[Bug analyzer/109802] [13 Regression] ICE using dubious flexible arrays in unions

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109802 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/113998] [14 Regression] ICE: in get_last_byte_offset, at analyzer/ranges.cc:171 with -fanalyzer and __builtin_strncpy()

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113998 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/113998] [14 Regression] ICE: in get_last_byte_offset, at analyzer/ranges.cc:171 with -fanalyzer and __builtin_strncpy()

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113998 --- Comment #2 from David Malcolm --- Thanks for filing this bug. I'm testing a fix.

[Bug analyzer/113999] [14 Regression] ICE: in string_cst_has_null_terminator, at analyzer/region-model.cc:3651 with -fanalyzer on gcc.dg/tree-ssa/strncpy-2.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113999 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-19 Status|UNCONFIRM

[Bug analyzer/113983] [14 Regression] ICE: tree check: expected integer_cst, have vector_cst in maybe_undo_optimize_bit_field_compare, at analyzer/region-model-manager.cc:606 with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113983 --- Comment #5 from David Malcolm --- (In reply to Andrew Pinski from comment #4) > Fixed. Thanks!

[Bug analyzer/110520] -Wanalyzer-null-dereference false negative with `*ptr = 10086`

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110520 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/111289] [13 Regression] Unwarranted -Wanalyzer-va-arg-type-mismatch warning

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111289 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] |[13 Regression] Unwarranted

[Bug analyzer/113998] [14 Regression] ICE: in get_last_byte_offset, at analyzer/ranges.cc:171 with -fanalyzer and __builtin_strncpy()

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113998 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/113999] [14 Regression] ICE: in string_cst_has_null_terminator, at analyzer/region-model.cc:3651 with -fanalyzer on gcc.dg/tree-ssa/strncpy-2.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113999 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/105898] RFE: -fanalyzer should complain about overlapping args to memcpy and mempcpy

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105898 --- Comment #4 from David Malcolm --- I implemented this a different way, for memcpy, in r14-3556-g034d99e81484fb (by special-casing it). We don't yet check mempcpy, wmemcpy, or wmempcp; keeping bug open to handle those.

[Bug analyzer/111305] [13/14 Regression] GCC Static Analyzer -Wanalyzer-out-of-bounds FP and ICE problem

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111305 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-26 Status|UNCONFIRM

[Bug analyzer/111881] [14 Regression] analyzer: ICE in ensure_closed, at analyzer/constraint-manager.cc:130 with -Ofast

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111881 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/111802] [14 Regression] New analyser diagram failures since commit b365e9d57ad4

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111802 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug middle-end/92830] -fdiagnostics-url shows the wrong URL for warnings which are not in 'gcc' but e.g. in 'gfortran'

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92830 --- Comment #7 from David Malcolm --- (In reply to GCC Commits from comment #5) > The master branch has been updated by David Malcolm : > > https://gcc.gnu.org/g:fa29cf0c3f19b648e30b16fd2485c3c17a528a6e > > commit r10-7994-gfa29cf0c3f19b648e30b

[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483 --- Comment #6 from David Malcolm --- Thanks; let's keep using this PR for the stuff in comment #5. I've been looking at these on gcc211 in the compile farm: * I see out-of-bounds-diagram-11.c failing as you describe (the overflow in test6 is

[Bug analyzer/114159] [13/14 Regression] ICE: in call_info, at analyzer/call-info.cc:143 with -fanalyzer -fanalyzer-call-summaries --param=analyzer-max-svalue-depth=0

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114159 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/114159] [13 Regression] ICE: in call_info, at analyzer/call-info.cc:143 with -fanalyzer -fanalyzer-call-summaries --param=analyzer-max-svalue-depth=0

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114159 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] ICE: in |[13 Regression] ICE: in

[Bug analyzer/114285] Use of uninitialized value when copying a struct field by field

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114285 --- Comment #2 from David Malcolm --- (In reply to Antoni from comment #0) > Created attachment 57655 [details] > Reproducer for the bug [...] > I tried to reproduce in C and I attached the reproducer. Trunk with -fanalyzer: https://godbolt.o

[Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #2 from David Malc

[Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286 --- Comment #3 from David Malcolm --- Looking at https://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html#index-_005f_005fatomic_005fload I see this signature for __atomic_load with 3 arguments: Built-in Function: void __atomic_load (t

[Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286 --- Comment #5 from David Malcolm --- Aha - thanks! Am working on a fix.

