public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/103521] New: [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585
@ 2021-12-01 19:09 seurer at gcc dot gnu.org
2021-12-02 10:54 ` [Bug analyzer/103521] " rguenth at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: seurer at gcc dot gnu.org @ 2021-12-01 19:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103521
Bug ID: 103521
Summary: [12 regression] gcc.dg/analyzer/pr93032-mztools.c
broken after r12-5585
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: seurer at gcc dot gnu.org
Target Milestone: ---
g:132902177138c09803d639e12b1daebf2b9edddc, r12-5585
make -k check-gcc
RUNTESTFLAGS="analyzer.exp=gcc.dg/analyzer/pr93032-mztools.c"
FAIL: gcc.dg/analyzer/pr93032-mztools.c leak of fpZip (test for warnings, line
328)
FAIL: gcc.dg/analyzer/pr93032-mztools.c leak of fpOut (test for warnings, line
328)
FAIL: gcc.dg/analyzer/pr93032-mztools.c leak of fpOutCD (test for warnings,
line 328)
FAIL: gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
# of unexpected failures 4
commit 132902177138c09803d639e12b1daebf2b9edddc (HEAD, refs/bisect/bad)
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Nov 29 11:47:47 2021 -0500
analyzer: further false leak fixes due to overzealous state merging
[PR103217]
spawn -ignore SIGHUP /home3/seurer/gcc/git/build/gcc-test/gcc/xgcc
-B/home3/seurer/gcc/git/build/gcc-test/gcc/
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c
-fdiagnostics-plain-output -fanalyzer -Wanalyzer-too-complex
-fanalyzer-call-summaries -S -o pr93032-mztools.s
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:
In function 'unzRepair':
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:174:15:
warning: terminating analysis for this program point: callstring: [] before
(SN: 34 stmt: 0): free (data_386);EN: 164-166, EN: 391, EN: 587-588, EN: 753,
EN: 949 [-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:157:15:
warning: terminating analysis for this program point: callstring: [] before
(SN: 25 stmt: 0): dataSize_383 = (int) cpsize_361;EN: 96-97, EN: 357, EN:
519-520, EN: 719, EN: 881-882 [-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11:
warning: terminating analysis for this program point: callstring: [] before
(SN: 56 stmt: 0): entriesZip_459 = entries_306;EN: 1107-1114
[-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:299:31:
warning: terminating analysis for this program point: callstring: [] before
(SN: 68 stmt: 0): _295 = fread (&buffer, 1, 8192, fpOutCD_492);EN: 1268-1272,
EN: 1284, EN: 1291, EN: 1298 [-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:299:31:
warning: terminating analysis for this program point: callstring: [] before
(SN: 68 stmt: 0): _295 = fread (&buffer, 1, 8192, fpOutCD_492);EN: 1268-1272,
EN: 1284, EN: 1291, EN: 1298 [-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:
At top level:
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:322:25:
warning: analysis bailed out early (401 'after-snode' enodes; 1440 enodes)
[-Wanalyzer-too-complex]
FAIL: gcc.dg/analyzer/pr93032-mztools.c leak of fpZip (test for warnings, line
328)
FAIL: gcc.dg/analyzer/pr93032-mztools.c leak of fpOut (test for warnings, line
328)
FAIL: gcc.dg/analyzer/pr93032-mztools.c leak of fpOutCD (test for warnings,
line 328)
Executing on host: /home3/seurer/gcc/git/build/gcc-test/gcc/xgcc
-B/home3/seurer/gcc/git/build/gcc-test/gcc/ exceptions_enabled349827.cc
-fdiagnostics-plain-output -S -o exceptions_enabled349827.s (timeout = 300)
spawn -ignore SIGHUP /home3/seurer/gcc/git/build/gcc-test/gcc/xgcc
-B/home3/seurer/gcc/git/build/gcc-test/gcc/ exceptions_enabled349827.cc
-fdiagnostics-plain-output -S -o exceptions_enabled349827.s
FAIL: gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
Excess errors:
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:174:15:
warning: terminating analysis for this program point: callstring: [] before
(SN: 34 stmt: 0): free (data_386);EN: 164-166, EN: 391, EN: 587-588, EN: 753,
EN: 949 [-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:157:15:
warning: terminating analysis for this program point: callstring: [] before
(SN: 25 stmt: 0): dataSize_383 = (int) cpsize_361;EN: 96-97, EN: 357, EN:
