[Bug analyzer/106225] New: False positives from -Wanalyzer-tainted-divisor

: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- -Wanalyzer-tainted-divisor seems to be using the wrong logic for determining if a value has been checked for zeroness; consider: #include struct st1 { int a; int

[Bug analyzer/106225] False positives from -Wanalyzer-tainted-divisor

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225 David Malcolm changed: What|Removed |Added Last reconfirmed||2022-07-07 Status|UNCONFIRM

[Bug analyzer/106225] False positives from -Wanalyzer-tainted-divisor

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225 --- Comment #3 from David Malcolm --- Fixed on trunk for gcc 13 by the above commit. Keeping this open to backport to gcc 12.

[Bug analyzer/106229] New: False positives from -Wanalyzer-tainted-array-index with unsigned char index

: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Consider: struct s_12 { unsigned char idx; char buf[256]; }; char __attribute__((tainted_args)) test_12(struct

[Bug analyzer/106235] New: RFE: -fanalyzer could complain about tainted data triggering assertion failure

: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- CWE-617: Reachable Assertion: https://cwe.mitre.org/data/definitions/617.html "The product contains an assert

[Bug analyzer/106235] RFE: -fanalyzer could complain about tainted data triggering assertion failure

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106235 --- Comment #1 from David Malcolm --- Juliet 1.3 has various testcases for this in C/testcases/CWE617_Reachable_Assertion/

[Bug middle-end/96032] RFE: add a way to use output from --fdiagnostics-format=json as input

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96032 --- Comment #4 from David Malcolm --- I posted a prototype implementation of this here: "[PATCH 00/12] RFC: Replay of serialized diagnostics" https://gcc.gnu.org/pipermail/gcc-patches/2022-June/597051.html (doesn't fully work; see the many

[Bug preprocessor/91733] No longer treat carriage return as an end-of-line

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91733 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org

[Bug preprocessor/106272] clang build: new warning ?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106272 --- Comment #9 from David Malcolm --- Thanks!

[Bug analyzer/106283] New: RFE: analyzer handling of close_range and closefrom

Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106003 Target Milestone: --- As noted here: https://sourceware.org/pipermail/libc-alpha/2022-July/140623.html and https://sourceware.org/pipermail/libc-alpha/2022

[Bug analyzer/106284] New: False positives from -Wanalyzer-tainted-array-index with optimized conditionals

Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Consider: #define LOWER_LIMIT 5 #define UPPER_LIMIT 10 static int arr[UPPER_LIMIT]; static int called_by_test_1

[Bug analyzer/106286] New: fd_diagnostic should implement get_meaning_for_state_change vfunc

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106003 Target Milestone: --- A minor nit: I added pending_diagnostic::get_meaning_for_state_change after Immad started working on sm

[Bug analyzer/106286] fd_diagnostic should implement get_meaning_for_state_change vfunc

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106286 --- Comment #1 from David Malcolm --- Compare with e.g.: gcc/testsuite/gcc.dg/analyzer/file-meaning-1.c which tests this for the sm-file.cc

[Bug analyzer/106298] New: RFE: analyzer handling of dup, dup2, and dup3

: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106003 Target Milestone: --- Now that -fanalyzer has warnings for file descriptors (especially leaks), we should probably special-case the following functions (rather than

[Bug analyzer/106299] New: RFE: analyzer handling of fdopen

Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106003 Target Milestone: --- Now that the analyzer supports checking both filedescriptor *and* FILE * usage, we should probably add special-case handling of fdopen: https://www.man7

[Bug analyzer/106300] New: RFE: analyzer support for more ways of obtaining an open file descriptor

: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106003 Target Milestone: --- Currently -fanalyzer special-cases "open" for obtaining a possibly-open file descrip

[Bug analyzer/106301] New: RFE: analyzer support of mmap

Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106003 Target Milestone: --- Now that the analyzer can track uses of file-descriptors, we may want to special-case mmap: https://www.man7.org/linux/man-pages/man2/mmap.2.html void

