignee|unassigned at gcc dot gnu.org |dmalcolm at gcc dot gnu.org

[Bug analyzer/107060] -fanalyzer unbearably slow when compiling GNU Emacs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107060 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/107060] -fanalyzer unbearably slow when compiling GNU Emacs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107060 --- Comment #2 from David Malcolm --- Confirmed: the test case on a release build of trunk on my development box: -O2 without -fanalyzer takes ~18 seconds -O2 with -fanalyzer takes ~10 minutes == ~600 seconds

<    20   21   22   23   24   25   26   27   28   29   >