[Bug middle-end/114348] Corrupt SARIF output on stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114348 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/111441] [14 Regression] ICE generating access diagram, in fold_binary_loc, at fold-const.cc:11580

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111441 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/111305] [13/14 Regression] GCC Static Analyzer -Wanalyzer-out-of-bounds false postive

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111305 David Malcolm changed: What|Removed |Added Priority|P2 |P3 Summary|[13/14 Regression

[Bug analyzer/110902] Missing cast in region_model_manager::maybe_fold_binop on MULT_EXPR by 1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110902 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/110928] [14 Regression] ICE with -fanalyzer on -Wanalyzer-out-of-bounds checker

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110928 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/113505] [14 Regression] ICE: SIGSEGV in tree_class_check (tree.h:3766) with -O -fdump-analyzer -fanalyzer since r14-6239

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113505 --- Comment #5 from David Malcolm --- Thanks, am testing your patch now.

[Bug middle-end/114348] Corrupt SARIF output on stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114348 --- Comment #5 from David Malcolm --- Should be fixed on trunk for GCC 14 by the above patch. Keeping open to backport. (In reply to Tobias Specht from comment #2) [...snip...] > A workaround could be, to only parse the first line as json, but

[Bug analyzer/113505] [14 Regression] ICE: SIGSEGV in tree_class_check (tree.h:3766) with -O -fdump-analyzer -fanalyzer since r14-6239

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113505 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug analyzer/109251] [13 Regression] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to check in macros

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109251 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED Summary|[13/14 Regr

[Bug analyzer/113619] [14 Regression] -Wanalyzer-tainted-divisor false positive seen in Linux kernel's fs/ceph/ioctl.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113619 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 113619, which changed state. Bug 113619 Summary: [14 Regression] -Wanalyzer-tainted-divisor false positive seen in Linux kernel's fs/ceph/ioctl.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113619 What|

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112974, which changed state. Bug 112974 Summary: [14 Regression] -Wanalyzer-tainted-array-index false positive seen on Linux kernel drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c https://gcc.gnu.org/bugzil

[Bug analyzer/112974] [14 Regression] -Wanalyzer-tainted-array-index false positive seen on Linux kernel drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112974 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/112975] [14 Regression] -Wanalyzer-tainted-allocation-size false positive seen in Linux kernel's drivers/xen/privcmd.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112975 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112975, which changed state. Bug 112975 Summary: [14 Regression] -Wanalyzer-tainted-allocation-size false positive seen in Linux kernel's drivers/xen/privcmd.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112975

[Bug analyzer/114408] [13/14 Regression] ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408 --- Comment #2 from David Malcolm --- Created attachment 57781 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57781&action=edit WIP patch for the the ICE The attached patch seems to fix the ICE. AIUI I'm lazily creating dominance info as

[Bug analyzer/114408] [13/14 Regression] ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #5 from David Malc

[Bug analyzer/108455] -Wanalyzer-deref-before-check false positive seen in git pack-revindex.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108455 --- Comment #5 from David Malcolm --- Note: the above patch caused the ICE in bug 114408.

[Bug analyzer/114408] [13 Regression] ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] ICE when |[13 Regression] ICE when

[Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314 --- Comment #2 from David Malcolm --- (In reply to David Malcolm from comment #1) [...] > 70redo_next: > 71 next = fdtab[fd].update.next; > 72 if (next > -2) > 73goto done; > 74

[Bug analyzer/114472] [14 Regression] ICE: in falls_short_of_p, at analyzer/store.cc:365 (in exceeds_p, at analyzer/store.cc:342) with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114472 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/114473] [13/14 Regression] ICE: in deref_rvalue, at analyzer/region-model.cc:2780 with -fanalyzer -fanalyzer-call-summaries

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114473 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Priority|P3

[Bug analyzer/114473] [13 Regression] ICE: in deref_rvalue, at analyzer/region-model.cc:2780 with -fanalyzer -fanalyzer-call-summaries

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114473 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] ICE: in |[13 Regression] ICE: in

[Bug analyzer/110387] [14 Regression] ICE: in key_t, at analyzer/region.h:1110 with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110387 David Malcolm changed: What|Removed |Added Last reconfirmed||2023-07-19 Ever confirmed|0

[Bug analyzer/110700] ICE with -fanalyzer --analyzer-checker=taint on division of tainted floating-point values

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110700 --- Comment #3 from David Malcolm --- Should be fixed on trunk by the above patch. Keeping open to track backporting to branches for gcc 12 and gcc 13.