[Bug analyzer/106301] RFE: analyzer support of mmap

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106301 --- Comment #1 from David Malcolm --- Potentially we could also track the allocated region, and complain if it is leaked. I think this would require handling of mmap/munmap in sm-malloc.cc (so that we can detect leaks), and support in the regio

[Bug analyzer/106302] New: RFE: provide a way for -fanalyzer to use target flags

Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106003, 106301 Target Milestone: --- As noted in the discussion here: https://gcc.gnu.org/pipermail/gcc/2022-June/238954.html -fanalyzer sometimes uses specific

[Bug analyzer/106284] False positives from -Wanalyzer-tainted-array-index with optimized conditionals

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106284 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/106284] False positives from -Wanalyzer-tainted-array-index with optimized conditionals

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106284 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106319] New: False positives from -Wanalyzer-va-arg-type-mismatch on int promotion

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Consider e.g.: static void __attribute__((noinline)) __analyzer_consume_n_ints (int num, ...) { __builtin_va_list ap

[Bug jit/106312] jit tests fail on powerpc64le

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106312 --- Comment #1 from David Malcolm --- Seems to work for me (on gcc112); is there a particular machine you tried this on?

[Bug analyzer/106321] New: False positives from -Wanalyzer-tainted-array-index with switch with ranged cases

Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Consider: https://godbolt.org/z/o3xE7PozM static int arr[100]; int __attribute__((tainted_args)) test_5 (int

[Bug analyzer/106325] `analyzer-null-dereference` gets thrown on a parameter on a function marked with `__attribute__((nonnull))`

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106325 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/106321] False positives from -Wanalyzer-tainted-array-index with switch with ranged cases

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106321 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/106358] New: [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Depends on: 106204, 106218, 106225, 106229, 106319, 106284, 106321 Target Milestone: --- I've creating this tracker bug to help org

[Bug analyzer/106359] New: -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c

Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- I've been testing -fanalyzer trunk with my trust boundaries patches on the ups

[Bug analyzer/106359] -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106359 --- Comment #1 from David Malcolm --- Dumping the store shows huge numbers of clusters of the form: cluster for: "RXANCL Input": CONJURED(madera_free_bus_error_irq (_6, i_29);, "RXANCL Input") (ESCAPED) (TOUCHED) cluster for: "Route": CONJU

[Bug analyzer/106359] -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106359 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106359, which changed state. Bug 106359 Summary: -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106359 What|Removed

[Bug analyzer/100244] [11 Regression] ICE: Segmentation fault (in describe_state_change)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100244 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/100615] analyzer failed to report leak in rxtxcpu's parse_cpu_list

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100615 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/99212] [11 Regression] gcc.dg/analyzer/data-model-1.c line 971

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99212 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/101386] Analysis of attribute malloc's deallocator function is not capable of abstraction

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101386 --- Comment #1 from David Malcolm --- Thanks for filing this bug. The: __attribute__((malloc, malloc(string_delete))) is confusing the analyzer; if I remove it, the code compiles without warnings. I'm not yet sure what the analyzer should do

[Bug analyzer/94713] Analyzer is buggy on uninitialized pointer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94713 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/95006] RFE: Reimplement -Wanalyzer-use-of-uninitialized-value

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95006 Bug 95006 depends on bug 94713, which changed state. Bug 94713 Summary: Analyzer is buggy on uninitialized pointer https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94713 What|Removed |Added -

[Bug analyzer/94714] Analyzer: no warning on access of an uninitialized variable of automatic storage duration

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94714 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/95006] RFE: Reimplement -Wanalyzer-use-of-uninitialized-value

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95006 Bug 95006 depends on bug 94714, which changed state. Bug 94714 Summary: Analyzer: no warning on access of an uninitialized variable of automatic storage duration https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94714 What|Removed