519-520, EN: 719, EN: 881-882 [-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11:
warning: terminating analysis for this program point: callstring: [] before
(SN: 56 stmt: 0): entriesZip_459 = entries_306;EN: 1107-1114
[-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:299:31:
warning: terminating analysis for this program point: callstring: [] before
(SN: 68 stmt: 0): _295 = fread (&buffer, 1, 8192, fpOutCD_492);EN: 1268-1272,
EN: 1284, EN: 1291, EN: 1298 [-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:299:31:
warning: terminating analysis for this program point: callstring: [] before
(SN: 68 stmt: 0): _295 = fread (&buffer, 1, 8192, fpOutCD_492);EN: 1268-1272,
EN: 1284, EN: 1291, EN: 1298 [-Wanalyzer-too-complex]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:322:25:
warning: analysis bailed out early (401 'after-snode' enodes; 1440 enodes)
[-Wanalyzer-too-complex]
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/103521] [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585
2021-12-01 19:09 [Bug analyzer/103521] New: [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585 seurer at gcc dot gnu.org
@ 2021-12-02 10:54 ` rguenth at gcc dot gnu.org
2021-12-03 19:19 ` seurer at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-12-02 10:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103521
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |12.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/103521] [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585
2021-12-01 19:09 [Bug analyzer/103521] New: [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585 seurer at gcc dot gnu.org
2021-12-02 10:54 ` [Bug analyzer/103521] " rguenth at gcc dot gnu.org
@ 2021-12-03 19:19 ` seurer at gcc dot gnu.org
2022-03-02 18:55 ` dmalcolm at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: seurer at gcc dot gnu.org @ 2021-12-03 19:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103521
--- Comment #1 from seurer at gcc dot gnu.org ---
The message changed recently:
FAIL: gcc.dg/analyzer/pr93032-mztools.c leak of fpOut at line 329 (test for
warnings, line 328)
FAIL: gcc.dg/analyzer/pr93032-mztools.c leak of fpOutCD at line 330 (test for
warnings, line 328)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/103521] [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585
2021-12-01 19:09 [Bug analyzer/103521] New: [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585 seurer at gcc dot gnu.org
2021-12-02 10:54 ` [Bug analyzer/103521] " rguenth at gcc dot gnu.org
2021-12-03 19:19 ` seurer at gcc dot gnu.org
@ 2022-03-02 18:55 ` dmalcolm at gcc dot gnu.org
2022-03-02 19:02 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-03-02 18:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103521
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-03-02
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0 |1
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this; I can reproduce it (with
--target=powerpc64le-linux-gnu) and am investigating.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/103521] [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585
2021-12-01 19:09 [Bug analyzer/103521] New: [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585 seurer at gcc dot gnu.org
` (2 preceding siblings ...)
2022-03-02 18:55 ` dmalcolm at gcc dot gnu.org
@ 2022-03-02 19:02 ` dmalcolm at gcc dot gnu.org
2022-03-04 18:57 ` cvs-commit at gcc dot gnu.org
2022-03-04 19:05 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-03-02 19:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103521
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Comparing the IR, the discrepancy looks like it relates to signedness of the
"char" type.
Works with --target=powerpc64le-linux-gnu if I add -fsigned-char to the command
line; otherwise it fails as noted in comment #0 with various
-Wanalyzer-too-complex warnings.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/103521] [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585
2021-12-01 19:09 [Bug analyzer/103521] New: [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585 seurer at gcc dot gnu.org
` (3 preceding siblings ...)
