public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/104274] New: FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors)
@ 2022-01-28 18:57 danglin at gcc dot gnu.org
2022-02-10 23:02 ` [Bug analyzer/104274] " dmalcolm at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: danglin at gcc dot gnu.org @ 2022-01-28 18:57 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104274
Bug ID: 104274
Summary: FAIL: gcc.dg/analyzer/pr97029.c (test for excess
errors)
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: danglin at gcc dot gnu.org
Target Milestone: ---
Host: hppa*-*-hpux*
Target: hppa*-*-hpux*
Build: hppa*-*-hpux*
spawn -ignore SIGHUP /home/dave/gnu/gcc/objdir64/gcc/xgcc
-B/home/dave/gnu/gcc/o
bjdir64/gcc/ /home/dave/gnu/gcc/gcc/gcc/testsuite/gcc.dg/analyzer/pr97029.c
-fdi
agnostics-plain-output -fanalyzer -Wanalyzer-too-complex
-fanalyzer-call-summari
es -S -o pr97029.s
/home/dave/gnu/gcc/gcc/gcc/testsuite/gcc.dg/analyzer/pr97029.c: In function
'set
jmp':
/home/dave/gnu/gcc/gcc/gcc/testsuite/gcc.dg/analyzer/pr97029.c:6:3: warning:
use
of uninitialized value 'pl.0' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
/home/dave/gnu/gcc/gcc/gcc/testsuite/gcc.dg/analyzer/pr97029.c:6:3: note: (1)
us
e of uninitialized value 'pl.0' here
FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors)
Excess errors:
/home/dave/gnu/gcc/gcc/gcc/testsuite/gcc.dg/analyzer/pr97029.c:6:3: warning:
use of uninitialized value 'pl.0' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/104274] FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors)
2022-01-28 18:57 [Bug analyzer/104274] New: FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors) danglin at gcc dot gnu.org
@ 2022-02-10 23:02 ` dmalcolm at gcc dot gnu.org
2022-02-10 23:38 ` dmalcolm at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-10 23:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104274
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-02-10
Ever confirmed|0 |1
Status|UNCONFIRMED |ASSIGNED
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Confirmed (with --target=hppa64-hpux11.3)
pr97029.c.006t.gimple with x86_64 has...
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
void setjmp (struct vj pl)
{
setjmp (pl);
}
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...whereas with --target=hppa64-hpux11.3 has:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
void setjmp (struct vj pl)
{
struct vj pl.0;
setjmp (pl.0);
}
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It still happens if I rename the function from "setjmp" to "foo".
It no longer happens if I add a dummy field to the struct.
The temporary "pl.0" is created on hppa by:
#4 0x0000000000aa7b3a in gimplify_parameters
(cleanup=cleanup@entry=0x7fffffffd9b0) at ../../src/gcc/function.cc:3939
3926 tree type = TREE_TYPE (data.arg.type);
3927 function_arg_info orig_arg (type, data.arg.named);
3928 if (reference_callee_copied (&all.args_so_far_v, orig_arg))
3929 {
3930 tree local, t;
3931
3932 /* For constant-sized objects, this is trivial; for
3933 variable-sized objects, we have to play games. */
3934 if (TREE_CODE (DECL_SIZE_UNIT (parm)) == INTEGER_CST
3935 && !(flag_stack_check == GENERIC_STACK_CHECK
3936 && compare_tree_int (DECL_SIZE_UNIT (parm),
3937 STACK_CHECK_MAX_VAR_SIZE) >
0))
3938 {
3939 local = create_tmp_var (type, get_name (parm));
3940 DECL_IGNORED_P (local) = 0;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
and never assigned to.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/104274] FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors)
2022-01-28 18:57 [Bug analyzer/104274] New: FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors) danglin at gcc dot gnu.org
2022-02-10 23:02 ` [Bug analyzer/104274] " dmalcolm at gcc dot gnu.org
@ 2022-02-10 23:38 ` dmalcolm at gcc dot gnu.org
2022-02-10 23:50 ` dmalcolm at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-10 23:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104274
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
In gimplify_parameters:
x86_64:
(gdb) p data.arg
$2 = {type = <record_type 0x7fffea77cbd0 vj>, mode = E_BLKmode, named = 1,
pass_by_reference = 0}
hppa64-hpux11.3:
(gdb) p data.arg
$29 = {type = <pointer_type 0x7fffea73bbd0>, mode = E_DImode, named = 1,
pass_by_reference = 1}
so this seems to only be happening for empty structs, when passing them by
reference.