[Bug analyzer/95006] RFE: Reimplement -Wanalyzer-use-of-uninitialized-value

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95006 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug jit/101491] [11 regression] /usr/local/include/libgccjit++.h conflicts between different GCC installations

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101491 --- Comment #2 from David Malcolm --- I wonder why this changed recently; as Dimitry notes, this has been done the same since the initial merger of libgccjit into trunk. I'm using $(includedir). What should I be using? Thanks

[Bug analyzer/101503] [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101503 David Malcolm changed: What|Removed |Added Last reconfirmed||2021-07-19 Status|UNCONFIRM

[Bug analyzer/101503] [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101503 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/101522] ICE: Segmentation fault (in ana::binding_cluster::purge_state_involving)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101522 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/101550] -Wanalyzer-file-leak false positive with an array of pointers, open and fdopen.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101550 --- Comment #1 from David Malcolm --- Thanks for filing this bug. What version of glibc are you using? This looks similar to PR 101081 in that I think it's dependent on the exact uses of __attribute__((malloc)) within stdio.h.

[Bug analyzer/101522] ICE: Segmentation fault (in ana::binding_cluster::purge_state_involving)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101522 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/101547] [12 Regression] ICE: Segmentation fault (in c_tree_printer)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101547 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/101570] [12 Regression] ICE in maybe_reconstruct_from_def_stmt, at analyzer/analyzer.cc:133

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101570 David Malcolm changed: What|Removed |Added Last reconfirmed||2021-07-22 Status|UNCONFIRM

[Bug analyzer/101570] [12 Regression] ICE in maybe_reconstruct_from_def_stmt, at analyzer/analyzer.cc:133

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101570 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug ipa/101941] New: Linux kernel build failure due to retaining fnsplit fragment with __attribute__((__error__))

Severity: normal Priority: P3 Component: ipa Assignee: unassigned at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org CC: marxin at gcc dot gnu.org Target Milestone: --- I'm attaching a reduced reproducer for an issue seen

[Bug ipa/101941] Linux kernel build failure due to retaining fnsplit fragment with __attribute__((__error__))

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101941 --- Comment #1 from David Malcolm --- Created attachment 51311 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51311&action=edit Reduced reproducer

[Bug ipa/101941] [12 Regression] Linux kernel build failure due to retaining fnsplit fragment with __attribute__((__error__))

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101941 David Malcolm changed: What|Removed |Added Summary|Linux kernel build failure |[12 Regression] Linux

[Bug ipa/101941] [12 Regression] Linux kernel build failure due to retaining fnsplit fragment with __attribute__((__error__))

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101941 --- Comment #5 from David Malcolm --- Other ideas for fixing: (a) (hackish workaround?): defer emitting diagnostics from __attribute__((__error__)) and __attribute__((__warning__)) until a postprocessing stage, after all functions have been emi

[Bug analyzer/101962] New: Analyzer NULL false positive with pointer manipulation

Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- -fanalyzer emits two warnings on this code: #define NULL ((void *)0) int * func1(int *ptr) { if (!ptr) return NULL; return ++ptr; } int main() { int

[Bug analyzer/101962] Analyzer NULL false positive with pointer manipulation

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101962 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/101875] [12 Regression] ICE: Segmentation fault (in c_tree_printer)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101875 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #2 from David Malc

[Bug analyzer/101837] [11/12 Regression] ICE with -O3 -fsanitize=undefined -fanalyzer since r11-7941-ge4bb1bd60a9fd1be

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101837 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/101980] [12 regressions] many test case failures after r12-3002

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101980 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed|

[Bug analyzer/101983] New: analyzer leak false positives building singly linked list

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- -fanalyzer reports various "leak" false positives on the foll

[Bug analyzer/101875] [12 Regression] ICE: Segmentation fault (in c_tree_printer)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101875 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/101837] [11/12 Regression] ICE with -O3 -fsanitize=undefined -fanalyzer since r11-7941-ge4bb1bd60a9fd1be

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101837 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/101962] Analyzer NULL false positive with pointer manipulation

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101962 --- Comment #3 from David Malcolm --- Should be fixed on trunk for gcc 12 by the above commit. I plan to backport this to gcc 11; keeping it open until that's done.

