From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 800E83858C5F; Thu,  2 Feb 2023 22:36:49 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 800E83858C5F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1675377409;
	bh=yj2Fs+mi30Yb4QIql43XYt8HuuMf4E8kwAoWLWY5PQ0=;
	h=From:To:Subject:Date:From;
	b=qHbvY3dwlJm5xFojrhTmgUPcEAK9bwhdMneIwpEuHkOTt4L9FDRt7qzhmgjiaMphW
	 Kdt39Xq9Nj6u8DfTZybR5KQmHlqlkgf3lrqwih+c2YzkuGzO/Ac0oerxhmV99DUCiH
	 VS+s6m99o4saddNnWLr+Bgmjv7wIlPJWB3opQWpg=
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/108648] New: -Wanalyzer-fd-leak false positives seen
 on haproxy's proto_tcp.c
Date: Thu, 02 Feb 2023 22:36:37 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 13.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: dmalcolm at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
 attachments.created
Message-ID: <bug-108648-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108648

            Bug ID: 108648
           Summary: -Wanalyzer-fd-leak false positives seen on haproxy's
                    proto_tcp.c
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

Created attachment 54394
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D54394&action=3Dedit
Reproducer

The attached reproducer currently emits 3 -Wanalyzer-fd-leak diagnostics wi=
th
-fanalyzer on trunk, all of which seem to be false positives:

https://godbolt.org/z/j3xWjoE5T


<source>: In function 'fd_want_recv':
<source>:56:11: warning: leak of file descriptor [CWE-775] [-Wanalyzer-fd-l=
eak]
   56 |           asm volatile("lock btsl %2, %0\n"
      |           ^~~
  'tcp_resume_receiver': events 1-8
    |
    |  117 | int tcp_resume_receiver(struct receiver *rx) {
    |      |     ^~~~~~~~~~~~~~~~~~~
    |      |     |
    |      |     (1) entry to 'tcp_resume_receiver'
    |......
    |  122 |   if (rx->fd < 0)
    |      |      ~
    |      |      |
    |      |      (2) following 'false' branch...
    |......
    |  125 |   if (listen(rx->fd, listener_backlog(l)) =3D=3D 0) {
    |      |      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |      ||
    |      |      |(3) ...to here
    |      |      |(4) stream socket marked as passive here via 'listen'
    |      |      |(5) when 'listen' succeeds
    |      |      (6) following 'true' branch...
    |  126 |     fd_want_recv(l->rx.fd);
    |      |     ~~~~~~~~~~~~~~~~~~~~~~
    |      |     |
    |      |     (7) ...to here
    |      |     (8) calling 'fd_want_recv' from 'tcp_resume_receiver'
    |
    +--> 'fd_want_recv': events 9-12
           |
           |   47 | static inline void fd_want_recv(int fd) {
           |      |                    ^~~~~~~~~~~~
           |      |                    |
           |      |                    (9) entry to 'fd_want_recv'
           |   48 |   if ((fdtab[fd].state & (1U << 0)) || ({
           |      |      ~=20=20=20=20=20=20=20=20=20=20=20=20=20=20
           |      |      |
           |      |      (10) following 'false' branch...
           |......
           |   56 |           asm volatile("lock btsl %2, %0\n"
           |      |           ~~~=20=20=20=20=20=20=20
           |      |           |
           |      |           (12) leaks here
           |   57 |                        : "+m"(*(&fdtab[fd].state)),
"=3D@ccc"(__ret)
           |      |                                       ~
           |      |                                       |
           |      |                                       (11) ...to here
           |
<source>: In function 'tcp_suspend_receiver':
<source>:97:6: warning: leak of file descriptor '*rx.fd' [CWE-775]
[-Wanalyzer-fd-leak]
   97 |   if (connect(rx->fd, &sa, sizeof(sa)) < 0)
      |      ^
  'tcp_suspend_receiver': events 1-3
    |
    |   94 |   if (rx->flags & 0x00000002)
    |      |      ^
    |      |      |
    |      |      (1) following 'false' branch...
    |......
    |   97 |   if (connect(rx->fd, &sa, sizeof(sa)) < 0)
    |      |      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |      ||
    |      |      |(2) ...to here
    |      |      (3) '*rx.fd' leaks here
    |
<source>: In function 'tcp_resume_receiver':
<source>:125:6: warning: leak of file descriptor '*rx.fd' [CWE-775]
[-Wanalyzer-fd-leak]
  125 |   if (listen(rx->fd, listener_backlog(l)) =3D=3D 0) {
      |      ^
  'tcp_resume_receiver': events 1-3
    |
    |  122 |   if (rx->fd < 0)
    |      |      ^
    |      |      |
    |      |      (1) following 'false' branch...
    |......
    |  125 |   if (listen(rx->fd, listener_backlog(l)) =3D=3D 0) {
    |      |      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |      ||
    |      |      |(2) ...to here
    |      |      (3) '*rx.fd' leaks here
    |=