[Bug analyzer/107582] - -Wanalyzer-use-of-uninitialized-value false positive with while loop in pthread_cleanup_push

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107582 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106325] -Wanalyzer-null-dereference false positive due to analyzer not making assumptions for `__attribute__((nonnull))`

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106325 --- Comment #10 from David Malcolm --- Should be fixed on gcc 12 branch by the above (for the eventual gcc 12.3 release). Still affects GCC 11 and GCC 10.

[Bug analyzer/108704] Many -Wanalyzer-use-of-uninitialized-value false positives seen in qemu's softfloat.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108704 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/108733] -Wanalyzer-use-of-uninitialized-value false positives seen with __attribute__((cleanup))

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108733 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/105273] -Wanalyzer-use-of-uninitialized-value warns on "missing" default for switch when callers can be statically determined

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105273 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug testsuite/109360] New: RFE: check that generated .sarif files validate against the SARIF schema

: normal Priority: P3 Component: testsuite Assignee: unassigned at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Created attachment 54798 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54798&action=edit WIP progress p

[Bug other/109163] SARIF (and other JSON) output files are non-deterministic

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109163 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|WAITING

[Bug analyzer/109361] New: RFE: SARIF output could contain timing/profile information

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- My integration tests for -fanalyzer don't yet track how long the analyzer takes on the real-world cases. It would be nice for the .

[Bug analyzer/109361] RFE: SARIF output could contain timing/profile information

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361 --- Comment #1 from David Malcolm --- Some existing SARIF properties we could generate: 3.20.7 startTimeUtc property An invocation object MAY contain a property named sta

[Bug analyzer/109365] Double delete yields -Wanalyzer-use-after-free instead of -Wanalyzer-double-free

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109365 --- Comment #1 from David Malcolm --- (In reply to Benjamin Priour from comment #0) [...] > (Note: sorry David, I've binged through bugzilla doc and gcc bugs page yet I > cannot seem to find the way to add this to the 'analyzer-c++' block, nor d

[Bug analyzer/109361] RFE: SARIF output could contain timing/profile information

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361 David Malcolm changed: What|Removed |Added Last reconfirmed||2023-03-31 Ever confirmed|0

[Bug analyzer/109361] RFE: SARIF output could contain timing/profile information

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361 --- Comment #3 from David Malcolm --- Created attachment 54804 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54804&action=edit v1 of patch for this This patch works, but it also enables the output on stderr, and I see significant differe

[Bug analyzer/106626] Improvements to wording of -Wanalyzer-out-of-bounds

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106626 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/106000] RFE: -fanalyzer should complain about memory accesses that are definitely out-of-bounds

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106000 David Malcolm changed: What|Removed |Added Blocks||109432 --- Comment #8 from David Malcol

[Bug analyzer/109570] detect fclose on unopened or NULL files

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109570 --- Comment #2 from David Malcolm --- Thanks for filing this bug. I think -fanalyzer should warn about fclose(NULL), but not for free(NULL).

[Bug analyzer/109580] #pragma GCC diagnostic ignored "-Wanalyzer-fd-leak" is ineffective

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109580 David Malcolm changed: What|Removed |Added Last reconfirmed||2023-04-21 Ever confirmed|0

[Bug analyzer/109580] #pragma GCC diagnostic ignored "-Wanalyzer-fd-leak" is ineffective

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109580 --- Comment #2 from David Malcolm --- The warning is emitted on this statement: _23 = _3 | _5; within this basic block in the optimized code: [local count: 217325344]: nfd_26 = emacs_open_noquit ("/dev/null", 2, 0); _3 = nfd_26 < 0;

[Bug analyzer/109580] #pragma GCC diagnostic ignored "-Wanalyzer-fd-leak" is ineffective

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109580 --- Comment #3 from David Malcolm --- The optimized stmt with UNKNOWN_LOCATION is created from: (gdb) call inform(stmt->location, "stmt in gimple_simplify") ../../src/pr109580.c:10:9: note: stmt in gimple_simplify 10 | err |= dup2(nfd, 0