[Bug other/93090] RFE: Add a frontend for the Rust programming language

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93090 --- Comment #4 from David Malcolm --- FWIW there's also: https://github.com/antoyo/rustc_codegen_gcc which isn't a GCC Rust frontend per se, but uses libgccjit to embed GCC as a code generation backend inside the existing rustc compiler (I'm th

[Bug middle-end/96032] RFE: add a way to use output from --fdiagnostics-format=json as input

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96032 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org Last

[Bug analyzer/110090] -fanalyze sometimes assumes contradictory conditions to be valid at the same time during path exploration

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110090 --- Comment #1 from David Malcolm --- Thanks for filing this bug report, and sorry for not responding before. Are you still able to reproduce this? If so, please can you use -save-temps to generated a preprocessed file (.i) that reproduces the

[Bug analyzer/111441] [14 Regression] ICE generating access diagram, in fold_binary_loc, at fold-const.cc:11580

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111441 David Malcolm changed: What|Removed |Added Summary|internal compiler error: in |[14 Regression] ICE |

[Bug analyzer/113923] Segfault in gcc/gcc/tree-diagnostic.cc:265

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113923 --- Comment #1 from David Malcolm --- Reproducing that is going to be a challenge. FWIW you can probably work around it via -fno-analyzer-undo-inlining. For an inlined_call_event's m_apparent_caller_fndecl to be NULL, then when it was created

[Bug analyzer/113923] Segfault in gcc/gcc/tree-diagnostic.cc:265

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113923 --- Comment #2 from David Malcolm --- inlined_call_event's ctor should probably assert that params tree apparent_callee_fndecl, tree apparent_caller_fndecl, are both non-NULL, which might catch the iss

[Bug analyzer/113923] Segfault in gcc/gcc/tree-diagnostic.cc:265

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113923 --- Comment #3 from David Malcolm --- (In reply to David Malcolm from comment #2) > are both non-NULL, which might catch the issue slightly early. ^

[Bug analyzer/110907] ICE when using -fanalyzer-verbose-state-changes

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110907 David Malcolm changed: What|Removed |Added Resolution|--- |DUPLICATE Status|UNCONFIRME

[Bug analyzer/113509] ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113509 David Malcolm changed: What|Removed |Added CC||vultkayn at gcc dot gnu.org --- Comment

[Bug analyzer/113606] [14 Regression] -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113606 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Summary|-Wanalyzer-infinit

[Bug analyzer/113619] [14 Regression] -Wanalyzer-tainted-divisor false positive seen in Linux kernel's fs/ceph/ioctl.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113619 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/111266] [13/14 Regression] Missing -Wanalyzer-out-of-bounds for concrete offset overwrite.

|1 CC||dmalcolm at gcc dot gnu.org Last reconfirmed||2024-02-15 Summary|Missing |[13/14 Regression] Missing |-Wanalyzer-out-of-bounds|-Wanalyzer-out-of

[Bug analyzer/111802] New analyser diagram failures since commit b365e9d57ad4

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111802 --- Comment #1 from David Malcolm --- Thanks for filing this bug report. The issue seems to be with the top line here: ┌┬┬┬┬┐┌─┬─┬─┐ │[1] │[1] │[1] │[1] │

[Bug analyzer/113505] [14 Regression] ICE: SIGSEGV in tree_class_check (tree.h:3766) with -O -fdump-analyzer -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113505 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/113496] [12/13/14 Regression] ICE: in cmp, at analyzer/constraint-manager.cc:782 with -fanalyzer -fdump-analyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113496 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/112889] [11/12/13 Regression] ICE with -fanalyzer seen on Linux kernel drivers/infiniband/hw/cxgb4/cm.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112889 David Malcolm changed: What|Removed |Added Summary|ICE with -fanalyzer seen on |[11/12/13 Regression] ICE

