public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/108428] New: - -Wanayzer-null-dereference false negative with *f = 1
@ 2023-01-17 8:26 geoffreydgr at icloud dot com
2023-01-17 8:55 ` [Bug analyzer/108428] " geoffreydgr at icloud dot com
2023-04-03 12:45 ` [Bug analyzer/108428] -Wanalyzer-null-dereference " geoffreydgr at icloud dot com
0 siblings, 2 replies; 3+ messages in thread
From: geoffreydgr at icloud dot com @ 2023-01-17 8:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108428
Bug ID: 108428
Summary: - -Wanayzer-null-dereference false negative with *f =
1
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: geoffreydgr at icloud dot com
Target Milestone: ---
I got a false negative error when compiling the following program with `
gcc(trunk) -fanalyzer -O0 ` . It is obvious that `*f = 1;` ( at line 15 ) will
lead to a NPD error, but gcc static analyzer can not find it.
And i found that analyzer did not know `__analyzer_eval(0 == e);` and
`__analyzer_eval(0 == f);` were both true.
In addition, i observed that analyzer seemed to enter the loop for two times
(it evaluated `__analyzer_eval(0 == e);` for two times). I think this may hint
at something wrong.
https://godbolt.org/z/EjYqhsrWe
```c
#include <stdio.h>
extern void __analyzer_eval (int);
int main() {
int e = 1;
int *f;
for (int i = 0; i < 1; i++) {
e = 0;
__analyzer_eval(0 == e);
}
__analyzer_eval(0 == e);
f = (int*) e;
__analyzer_eval(0 == f);
*f = 1;
return 0;
}
```
Output:
```bash
<source>: In function 'main':
<source>:12:7: warning: cast to pointer from integer of different size
[-Wint-to-pointer-cast]
12 | f = (int*) e;
| ^
<source>:9:5: warning: TRUE
9 | __analyzer_eval(0 == e);
| ^~~~~~~~~~~~~~~~~~~~~~~
<source>:9:5: warning: TRUE
<source>:11:3: warning: UNKNOWN
11 | __analyzer_eval(0 == e);
| ^~~~~~~~~~~~~~~~~~~~~~~
<source>:14:3: warning: UNKNOWN
14 | __analyzer_eval(0 == f);
| ^~~~~~~~~~~~~~~~~~~~~~~
Compiler returned: 0
```
However, if I change `int e = 1` to `int e = 0` or to `int * e`, analyzer can
find the NPD error correctly. So maybe the casting to pointer from integer
leads to the problem.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/108428] - -Wanayzer-null-dereference false negative with *f = 1
2023-01-17 8:26 [Bug analyzer/108428] New: - -Wanayzer-null-dereference false negative with *f = 1 geoffreydgr at icloud dot com
@ 2023-01-17 8:55 ` geoffreydgr at icloud dot com
2023-04-03 12:45 ` [Bug analyzer/108428] -Wanalyzer-null-dereference " geoffreydgr at icloud dot com
1 sibling, 0 replies; 3+ messages in thread
From: geoffreydgr at icloud dot com @ 2023-01-17 8:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108428
--- Comment #1 from Geoffrey <geoffreydgr at icloud dot com> ---
In addition, CSA can correctly report the NPD warning :
https://godbolt.org/z/54n5so49P
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/108428] -Wanalyzer-null-dereference false negative with *f = 1
2023-01-17 8:26 [Bug analyzer/108428] New: - -Wanayzer-null-dereference false negative with *f = 1 geoffreydgr at icloud dot com
2023-01-17 8:55 ` [Bug analyzer/108428] " geoffreydgr at icloud dot com
@ 2023-04-03 12:45 ` geoffreydgr at icloud dot com
1 sibling, 0 replies; 3+ messages in thread
From: geoffreydgr at icloud dot com @ 2023-04-03 12:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108428
--- Comment #2 from Geoffrey <geoffreydgr at icloud dot com> ---
Hi, David! Could you spare a little time to explain this case for me? Please
^v^
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-04-03 12:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-17 8:26 [Bug analyzer/108428] New: - -Wanayzer-null-dereference false negative with *f = 1 geoffreydgr at icloud dot com
2023-01-17 8:55 ` [Bug analyzer/108428] " geoffreydgr at icloud dot com
2023-04-03 12:45 ` [Bug analyzer/108428] -Wanalyzer-null-dereference " geoffreydgr at icloud dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).