public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/103872] New: testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc
@ 2021-12-31 6:31 shihua at iscas dot ac.cn
2022-01-28 22:55 ` [Bug analyzer/103872] " pinskia at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: shihua at iscas dot ac.cn @ 2021-12-31 6:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103872
Bug ID: 103872
Summary: testcase fail in gcc.dg/analyzer/pr103526.c on
riscv64-unknown-elf-gcc
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: shihua at iscas dot ac.cn
Target Milestone: ---
analyzer can not properly detects the non-free'd pointer as escaping via the
return value in riscv*-**-gcc
riscv64-unknown-elf-gcc -S -fanalyzer -Wanalyzer-too-complex
-fanalyzer-call-summaries riscv-gcc/gcc/testsuite/gcc.dg/analyzer/pr103526.c
riscv-gcc/gcc/testsuite/gcc.dg/analyzer/pr103526.c: In function 'game_new':
riscv-gcc/gcc/testsuite/gcc.dg/analyzer/pr103526.c:31:1: warning: leak of
'tmp.word_state' [CWE-401] [-Wanalyzer-malloc-leak]
31 | } /* { dg-bogus "leak" } */
| ^
'game_new': events 1-7
|
| 20 | if ((tmp.word_state = malloc(wordlen+1)) == NULL)
| | ~ ^~~~~~~~~~~~~~~~~
| | | |
| | | (1) allocated here
| | (2) assuming 'tmp.word_state' is non-NULL
| | (3) following 'false' branch...
| 21 | goto err;
| 22 | if ((rval = malloc(sizeof(*rval))) == NULL)
| | ~ ~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (4) ...to here
| | (5) following 'false' branch (when 'rval' is
non-NULL)...
| 23 | goto err;
| 24 | memcpy(rval, &tmp, sizeof(*rval));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) ...to here
|......
| 31 | } /* { dg-bogus "leak" } */
| | ~
| | |
| | (7) 'tmp.word_state' leaks here; was allocated at (1)
|
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/103872] testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc
2021-12-31 6:31 [Bug c/103872] New: testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc shihua at iscas dot ac.cn
@ 2022-01-28 22:55 ` pinskia at gcc dot gnu.org
2022-01-28 23:01 ` pinskia at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-28 22:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103872
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |danglin at gcc dot gnu.org
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 104273 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/103872] testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc
2021-12-31 6:31 [Bug c/103872] New: testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc shihua at iscas dot ac.cn
2022-01-28 22:55 ` [Bug analyzer/103872] " pinskia at gcc dot gnu.org
@ 2022-01-28 23:01 ` pinskia at gcc dot gnu.org
2022-02-03 21:21 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-28 23:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103872
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target|riscv64-unknown-elf |riscv64-unknown-elf
| |hppa*-*-* aarch64-*-*
Status|UNCONFIRMED |NEW
Last reconfirmed| |2022-01-28
Ever confirmed|0 |1
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
strict alignment is causing the memcpy to have slightly different IR between
the targets.
I can reproduce the failure on aarch64 with -mstrict-align.
ubuntu@ubuntu:~/src/upstream-gcc-aarch64/gcc/objdir/gcc\# ./xgcc -B. t.c
-fanalyzer -Wanalyzer-too-complex -fanalyzer-call-summaries
ubuntu@ubuntu:~/src/upstream-gcc-aarch64/gcc/objdir/gcc\# ./xgcc -B. t.c
-fanalyzer -Wanalyzer-too-complex -fanalyzer-call-summaries -mstrict-align
t.c: In function 'game_new':
t.c:31:1: warning: leak of 'tmp.word_state' [CWE-401] [-Wanalyzer-malloc-leak]
31 | } /* { dg-bogus "leak" } */
| ^
'game_new': events 1-7
|
| 20 | if ((tmp.word_state = malloc(wordlen+1)) == NULL)
| | ~ ^~~~~~~~~~~~~~~~~
| | | |
| | | (1) allocated here
| | (2) assuming 'tmp.word_state' is non-NULL
| | (3) following 'false' branch...