2022-03-02 19:02 ` dmalcolm at gcc dot gnu.org
@ 2022-03-04 18:57 ` cvs-commit at gcc dot gnu.org
2022-03-04 19:05 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-03-04 18:57 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103521
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:458ad38ce2bbec85016d88757ec6a35d2c393e2c
commit r12-7494-g458ad38ce2bbec85016d88757ec6a35d2c393e2c
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Mar 4 13:51:14 2022 -0500
analyzer: reduce svalue depth limit from 13 to 12 [PR103521]
PR analyzer/103521 reports that commit
r12-5585-g132902177138c09803d639e12b1daebf2b9edddc
("analyzer: further false leak fixes due to overzealous state merging
[PR103217]")
led to failures of gcc.dg/analyzer/pr93032-mztools.c on some targets,
where rather than reporting FILE * leaks, the analyzer would hit
complexity limits and give up.
The cause is that pr93032-mztools.c has some 'unsigned char' values that
are copied to 'char'. On targets where 'char' defaults to being signed,
this leads to casts, whereas on targets where 'char' defaults to being
unsigned, no casts are needed.
When the casts occur, various symbolic values within the loop (the
locals 'crc', 'cpsize', and 'uncpsize') become sufficiently complex as
to hit the --param=analyzer-max-svalue-depth= limit, and are treated as
UNKNOWN, allowing the analysis of the loop to quickly terminate, with
much of this state as UNKNOWN (but retaining the FILE * information, and
thus correctly reporting the FILE * leaks).
Without the casts, the symbolic values for these variables don't quite
hit the complexity limit, and the analyzer attempts to track these
values in the loop, leading to the analyzer eventually hitting the
per-program-point limit on the number of states, and giving up on
these execution paths, thus failing to report the FILE * leaks.
This patch tweaks the default value of the param:
--param=analyzer-max-svalue-depth=.
from 13 down to 12. This allows the pr93032-mztools.c testcase to
succeeed with both -fsigned-char and -funsigned-char, and thus allows
this integration test to succeed on both styles of target without
requiring extra command-line flags. The patch duplicates the test so
it runs with both -fsigned-char and -funsigned-char.
My hope is that this will allow similar cases to terminate loop analysis
earlier. I tried reducing it further, but doing so caused some test
cases to regress.
The tradeoff here is between:
(a) precision of individual states in the analysis, versus
(b) maximizing code-path coverage in the analysis
I can imagine a more nuanced approach that splits the current
per-program-point hard limit into soft and hard limits: on hitting the
soft limit at a program point, go into a less precise mode for states
at that program point, in the hope that we can fully explore execution
paths beyond it without hitting the hard limit, but this seems like
GCC 13 material.
Another possible future fix might be for the analysis plan to make an
attempt to prioritize parts of the code in an enode budget, rather than
setting the same hard limit uniformly across all program points.
gcc/analyzer/ChangeLog:
PR analyzer/103521
* analyzer.opt (-param=analyzer-max-svalue-depth=): Reduce from 13
to 12.
gcc/testsuite/ChangeLog:
PR analyzer/103521
* gcc.dg/analyzer/pr93032-mztools.c: Move to...
* gcc.dg/analyzer/pr93032-mztools-signed-char.c: ...this, adding
-fsigned-char to args, and...
* gcc.dg/analyzer/pr93032-mztools-unsigned-char.c: ...copy to here,
adding -funsigned-char to args.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/103521] [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585
2021-12-01 19:09 [Bug analyzer/103521] New: [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585 seurer at gcc dot gnu.org
` (4 preceding siblings ...)
2022-03-04 18:57 ` cvs-commit at gcc dot gnu.org
@ 2022-03-04 19:05 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-03-04 19:05 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103521
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above commit; marking as RESOLVED. Please let me know
if anything regresses.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-03-04 19:05 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-01 19:09 [Bug analyzer/103521] New: [12 regression] gcc.dg/analyzer/pr93032-mztools.c broken after r12-5585 seurer at gcc dot gnu.org
2021-12-02 10:54 ` [Bug analyzer/103521] " rguenth at gcc dot gnu.org
2021-12-03 19:19 ` seurer at gcc dot gnu.org
2022-03-02 18:55 ` dmalcolm at gcc dot gnu.org
2022-03-02 19:02 ` dmalcolm at gcc dot gnu.org
2022-03-04 18:57 ` cvs-commit at gcc dot gnu.org
2022-03-04 19:05 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).