From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 0AAEB3858C83; Mon, 25 Apr 2022 19:25:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0AAEB3858C83 From: "dmalcolm at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/105382] New: Support for coroutines in -fanalyzer Date: Mon, 25 Apr 2022 19:25:03 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dmalcolm at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter blocked target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2022 19:25:04 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105382 Bug ID: 105382 Summary: Support for coroutines in -fanalyzer Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 97110 Target Milestone: --- -fanalyzer doesn't work well with C++ coroutines. For example, trying it on gcc/testsuite/g++.dg/coroutines/torture/co-yield-01-multi.C leads to: warning: dereference of possibly-NULL =E2=80=98=E2=80=99 [CWE-690] [-Wanalyzer-possible-null-dereference] 13 | f () noexcept | ^ =E2=80=98coro1 f()=E2=80=99: events 1-2 | | 13 | f () noexcept | | ~ | | | | | (2) =E2=80=98operator new(40)=E2=80=99 could be NULL: unchecke= d value from (1) |...... | 23 | } | | ^ | | | | | (1) this call could return NULL | along with numerous: warning: use of uninitialized value =E2=80=98=E2=80=99 [CWE-457] [-Wanalyzer-use-of-uninitialized-value] e.g.: ../../src/gcc/testsuite/g++.dg/coroutines/torture/co-yield-01-multi.C:23:1: warning: use of uninitialized value =E2=80=98=E2=80=99 [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 23 | } | ^ =E2=80=98coro1 f()=E2=80=99: events 1-3 | | 13 | f () noexcept | | ^ ~~~~~~~~ | | | | | | | (2) region created on stack here | | (1) entry to =E2=80=98f=E2=80=99 | | (3) calling =E2=80=98f=E2=80=99 from =E2=80=98f=E2=80=99 | +--> =E2=80=98void f(f()::_Z1fv.Frame*)=E2=80=99: events 4-10 | | 13 | f () noexcept | | ^ | | | | | (4) entry to =E2=80=98f=E2=80=99 | | (8) ...to here | | (9) following =E2=80=98true=E2=80=99 branch... | | (10) ...to here |...... | 23 | } | | ~ | | | | | (5) following =E2=80=98false=E2=80=99 branch... | | (6) ...to here | | (7) following =E2=80=98case 0:=E2=80=99 branch... | <------+ | =E2=80=98coro1 f()=E2=80=99: events 11-12 | | 13 | f () noexcept | | ^ | | | | | (11) returning to =E2=80=98f=E2=80=99 from =E2=80=98f=E2=80=99 |...... | 23 | } | | ~ | | | | | (12) use of uninitialized value =E2=80=98=E2=80=99 he= re | Note how the path refers to "case 0:"; I believe this is a reference to the synthetic switch for handling re-entering the coroutine: : _3 =3D frame_ptr_56(D)->_Coro_resume_index; _4 =3D (int) _3; switch (_4) [INV], case 1: [INV], case 3: [INV], case 5: [INV], case 7: [INV], case 9: [INV]> So I think that the way we generate events in diagnostic paths might need s= ome kind of support for presenting the information in a form that more closely resembles what the user wrote, rather than the gimplification of what the C= ++ FE generated. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D97110 [Bug 97110] [meta-bug] tracker bug for supporting C++ in -fanalyzer=