[Bug analyzer/109580] #pragma GCC diagnostic ignored "-Wanalyzer-fd-leak" is ineffective

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109580 David Malcolm changed: What|Removed |Added CC||rguenth at gcc dot gnu.org --- Comment

[Bug analyzer/114588] New: Analyzer buffer overflow ASCII art hardcodes "RED" and "GREEN" as the terminal colors

Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- As noted by ycombinator user "ephaeton" here: https://news.ycombinato

[Bug analyzer/114594] New: Issues seen with -Wanalyzer-malloc-leak on htop/XUtils.c: String_split

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org CC: BenBE at geshi dot org Target Milestone: --- Created attachment 57881 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57

[Bug analyzer/114594] Issues seen with -Wanalyzer-malloc-leak on htop/XUtils.c: String_split

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114594 --- Comment #1 from David Malcolm --- The "leak" was fixed in htop by https://github.com/htop-dev/htop/commit/62c2d820add3dadea7569af051d2afd804f08432

[Bug analyzer/114616] New: RFE: show type and possible ranges of size in -Wanalyzer-tainted-size and -Wanalyzer-tainted-allocation-size

Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- It's really helpful when triaging analyzer reports from -Wana

[Bug analyzer/114588] Analyzer buffer overflow ASCII art hardcodes "RED" and "GREEN" as the terminal colors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114588 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/94365] false positive leak when using container_of-like constructs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94365 --- Comment #3 from David Malcolm --- (In reply to David Malcolm from comment #2) > Testing again with trunk (for GCC 12); the false leak of ‘a’ report still > occurs, but the -Wanalyzer-free-of-non-heap report is fixed. False leak still present

[Bug analyzer/114472] [14 Regression] ICE: in falls_short_of_p, at analyzer/store.cc:365 (in exceeds_p, at analyzer/store.cc:342) with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114472 --- Comment #3 from David Malcolm --- I'm testing a fix for this.

[Bug analyzer/114677] [13/14 Regression] -Wanalyzer-fd-leak false positive writing to int * param

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114677 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed|

[Bug analyzer/114472] [14 Regression] ICE: in falls_short_of_p, at analyzer/store.cc:365 (in exceeds_p, at analyzer/store.cc:342) with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114472 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/114778] ICE: in get_region_for_local, at analyzer/region.cc:1366

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114778 --- Comment #1 from David Malcolm --- Thanks for filing this. It's failing this assertion in frame_region::get_region_for_local : 1421case VAR_DECL: 1422 gcc_assert (!is_global_var (expr)); 1423 /* Fall th

[Bug analyzer/106634] [13/14 Regression] ICE in get_region_for_local with nested function extension since r13-2029-g7e3b45befdbbf1a1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106634 David Malcolm changed: What|Removed |Added CC||iamanonymous.cs at gmail dot com --- C

[Bug analyzer/114778] ICE: in get_region_for_local, at analyzer/region.cc:1366

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114778 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug target/113235] SMHasher SHA3-256 benchmark is almost 40% slower vs. Clang (not enough complete loop peeling)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113235 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org

[Bug analyzer/111475] [14/15 regression] Many C++ analyzer tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111475 --- Comment #9 from David Malcolm --- Sorry about this. Is there a machine in the compile farm I can test this on?

[Bug analyzer/111475] [14/15 regression] Many C++ analyzer tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111475 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #11 from David Mal

[Bug analyzer/114896] analyzer: false-positive with VLA (analyzer-out-of-bounds, CWE-121)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114896 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/114920] null_terminated_string_arg attribute does not warn for non-nul-terminated strings

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114920 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/111475] [14 regression] Many C++ analyzer tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111475 David Malcolm changed: What|Removed |Added Target Milestone|14.0|14.2 Summary|[14/15 regressi

[Bug analyzer/112792] -Wanalyzer-out-of-bounds false positives seen on Linux kernel with certain unions

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112792 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Summary|[13 Regression

