public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/105382] New: Support for coroutines in -fanalyzer
@ 2022-04-25 19:25 dmalcolm at gcc dot gnu.org
2022-04-26 12:25 ` [Bug analyzer/105382] " dmalcolm at gcc dot gnu.org
2022-11-02 18:12 ` pinskia at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-04-25 19:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105382
Bug ID: 105382
Summary: Support for coroutines in -fanalyzer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 97110
Target Milestone: ---
-fanalyzer doesn't work well with C++ coroutines.
For example, trying it on
gcc/testsuite/g++.dg/coroutines/torture/co-yield-01-multi.C leads to:
warning: dereference of possibly-NULL ‘<unknown>’ [CWE-690]
[-Wanalyzer-possible-null-dereference]
13 | f () noexcept
| ^
‘coro1 f()’: events 1-2
|
| 13 | f () noexcept
| | ~
| | |
| | (2) ‘operator new(40)’ could be NULL: unchecked value from (1)
|......
| 23 | }
| | ^
| | |
| | (1) this call could return NULL
|
along with numerous:
warning: use of uninitialized value ‘<unknown>’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
e.g.:
../../src/gcc/testsuite/g++.dg/coroutines/torture/co-yield-01-multi.C:23:1:
warning: use of uninitialized value ‘<unknown>’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
23 | }
| ^
‘coro1 f()’: events 1-3
|
| 13 | f () noexcept
| | ^ ~~~~~~~~
| | | |
| | | (2) region created on stack here
| | (1) entry to ‘f’
| | (3) calling ‘f’ from ‘f’
|
+--> ‘void f(f()::_Z1fv.Frame*)’: events 4-10
|
| 13 | f () noexcept
| | ^
| | |
| | (4) entry to ‘f’
| | (8) ...to here
| | (9) following ‘true’ branch...
| | (10) ...to here
|......
| 23 | }
| | ~
| | |
| | (5) following ‘false’ branch...
| | (6) ...to here
| | (7) following ‘case 0:’ branch...
|
<------+
|
‘coro1 f()’: events 11-12
|
| 13 | f () noexcept
| | ^
| | |
| | (11) returning to ‘f’ from ‘f’
|......
| 23 | }
| | ~
| | |
| | (12) use of uninitialized value ‘<unknown>’ here
|
Note how the path refers to "case 0:"; I believe this is a reference to the
synthetic switch for handling re-entering the coroutine:
<bb 3> :
_3 = frame_ptr_56(D)->_Coro_resume_index;
_4 = (int) _3;
switch (_4) <default: <L1> [INV], case 1: <L2> [INV], case 3: <L3> [INV],
case 5: <L4> [INV], case 7: <L5> [INV], case 9: <L6> [INV]>
So I think that the way we generate events in diagnostic paths might need some
kind of support for presenting the information in a form that more closely
resembles what the user wrote, rather than the gimplification of what the C++
FE generated.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97110
[Bug 97110] [meta-bug] tracker bug for supporting C++ in -fanalyzer
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/105382] Support for coroutines in -fanalyzer
2022-04-25 19:25 [Bug analyzer/105382] New: Support for coroutines in -fanalyzer dmalcolm at gcc dot gnu.org
@ 2022-04-26 12:25 ` dmalcolm at gcc dot gnu.org
2022-11-02 18:12 ` pinskia at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-04-26 12:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105382
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Looks like the analyzer is assuming that all of the different
_Coro_resume_index values are possible at each entry to f(f()::_Z1fv.Frame*),
but AIUI that value is expressing which basic block the coroutine is
re-entering i.e. this data value exists to affect control flow. Presumably
that ought to be expressed in the exploded graph, so that it properly respects
control flow. So I think we need to be smarter about _Coro_resume_index values
in various ways e.g. not merge state for them, and assume some initial value
for the initial entry to the coroutine, etc.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/105382] Support for coroutines in -fanalyzer
2022-04-25 19:25 [Bug analyzer/105382] New: Support for coroutines in -fanalyzer dmalcolm at gcc dot gnu.org
2022-04-26 12:25 ` [Bug analyzer/105382] " dmalcolm at gcc dot gnu.org
@ 2022-11-02 18:12 ` pinskia at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-11-02 18:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105382
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Last reconfirmed| |2022-11-02
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-02 18:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-25 19:25 [Bug analyzer/105382] New: Support for coroutines in -fanalyzer dmalcolm at gcc dot gnu.org
2022-04-26 12:25 ` [Bug analyzer/105382] " dmalcolm at gcc dot gnu.org
2022-11-02 18:12 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).