public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/100546] New: -Wanayzer-null-dereference false positive through noreturn function pointer
@ 2021-05-11 21:07 andrew at ishiboo dot com
2021-05-18 13:03 ` [Bug analyzer/100546] " dmalcolm at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: andrew at ishiboo dot com @ 2021-05-11 21:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100546
Bug ID: 100546
Summary: -Wanayzer-null-dereference false positive through
noreturn function pointer
Product: gcc
Version: 11.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: andrew at ishiboo dot com
Target Milestone: ---
Test case:
$ cat /tmp/test.cpp
#include <cstdio>
#include <cstdlib>
static void noReturn(const char *str) __attribute__((noreturn));
static void noReturn(const char *str) {
printf("%s\n", str);
exit(1);
}
void (*noReturnPtr)(const char *str) = &noReturn;
int main(int argc, char **argv) {
char *str = 0;
if (!str)
noReturnPtr(__FILE__);
return printf("%c\n", *str);
}
Output:
$ g++-11 -fanalyzer -c /tmp/test.cpp
/tmp/test.cpp: In function 'int main(int, char**)':
/tmp/test.cpp:16:27: warning: dereference of NULL 'str' [CWE-476]
[-Wanalyzer-null-dereference]
16 | return printf("%c\n", *str);
| ^~~~
'int main(int, char**)': events 1-4
|
| 13 | char *str = 0;
| | ^~~
| | |
| | (1) 'str' is NULL
| 14 | if (!str)
| | ~~
| | |
| | (2) following 'true' branch (when 'str' is NULL)...
| 15 | noReturnPtr(__FILE__);
| | ~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
| 16 | return printf("%c\n", *str);
| | ~~~~
| | |
| | (4) dereference of NULL 'str'
|
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/100546] -Wanayzer-null-dereference false positive through noreturn function pointer
2021-05-11 21:07 [Bug analyzer/100546] New: -Wanayzer-null-dereference false positive through noreturn function pointer andrew at ishiboo dot com
@ 2021-05-18 13:03 ` dmalcolm at gcc dot gnu.org
2021-08-18 17:41 ` cvs-commit at gcc dot gnu.org
2021-11-30 20:47 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-05-18 13:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100546
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2021-05-18
Status|UNCONFIRMED |ASSIGNED
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
The "noreturn"-ness of the function pointer is affected by attributes. Hence
if you add the attribute to the function pointer type, the warning goes away:
void (*noReturnPtr)(const char *str) __attribute__((noreturn)) = &noReturn;
That said, given that we're in "main", the analyzer ought to figure out that
noReturnPtr can't have been changed by the point of the call, and for some
reason it's not doing that; am investigating.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/100546] -Wanayzer-null-dereference false positive through noreturn function pointer
2021-05-11 21:07 [Bug analyzer/100546] New: -Wanayzer-null-dereference false positive through noreturn function pointer andrew at ishiboo dot com
2021-05-18 13:03 ` [Bug analyzer/100546] " dmalcolm at gcc dot gnu.org
@ 2021-08-18 17:41 ` cvs-commit at gcc dot gnu.org
2021-11-30 20:47 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-08-18 17:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100546
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Ankur saini <arsenic@gcc.gnu.org>:
https://gcc.gnu.org/g:aef703cf982072427e74034f4c460a11c5e04b8e
commit r12-3002-gaef703cf982072427e74034f4c460a11c5e04b8e
Author: Ankur Saini <arsenic@sourceware.org>
Date: Thu Jul 29 15:48:07 2021 +0530
analyzer: detect and analyze calls via function pointer
2021-07-29 Ankur Saini <arsenic@sourceware.org>
gcc/analyzer/ChangeLog:
PR analyzer/100546
* analysis-plan.cc (analysis_plan::use_summary_p): Don't use call
summaries if there is no callgraph edge
* checker-path.cc (call_event::call_event): Handle calls events
that
are not represented by a supergraph call edge
(return_event::return_event): Likewise.
(call_event::get_desc): Work with new call_event structure.
(return_event::get_desc): Likeise.
* checker-path.h (call_event::m_src_snode): New field.
(call_event::m_dest_snode): New field.
(return_event::m_src_snode): New field.
(return_event::m_dest_snode): New field.
* diagnostic-manager.cc
(diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>:
Refactor to work with edges without callgraph edge.
(diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>:
Likewise.
* engine.cc (dynamic_call_info_t::update_model): New function.
(dynamic_call_info_t::add_events_to_path): New function.
(exploded_graph::create_dynamic_call): New function.
(exploded_graph::process_node): Work with dynamically discovered
calls.
* exploded-graph.h (class dynamic_call_info_t): New class.
(exploded_graph::create_dynamic_call): New decl.
* program-point.cc (program_point::push_to_call_stack): New
function.
(program_point::pop_from_call_stack): New function.
* program-point.h (program_point::push_to_call_stack): New decl.
(program_point::pop_from_call_stack): New decl.
* program-state.cc (program_state::push_call): New function.
(program_state::returning_call): New function.
* program-state.h (program_state::push_call): New decl.
(program_state::returning_call): New decl.
* region-model.cc (region_model::update_for_gcall) New function.
(region_model::update_for_return_gcall): New function.
(egion_model::update_for_call_superedge): Get the underlying gcall
and
update for gcall.
(region_model::update_for_return_superedge): Likewise.
* region-model.h (region_model::update_for_gcall): New decl.
(region_model::update_for_return_gcall): New decl.
* state-purge.cc (state_purge_per_ssa_name::process_point): Update
to
work with calls without underlying cgraph edge.
* supergraph.cc (supergraph::supergraph) Split snodes at every
callsite.
* supergraph.h (supernode::get_returning_call) New accessor.
gcc/testsuite/ChangeLog:
PR analyzer/100546
* gcc.dg/analyzer/function-ptr-4.c: New test.
* gcc.dg/analyzer/pr100546.c: New test.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/100546] -Wanayzer-null-dereference false positive through noreturn function pointer
2021-05-11 21:07 [Bug analyzer/100546] New: -Wanayzer-null-dereference false positive through noreturn function pointer andrew at ishiboo dot com
2021-05-18 13:03 ` [Bug analyzer/100546] " dmalcolm at gcc dot gnu.org
2021-08-18 17:41 ` cvs-commit at gcc dot gnu.org
@ 2021-11-30 20:47 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-11-30 20:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100546
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Fixed on trunk by the above commit for GCC 12: https://godbolt.org/z/17acsYMx5
Marking this one as resolved.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-30 20:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-11 21:07 [Bug analyzer/100546] New: -Wanayzer-null-dereference false positive through noreturn function pointer andrew at ishiboo dot com
2021-05-18 13:03 ` [Bug analyzer/100546] " dmalcolm at gcc dot gnu.org
2021-08-18 17:41 ` cvs-commit at gcc dot gnu.org
2021-11-30 20:47 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).