[Bug analyzer/110387] [14 Regression] ICE: in key_t, at analyzer/region.h:1110 with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110387 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug analyzer/110433] ASAN reports mismatching new/delete when compiling analyzer testcases

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110433 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug other/86656] [meta-bug] Issues found with -fsanitize=address

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86656 Bug 86656 depends on bug 110433, which changed state. Bug 110433 Summary: ASAN reports mismatching new/delete when compiling analyzer testcases https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110433 What|Removed |

[Bug analyzer/110455] [14 Regression] tree check: expected none of vector_type, have vector_type in get_gassign_result, at analyzer/region-model.cc:870 with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110455 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug middle-end/110612] text-art: four clang warnings

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110612 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/109365] Double delete yields -Wanalyzer-use-after-free instead of -Wanalyzer-double-free

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109365 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org

[Bug analyzer/109361] RFE: SARIF output could contain timing/profile information

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361 --- Comment #4 from David Malcolm --- 1st patch posted for this (adding -fsarif-time-report): https://gcc.gnu.org/pipermail/gcc-patches/2023-April/615109.html 2nd patch: https://gcc.gnu.org/pipermail/gcc-patches/2023-July/625767.html

[Bug analyzer/109361] RFE: SARIF output could contain timing/profile information

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/110830] -Wanalyzer-use-of-uninitialized-value false negative due to use-after-free::supercedes_p.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110830 --- Comment #1 from David Malcolm --- For reference, I implemented use_after_free::supercedes_p in commit g:33255ad3ac14e3953750fe0f2d82b901c2852ff6 as part of the gcc 12 (re)implementation of -Wanalyzer-use-of-uninitialized-value.

[Bug analyzer/110830] -Wanalyzer-use-of-uninitialized-value false negative due to use-after-free::supercedes_p.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110830 --- Comment #2 from David Malcolm --- The "supercedes_p" logic is called in diagnostic_manager::emit_saved_diagnostics here: best_candidates.handle_interactions (this); I *think* every saved_diagnostic ought to have a non-NULL m_best_epath by

[Bug analyzer/110882] New: ICE with -fanalyzer on zero-sized array

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- ICE seen with -fanalyzer on this code: - struct csv_row { char *columns

[Bug analyzer/110882] ICE with -fanalyzer on zero-sized array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882 --- Comment #1 from David Malcolm --- It's failing this assertion: #1 0x016e2295 in ana::binding_key::make (mgr=0x7fff91d8, r=0x3275340) at ../../src/gcc/analyzer/store.cc:132 132 gcc_assert (bit_size > 0); (gdb) list

[Bug analyzer/110882] ICE with -fanalyzer on zero-sized array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/110882] [13 Regression] ICE with -fanalyzer on zero-sized array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] ICE with |[13 Regression] ICE with

[Bug analyzer/108171] [13/14 Regression] ICE in binding_key::make, at analyzer/store.cc:132 since r13-4529-gdfe2ef7f2b6cac70

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108171 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #5 from David Malc

[Bug analyzer/108171] [13/14 Regression] ICE in binding_key::make, at analyzer/store.cc:132 since r13-4529-gdfe2ef7f2b6cac70

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108171 David Malcolm changed: What|Removed |Added Resolution|--- |DUPLICATE Status|ASSIGNED

[Bug analyzer/110882] [13 Regression] ICE with -fanalyzer on zero-sized array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882 David Malcolm changed: What|Removed |Added CC||asolokha at gmx dot com --- Comment #6

[Bug analyzer/110902] New: Missing cast in region_model_manager::maybe_fold_binop on MULT_EXPR by 1

: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Whilst trying to fix PR analyzer/110426, I noticed that region_model_manager::maybe_fold_binop doesn't always retur

[Bug analyzer/110426] Missing buffer overflow warning with function pointer that has the alloc_size attribute

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110426 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #4 from David Malcolm --- Some ideas of projects we could analyze: - minimal Cython-generated C file - https://pypi.org/project/psycopg2/ - https://pypi.org/project/numpy

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #5 from David Malcolm --- How precisely to track behavior of API entrypoints? We can’t implement known_functions that precisely model every entrypoint. Consider: https://docs.python.org/3/c-api/dict.html#c.PyDict_SetItem which has:

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #6 from David Malcolm --- (In reply to David Malcolm from comment #5) > How precisely to track behavior of API entrypoints? We can’t implement > known_functions that precisely model every entrypoint. > > Consider: > https://docs.py

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #7 from David Malcolm --- (In reply to David Malcolm from comment #6) > (In reply to David Malcolm from comment #5) > Some attribute ideas: > > extern int PyDict_SetItem(PyObject *p, PyObject *key, PyObject *val) > __attribute__((

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #8 from David Malcolm --- (In reply to David Malcolm from comment #4) > Some ideas of projects we could analyze: * https://pypi.org/project/mercurial/ ; see: https://repo.mercurial-scm.org/hg-stable/file/tip/mercurial/cext

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 David Malcolm changed: What|Removed |Added Last reconfirmed||2023-08-17 Status|UNCONFIRM

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #9 from David Malcolm --- (In reply to David Malcolm from comment #4) > Some ideas of projects we could analyze: https://github.com/fedora-python/python-ethtool (Although deprecated, it's relatively small and has been ported to Pyth

[Bug analyzer/111099] -fanalyzer -Os segmentation fault

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111099 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/111099] -fanalyzer -Os segmentation fault due to infinite recursion in ana::constraint_manager::eval_condition

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111099 --- Comment #2 from David Malcolm --- Infinite recursion within ana::constraint_manager::eval_condition; possible duplicate of bug 109027

[Bug analyzer/109027] [13/14 Regression] ICE: SIGSEGV (infinite recursion in ana::constraint_manager::eval_condition / ana::constraint_manager::impossible_derived_conditions_p) with -fanalyzer since r

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109027 --- Comment #6 from David Malcolm --- Bug 111099 is possibly a duplicate of this.