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112792, which changed state. Bug 112792 Summary: -Wanalyzer-out-of-bounds false positives seen on Linux kernel with certain unions https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112792 What|Removed

[Bug analyzer/114408] ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/114473] ICE: in deref_rvalue, at analyzer/region-model.cc:2780 with -fanalyzer -fanalyzer-call-summaries

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114473 David Malcolm changed: What|Removed |Added Summary|[13 Regression] ICE: in |ICE: in deref_rvalue, at

[Bug analyzer/109251] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to check in macros

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109251 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Summary|[13 Regress

[Bug analyzer/111289] Unwarranted -Wanalyzer-va-arg-type-mismatch warning

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111289 David Malcolm changed: What|Removed |Added Summary|[13 Regression] Unwarranted |Unwarranted |-Wanalyz

[Bug analyzer/113253] [11/12 Regression] gcc -g causes -fanalyzer to issue false positive

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113253 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] gcc |[11/12 Regression] gcc -g

[Bug analyzer/112969] [11/12 Regression] -Wanalyzer-exposure-through-uninit-copy false positive seen on Linux kernel's drivers/net/ethernet/intel/ice/ice_ptp.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112969 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] |[11/12 Regression] |-

[Bug analyzer/113333] [11/12 Regression] analyzer: False positives with calloc()

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=11 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] |[11/12 Regression] |a

[Bug analyzer/112790] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Summary|[13 Regression

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112790, which changed state. Bug 112790 Summary: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790 What|Removed

[Bug analyzer/112889] [11/12 Regression] ICE with -fanalyzer seen on Linux kernel drivers/infiniband/hw/cxgb4/cm.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112889 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] ICE |[11/12 Regression] ICE with

[Bug analyzer/110882] ICE with -fanalyzer on zero-sized array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/110700] [12 Regression] ICE with -fanalyzer --analyzer-checker=taint on division of tainted floating-point values

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110700 David Malcolm changed: What|Removed |Added Summary|[12/13 Regression] ICE with |[12 Regression] ICE with

[Bug analyzer/110014] -Wanalyzer-allocation-size mishandles realloc (..., .... * sizeof (object))

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110014 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/109577] -Wanalyzer-allocation-size mishandles __builtin_mul_overflow

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109577 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/110112] [11/12 Regression] gcc -fanalyzer takes an excessive amount of time

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110112 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] gcc |[11/12 Regression] gcc

[Bug middle-end/114348] Corrupt SARIF output on stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114348 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug driver/111700] ICE: SIGSEGV in needs_read_p (input.cc:598) with -fdiagnostics-format=sarif-file or -fdiagnostics-format=sarif-stderr on pre-processed input

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111700 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug jit/110466] jit.dg FAILs on ppc64le

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110466 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #11 from David Malcolm --- I've created a wiki page to track this project: https://gcc.gnu.org/wiki/StaticAnalyzer/CPython

[Bug analyzer/115089] -Wanalyzer-use-of-uninitialized-value false negative

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115089 --- Comment #3 from David Malcolm --- FWIW, adding -fno-analyzer-state-merge makes it find the issue; see https://godbolt.org/z/Ecfe9oqjv : In function 'main': :16:16: warning: use of uninitialized value 'x' [CWE-457] [-Wanalyzer-use-of-uniniti

[Bug analyzer/115089] -Wanalyzer-use-of-uninitialized-value false negative due to overzealous state merging

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115089 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Summary|-Wanalyzer-use-of-

[Bug analyzer/114899] [14 regression] Segmentation fault with -fsanitize=undefined and -fanalyzer since r14-2029-g0e466e978c7

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114899 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Summary|[14/15 regression]

[Bug bootstrap/115167] [15 Regression] CFG edge visualization to path-printing bootstrap failure

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115167 --- Comment #1 from David Malcolm --- Thanks for filing this, and sorry for the breakage. Is there a cfarm machine that I ought to be able to reproduce this on? I'm trying with cfarm111, but get this configure error: $ ../src/configure --wit