Specifically, for both targets we reach:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
Breakpoint 12, pass_by_reference (ca=0x7fffffffd860, arg=...) at
../../src/gcc/calls.cc:921
921 return targetm.calls.pass_by_reference (pack_cumulative_args (ca),
arg);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
and on pa, size == 0, so we pass by reference:
6367 static bool
6368 pa_pass_by_reference (cumulative_args_t, const function_arg_info &arg)
6369 {
6370 HOST_WIDE_INT size = arg.type_size_in_bytes ();
6371 if (TARGET_64BIT)
6372 return size <= 0;
6373 else
6374 return size <= 0 || size > 8;
6375 }
whereas on x86_64, ix86_pass_by_reference returns false.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/104274] FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors)
2022-01-28 18:57 [Bug analyzer/104274] New: FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors) danglin at gcc dot gnu.org
2022-02-10 23:02 ` [Bug analyzer/104274] " dmalcolm at gcc dot gnu.org
2022-02-10 23:38 ` dmalcolm at gcc dot gnu.org
@ 2022-02-10 23:50 ` dmalcolm at gcc dot gnu.org
2022-02-10 23:59 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-10 23:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104274
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
In theory,
3978 gimplify_assign (local, parm, &stmts);
ought to be generating a "pl.0 = pl;" assignment, but we're hitting this case
in gimplify_modify_expr:
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
5927 /* For empty types only gimplify the left hand side and right hand
5928 side as statements and throw away the assignment. Do this after
5929 gimplify_modify_expr_rhs so we handle TARGET_EXPRs of addressable
5930 types properly. */
5931 if (is_empty_type (TREE_TYPE (*from_p))
5932 && !want_value
5933 /* Don't do this for calls that return addressable types,
expand_call
5934 relies on those having a lhs. */
5935 && !(TREE_ADDRESSABLE (TREE_TYPE (*from_p))
5936 && TREE_CODE (*from_p) == CALL_EXPR))
(gdb)
5937 {
5938 gimplify_stmt (from_p, pre_p);
5939 gimplify_stmt (to_p, pre_p);
5940 *expr_p = NULL_TREE;
5941 return GS_ALL_DONE;
5942 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/104274] FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors)
2022-01-28 18:57 [Bug analyzer/104274] New: FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors) danglin at gcc dot gnu.org
` (2 preceding siblings ...)
2022-02-10 23:50 ` dmalcolm at gcc dot gnu.org
@ 2022-02-10 23:59 ` dmalcolm at gcc dot gnu.org
2022-02-11 13:47 ` cvs-commit at gcc dot gnu.org
2022-02-11 13:53 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-10 23:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104274
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
This patch seems to fix it, but I'm not yet sure if it's the correct fix.
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index f8f19769258..9b42e9e983d 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -843,6 +843,10 @@ region_model::check_for_poison (const svalue *sval,
if (const poisoned_svalue *poisoned_sval = sval->dyn_cast_poisoned_svalue
())
{
+ /* Ignore empty types. */
+ if (sval->get_type () && is_empty_type (sval->get_type ()))
+ return sval;
+
/* If we have an SSA name for a temporary, we don't want to print
'<unknown>'.
Poisoned values are shared by type, and so we can't reconstruct
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/104274] FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors)
2022-01-28 18:57 [Bug analyzer/104274] New: FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors) danglin at gcc dot gnu.org
` (3 preceding siblings ...)
2022-02-10 23:59 ` dmalcolm at gcc dot gnu.org
@ 2022-02-11 13:47 ` cvs-commit at gcc dot gnu.org
2022-02-11 13:53 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-02-11 13:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104274
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:cc68ad87014a331399ccb2528db3bf47fabe6f72
commit r12-7199-gcc68ad87014a331399ccb2528db3bf47fabe6f72
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Feb 10 19:01:30 2022 -0500
analyzer: ignore uninitialized uses of empty types [PR104274]
PR analyzer/104274 reports a false positive from
-Wanalyzer-use-of-uninitialized-value on hppa when passing
an empty struct as a function parameter.
pa_pass_by_reference returns true for empty structs, so the
call is turned into:
struct empty arg.0;
arg.0 = arg
called_function (arg.0);
by gimplify_parameters.
However, gimplify_modify_expr discards assignments statments
of empty types, so that we end up with:
struct empty arg.0;
called_function (arg.0);
which the analyzer considers to be a use of uninitialized "arg.0";
Given that gimplify_modify_expr will discard any assignments to
such types, it seems simplest for -Wanalyzer-use-of-uninitialized-value
to ignore values of empty types.
gcc/analyzer/ChangeLog:
PR analyzer/104274
* region-model.cc (region_model::check_for_poison): Ignore
uninitialized uses of empty types.
gcc/testsuite/ChangeLog:
PR analyzer/104274
* gcc.dg/analyzer/torture/empty-struct-1.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/104274] FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors)
2022-01-28 18:57 [Bug analyzer/104274] New: FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors) danglin at gcc dot gnu.org
` (4 preceding siblings ...)
2022-02-11 13:47 ` cvs-commit at gcc dot gnu.org
@ 2022-02-11 13:53 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-11 13:53 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104274
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #6 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch (I tested pr97029.c successfully with
--target=hppa64-hpux11.3); marking as resolved.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-02-11 13:53 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-28 18:57 [Bug analyzer/104274] New: FAIL: gcc.dg/analyzer/pr97029.c (test for excess errors) danglin at gcc dot gnu.org
2022-02-10 23:02 ` [Bug analyzer/104274] " dmalcolm at gcc dot gnu.org
2022-02-10 23:38 ` dmalcolm at gcc dot gnu.org
2022-02-10 23:50 ` dmalcolm at gcc dot gnu.org
2022-02-10 23:59 ` dmalcolm at gcc dot gnu.org
2022-02-11 13:47 ` cvs-commit at gcc dot gnu.org
2022-02-11 13:53 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).