[Bug analyzer/111144] New: RFE: could -fanalyzer warn about assertions that have side effects?

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- >From IRC: dmalcolm__: I wonder if there's any way that the analyzer could find suspicious asserts (asserts w/ side

[Bug analyzer/111144] RFE: could -fanalyzer warn about assertions that have side effects?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44 --- Comment #1 from David Malcolm --- See e.g.: https://wiki.sei.cmu.edu/confluence/display/c/PRE31-C.+Avoid+side+effects+in+arguments+to+unsafe+macros https://stackoverflow.com/questions/10593492/catching-assert-with-side-effects cppcheck:

[Bug analyzer/111144] RFE: could -fanalyzer warn about assertions that have side effects?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44 --- Comment #2 from David Malcolm --- See also bug 6906 and bug 57612

[Bug analyzer/111155] New: RFE: better diagrams for string operations

: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- See https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=99a3fcb8ff0bf27407c525415384372189e2c3cc The generated diagrams could be improved. Specifically: - we should show

[Bug analyzer/111213] -Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213 David Malcolm changed: What|Removed |Added Summary|-Wanalyzer-out-of-bounds|-Wanalyzer-out-of-bounds

[Bug analyzer/110529] Analyzer fails to handle computed goto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110529 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Summary|-Wanalyzer-null-

[Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/111312] New: Should the analyzer run earlier?

Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 111095, 111213 Target Milestone: --- I made the analyzer run when it does in order to take advantage of the LTO streaming representation. But: I'm having to recommend disa

[Bug analyzer/111213] -Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed|

[Bug analyzer/111095] -Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095 --- Comment #2 from David Malcolm --- (In reply to David Malcolm from comment #1) [...] > I'll open a bug about that. Filed as bug 111312; made this one block that one.

[Bug analyzer/110520] -Wanalyzer-null-dereference false nagetive with `*ptr = 10086`

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110520 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/111329] [14 regression] gcc.dg/analyzer/out-of-bounds-diagram-1-debug.c fails after r14-3745-g4f4fa2501186e4

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111329 --- Comment #2 from David Malcolm --- Possibly another duplicate of bug 110483.

[Bug analyzer/110529] Analyzer fails to handle computed goto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110529 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/111312] Should the analyzer run earlier?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111312 David Malcolm changed: What|Removed |Added CC||rguenth at gcc dot gnu.org --- Comment

[Bug jit/111396] Segfault when using -flto with libgccjit

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111396 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/111312] Should the analyzer run earlier?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111312 --- Comment #3 from David Malcolm --- Another example can be seen here: https://gcc.gnu.org/pipermail/gcc-patches/2023-August/628759.html in: gcc/testsuite/c-c++-common/analyzer/overlapping-buffers.c where -Wanalyzer-overlapping-buffers only

[Bug analyzer/111567] New: RFE: support counted_by in analyzer

Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: ---

[Bug analyzer/111567] RFE: support __attribute__((counted_by)) in -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111567 --- Comment #1 from David Malcolm --- This PR tracks adding support for the attribute to -fanalyzer (which I can take a look at). Adding the attribute itself is tracked by PR 108896.

[Bug analyzer/104940] RFE: integrate analyzer with an SMT solver

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104940 --- Comment #5 from David Malcolm --- See also: https://kristerw.github.io/2022/11/01/verifying-optimizations/

[Bug analyzer/104940] RFE: integrate analyzer with an SMT solver

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104940 --- Comment #6 from David Malcolm --- https://github.com/kristerw/pysmtgcc

[Bug driver/111700] ICE: SIGSEGV in needs_read_p (input.cc:598) with -fdiagnostics-format=sarif-file or -fdiagnostics-format=sarif-stderr on pre-processed input

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111700 David Malcolm changed: What|Removed |Added Last reconfirmed||2023-10-06 Ever confirmed|0

[Bug driver/111700] ICE: SIGSEGV in needs_read_p (input.cc:598) with -fdiagnostics-format=sarif-file or -fdiagnostics-format=sarif-stderr on pre-processed input

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111700 --- Comment #3 from David Malcolm --- Should be fixed on trunk by the above patch. Keeping open to track backporting the fix to gcc 13.

<    25   26   27   28   29   30   31   32   33   34   >