[Bug analyzer/109191] GCC static analyzer does not warning `*b = 1` where `b` is 1.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109191 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/109131] [13/14 Regression] -Wanalyzer-deref-before-check false positive seen in git's builtin/show-ref.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109131 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/110928] [14 Regression] ICE with -fanalyzer on -Wanalyzer-out-of-bounds checker

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110928 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-15 Status|UNCONFIRM

[Bug analyzer/112975] [14 Regression] -Wanalyzer-tainted-allocation-size false positive seen in Linux kernel's drivers/xen/privcmd.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112975 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/112974] [14 Regression] -Wanalyzer-tainted-array-index false positive seen on Linux kernel drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112974 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-15 Ever confirmed|0

[Bug analyzer/109577] [13 Regression] -Wanalyzer-allocation-size mishandles __builtin_mul_overflow

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109577 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-15 Ever confirmed|0

[Bug analyzer/110014] [13 Regression] -Wanalyzer-allocation-size mishandles realloc (..., .... * sizeof (object))

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110014 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-15 Ever confirmed|0

[Bug analyzer/111229] -fanalyzer confused about conditional operator branch name

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111229 --- Comment #1 from David Malcolm --- Thanks for filing this. Probably a duplicate of PR 100116.

[Bug analyzer/111266] [13 Regression] Missing -Wanalyzer-out-of-bounds for concrete offset overwrite.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111266 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] Missing |[13 Regression] Missing

[Bug analyzer/111289] [13/14 Regression] Unwarranted -Wanalyzer-va-arg-type-mismatch warning

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111289 David Malcolm changed: What|Removed |Added Summary|Unwarranted |[13/14 Regression] |-

[Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/109251] [13/14 Regression] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to check in macros

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109251 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/105961] -Wanalyzer-use-of-uninitialized-value false positive after "= {0}"

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105961 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/108400] [12/13/14 Regression] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/105755] -Wanalyzer-null-dereference regression compiling Emacs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105755 --- Comment #3 from David Malcolm --- Current status of reproducer on Compiler Explorer: GCC trunk: no warning: https://godbolt.org/z/o6ecKKa8e GCC 13.2: no warning: https://godbolt.org/z/z7hdYx1Y7 GCC 12.3: false +ve: https://godbolt.o

[Bug analyzer/108562] [meta-bug] tracker bug for issues with -Wanalyzer-null-dereference

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108562 Bug 108562 depends on bug 105755, which changed state. Bug 105755 Summary: -Wanalyzer-null-dereference regression compiling Emacs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105755 What|Removed |Added

[Bug analyzer/105755] -Wanalyzer-null-dereference regression compiling Emacs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105755 David Malcolm changed: What|Removed |Added Resolution|--- |WORKSFORME Status|UNCONFIRM

[Bug analyzer/111213] -Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213 David Malcolm changed: What|Removed |Added Status|NEW |SUSPENDED --- Comment #4 from David Mal

[Bug analyzer/109628] -Wanalyzer-use-of-uninitialized-value false positive on static storage

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109628 David Malcolm changed: What|Removed |Added Resolution|--- |WORKSFORME Status|UNCONFIRM

[Bug analyzer/109579] -Wanalyzer-out-of-bounds false positive in Emacs mapping stack

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109579 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/109851] [13/14 Regression] False positive va_arg when iterating through format string with for-loop

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109851 David Malcolm changed: What|Removed |Added Summary|False positive va_arg when |[13/14 Regression] False

[Bug analyzer/110285] [13/14 Regression] -Wanalyzer-infinite-recursion false positive involving floating-point values

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110285 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-16 Ever confirmed|0

<    24   25   26   27   28   29   30   31   32   33   >