[Bug bootstrap/115167] [15 Regression] CFG edge visualization to path-printing bootstrap failure

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115167 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #4 from David Malc

[Bug analyzer/115203] [15 Regression] Build fail with non LANG=C in analyzer self test: ICE in fail_formatted at selftest.cc:63 / tree-diagnostic-path.cc:2158: test_control_flow_5: FAIL: ASSERT_STREQ

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115203 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/115203] [15 Regression] Build fail with non LANG=C in analyzer self test: ICE in fail_formatted at selftest.cc:63 / tree-diagnostic-path.cc:2158: test_control_flow_5: FAIL: ASSERT_STREQ

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115203 --- Comment #3 from David Malcolm --- (In reply to Tobias Burnus from comment #2) > Thus, one way would be to have LANG=C set somewhere (e.g. via the Makefile - > assuming it can be done portable). I'd prefer not to do that as we may want to h

[Bug bootstrap/115167] [15 Regression] CFG edge visualization to path-printing bootstrap failure

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115167 --- Comment #5 from David Malcolm --- Created attachment 58278 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=58278&action=edit WIP patch to split out the classes into the c-family I tried the attached patch, to move the pertinent code to

[Bug analyzer/115203] [15 Regression] Build fail with non LANG=C in analyzer self test: ICE in fail_formatted at selftest.cc:63 / tree-diagnostic-path.cc:2158: test_control_flow_5: FAIL: ASSERT_STREQ

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115203 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug bootstrap/115167] [15 Regression] CFG edge visualization to path-printing bootstrap failure

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115167 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/106203] Allow to emit diagnostics at return edges for the exit point as well as the call site

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106203 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/105888] RFE: -fanalyzer should complain when an on-stack address escapes/outlives the function

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105888 Bug 105888 depends on bug 106203, which changed state. Bug 106203 Summary: Allow to emit diagnostics at return edges for the exit point as well as the call site https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106203 What|Removed

[Bug c++/108155] no warning for for (int i = 1; 1 <= 12; ++i)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108155 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org

[Bug plugins/115288] [15 Regression] File label-text.h not part of installation since r15-874-g9bda2c4c81b668

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115288 --- Comment #5 from David Malcolm --- Sorry about the breakage; thanks for fixing this

[Bug analyzer/105892] RFE: -fanalyzer could complain about pointer subtraction of pointers to different memory chunks

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105892 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/105887] [meta-bug] clang analyzer warnings that GCC's -fanalyzer could implement

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887 Bug 105887 depends on bug 105892, which changed state. Bug 105892 Summary: RFE: -fanalyzer could complain about pointer subtraction of pointers to different memory chunks https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105892 What|R

[Bug analyzer/111537] ICE: in set_cell_span, at text-art/table.cc:148 with D front-end and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537 David Malcolm changed: What|Removed |Added Last reconfirmed||2023-10-11 Ever confirmed|0

[Bug analyzer/111537] ICE: in set_cell_span, at text-art/table.cc:148 with D front-end and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537 --- Comment #4 from David Malcolm --- (In reply to David Malcolm from comment #3) > Thanks; that reproducer works for me. ...or rather, demonstrates the ICE in a way that I can see in the debugger.

[Bug analyzer/111537] ICE: in set_cell_span, at text-art/table.cc:148 with D front-end and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537 --- Comment #5 from David Malcolm --- It's complaining about the read from the string literal. If I change the string in the reproducer from "hello world" to "foo", I see: (gdb) pt string_cst unit-size align:8 warn_i

[Bug analyzer/111537] ICE: in set_cell_span, at text-art/table.cc:148 with D front-end and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537 --- Comment #6 from David Malcolm --- Oops; the above got truncated; the string_cst prints as follows in gdb (gdb) pt string_cst unit-size align:8 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type 0x7fffea77293

[Bug analyzer/112317] Latest set of clang warnings

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112317 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug other/112425] New: Invalid SARIF output when column number is zero

Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- We use column number == 0 to mean "the whole line". As noted in: https://gcc.gnu.org/pipermail/gcc-patches/2023-November/6