| 21 | goto err;
| 22 | if ((rval = malloc(sizeof(*rval))) == NULL)
| | ~ ~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (4) ...to here
| | (5) following 'false' branch (when 'rval' is
non-NULL)...
| 23 | goto err;
| 24 | memcpy(rval, &tmp, sizeof(*rval));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) ...to here
|......
| 31 | } /* { dg-bogus "leak" } */
| | ~
| | |
| | (7) 'tmp.word_state' leaks here; was allocated at (1)
|
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/103872] testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc
2021-12-31 6:31 [Bug c/103872] New: testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc shihua at iscas dot ac.cn
2022-01-28 22:55 ` [Bug analyzer/103872] " pinskia at gcc dot gnu.org
2022-01-28 23:01 ` pinskia at gcc dot gnu.org
@ 2022-02-03 21:21 ` dmalcolm at gcc dot gnu.org
2022-02-07 23:32 ` cvs-commit at gcc dot gnu.org
2022-02-07 23:43 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-03 21:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103872
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks; I can reproduce this, and am working on a fix (it's a bug in
region_model::impl_call_memcpy)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/103872] testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc
2021-12-31 6:31 [Bug c/103872] New: testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc shihua at iscas dot ac.cn
` (2 preceding siblings ...)
2022-02-03 21:21 ` dmalcolm at gcc dot gnu.org
@ 2022-02-07 23:32 ` cvs-commit at gcc dot gnu.org
2022-02-07 23:43 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-02-07 23:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103872
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:9d2c0fad59745bf67aa6471e8c9e96c351f0de59
commit r12-7086-g9d2c0fad59745bf67aa6471e8c9e96c351f0de59
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Feb 3 16:21:27 2022 -0500
analyzer: fixes to memcpy [PR103872]
PR analyzer/103872 reports a failure of gcc.dg/analyzer/pr103526.c on
riscv64-unknown-elf-gcc. The issue is that I wrote the test on x86_64
where a memcpy in the test is optimized to a write to a read/write pair,
whereas due to alignment differences the analyzer can see it as a
memcpy call, revealing problems with the analyzer's implementation
of memcpy.
This patch reimplements region_model::impl_call_memcpy in terms of a
get_store_value followed by a set_value, fixing the issue.
gcc/analyzer/ChangeLog:
PR analyzer/103872
* region-model-impl-calls.cc (region_model::impl_call_memcpy):
Reimplement in terms of a get_store_value followed by a set_value.
gcc/testsuite/ChangeLog:
PR analyzer/103872
* gcc.dg/analyzer/memcpy-1.c: Add alternate versions of test cases
in which the calls to memcpy are hidden from the optimizer. Add
further test cases.
* gcc.dg/analyzer/taint-size-1.c: Add test coverage for memcpy
with tainted size.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/103872] testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc
2021-12-31 6:31 [Bug c/103872] New: testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc shihua at iscas dot ac.cn
` (3 preceding siblings ...)
2022-02-07 23:32 ` cvs-commit at gcc dot gnu.org
@ 2022-02-07 23:43 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-07 23:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103872
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above commit; marking this one as resolved. Please
reopen it if the problem is still occurring.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-02-07 23:43 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-31 6:31 [Bug c/103872] New: testcase fail in gcc.dg/analyzer/pr103526.c on riscv64-unknown-elf-gcc shihua at iscas dot ac.cn
2022-01-28 22:55 ` [Bug analyzer/103872] " pinskia at gcc dot gnu.org
2022-01-28 23:01 ` pinskia at gcc dot gnu.org
2022-02-03 21:21 ` dmalcolm at gcc dot gnu.org
2022-02-07 23:32 ` cvs-commit at gcc dot gnu.org
2022-02-07 23:43 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).