[Bug analyzer/112528] New: State explosions in gcc.dg/analyzer/pr93032-mztools-{signed,unsigned}-char.c when enabling taint checker

Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- The only remaining issue with enabling taint by default in

[Bug analyzer/103533] Enable "taint" state machine with -fanalyzer without requiring -fanalyzer-checker=taint

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103533 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/109077] Analyzer header not installed

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109077 David Malcolm changed: What|Removed |Added Blocks||107646 Ever confirmed|0

[Bug analyzer/109077] Analyzer headers not installed

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109077 --- Comment #2 from David Malcolm --- PLUGIN_ANALYZER_INIT was added in r11-5583-g66dde7bc64b75d, so presumably this affects GCC 11 onwards.

[Bug analyzer/109077] Analyzer headers not installed

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109077 --- Comment #4 from David Malcolm --- Should be fixed on trunk for GCC 14 by the above patch. Keeping open to track backporting to the GCC 11, 12 and 13 branches.

[Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining

Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- https://godbolt.org/z/4fjjcfbPb False positive on: typedef unsigned char u8; struct inode { void *i_mapping

[Bug analyzer/112790] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790 David Malcolm changed: What|Removed |Added Last reconfirmed||2023-11-30 Ever confirmed|0

[Bug analyzer/112792] New: -Wanalyzer-out-of-bounds seen on Linux kernel with certain unions

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- typedef unsigned int u32

[Bug analyzer/112811] New: ICE in -fanalyzer in has_null_terminator

: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- -fanalyzer with trunk ICEs on: struct foo_laptop_debug { struct dentry *root; unsigned long size; }; struct foo_laptop { void *placeholder

[Bug analyzer/112850] New: -Wanalyzer-tainted-allocation-size false positive seen in Linux kernel's sound/core/rawmidi.c

IRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- False positive at -O1 and above with: /* { dg-do compile } */ /*

[Bug c/107016] [meta-bug] tracker bug for supporting "sparse" attributes in GCC

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107016 David Malcolm changed: What|Removed |Added Blocks|106358 | --- Comment #2 from David Malcolm ---

[Bug analyzer/112889] New: ICE with -fanalyzer seen on Linux kernel drivers/infiniband/hw/cxgb4/cm.c

: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- Affects only trunk (for gcc 14): https://godbolt.org/z/Tshdnvshx typedef unsigned char __u8

[Bug analyzer/112889] ICE with -fanalyzer seen on Linux kernel drivers/infiniband/hw/cxgb4/cm.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112889 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/112850] -Wanalyzer-tainted-allocation-size false positive seen in Linux kernel's sound/core/rawmidi.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112850 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112850, which changed state. Bug 112850 Summary: -Wanalyzer-tainted-allocation-size false positive seen in Linux kernel's sound/core/rawmidi.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112850 What|Rem

[Bug middle-end/112895] ICE: error reporting routines re-entered. (in check_tag cp/class.cc:1474) with -fdiagnostics-format=sarif-stderr on simple C++ code

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112895 David Malcolm changed: What|Removed |Added Last reconfirmed||2023-12-07 Status|UNCONFIRM

[Bug analyzer/112889] ICE with -fanalyzer seen on Linux kernel drivers/infiniband/hw/cxgb4/cm.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112889 --- Comment #3 from David Malcolm --- Should be fixed on trunk by the above patch. Keeping open to backport to older releases.

[Bug analyzer/112927] New: -Wanalyzer-tainted-size false positive seen in Linux kernel's drivers/char/ipmi/ipmi_devintf.c

IRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- Created attachment 56837 --> https://gcc.gnu.org/

[Bug analyzer/109015] Analyzer doesn't know about atomic builtins

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109015 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/110172] New: Leak false positives from -fanalyzer with -fexceptions (even on C code)

: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- As noted by Reddit user "kr90df" here: https://www.reddit.com/r/C_Programming/commen

<    27   28   29   30   31   32   33   34   35   36   >