public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/109060] New: -Wanalyzer-deref-before-check false positives seen in haproxy's cfgparse.c: parse_process_number
@ 2023-03-07 21:45 dmalcolm at gcc dot gnu.org
2023-03-10 13:22 ` [Bug analyzer/109060] " cvs-commit at gcc dot gnu.org
2023-03-10 13:58 ` dmalcolm at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-03-07 21:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109060
Bug ID: 109060
Summary: -Wanalyzer-deref-before-check false positives seen in
haproxy's cfgparse.c: parse_process_number
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 54603
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54603&action=edit
Reproducer
https://godbolt.org/z/qnd1TrWsh
Trunk falsely emits this on the attached file:
$ ./xgcc -B. -S -fanalyzer -Wall ../../src/haproxy-cfgparse.c
../../src/haproxy-cfgparse.c: In function ‘parse_process_number’:
../../src/haproxy-cfgparse.c:58:21: warning: check of ‘dash’ for NULL after
already dereferencing it [-Wanalyzer-deref-before-check]
58 | if (*p == '-' && !dash)
| ~~~~~~~~~~^~~~~~~~
‘parse_process_number’: events 1-16
|
| 47 | if (strcmp(arg, "all") == 0)
| | ~^~~~~~~~~~~~~~~~~~
| | ||
| | |(1) pointer ‘dash’ is dereferenced here
| | (2) following ‘false’ branch (when the strings are
non-equal)...
| 48 | *proc |= ~0UL;
| 49 | else if (strcmp(arg, "odd") == 0)
| | ~~~~~~~~~~~~~~~~~~~
| | ||
| | |(3) ...to here
| | (4) following ‘false’ branch (when the strings are
non-equal)...
| 50 | *proc |= ~0UL / 3UL;
| 51 | else if (strcmp(arg, "even") == 0)
| | ~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(5) ...to here
| | (6) following ‘false’ branch (when the strings are
non-equal)...
|......
| 54 | const char *p, *dash = ((void*)0);
| | ~~~~
| | |
| | (7) ...to here
|......
| 57 | for (p = arg; *p; p++) {
| | ~
| | |
| | (8) following ‘true’ branch...
| | (12) following ‘true’ branch...
| 58 | if (*p == '-' && !dash)
| | ~~~~~~~~~~~~~~~~~~~
| | || |
| | || (10) following ‘true’ branch (when ‘dash’ is
NULL)...
| | || (15) ...to here
| | || (16) pointer ‘dash’ is checked for NULL here
but it was already dereferenced at (1)
| | |(9) ...to here
| | |(13) ...to here
| | (14) following ‘true’ branch...
| 59 | dash = p;
| | ~~~~~~~~
| | |
| | (11) ...to here
|
../../src/haproxy-cfgparse.c:68:8: warning: check of ‘dash’ for NULL after
already dereferencing it [-Wanalyzer-deref-before-check]
68 | if (dash)
| ^
‘parse_process_number’: events 1-12
|
| 47 | if (strcmp(arg, "all") == 0)
| | ~^~~~~~~~~~~~~~~~~~
| | ||
| | |(1) pointer ‘dash’ is dereferenced here
| | (2) following ‘false’ branch (when the strings are
non-equal)...
| 48 | *proc |= ~0UL;
| 49 | else if (strcmp(arg, "odd") == 0)
| | ~~~~~~~~~~~~~~~~~~~
| | ||
| | |(3) ...to here
| | (4) following ‘false’ branch (when the strings are
non-equal)...
| 50 | *proc |= ~0UL / 3UL;
| 51 | else if (strcmp(arg, "even") == 0)
| | ~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(5) ...to here
| | (6) following ‘false’ branch (when the strings are
non-equal)...
|......
| 54 | const char *p, *dash = ((void*)0);
| | ~~~~
| | |
| | (7) ...to here
|......
| 57 | for (p = arg; *p; p++) {
| | ~
| | |
| | (8) following ‘true’ branch...
| 58 | if (*p == '-' && !dash)
| | ~~~~~~~~~~~~~~~~~~
| | | |
| | | (10) following ‘true’ branch (when ‘dash’ is
NULL)...
| | (9) ...to here
| 59 | dash = p;
| | ~~~~~~~~
| | |
| | (11) ...to here
|......
| 68 | if (dash)
| | ~
| | |
| | (12) pointer ‘dash’ is checked for NULL here but it was
already dereferenced at (1)
|
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/109060] -Wanalyzer-deref-before-check false positives seen in haproxy's cfgparse.c: parse_process_number
2023-03-07 21:45 [Bug analyzer/109060] New: -Wanalyzer-deref-before-check false positives seen in haproxy's cfgparse.c: parse_process_number dmalcolm at gcc dot gnu.org
@ 2023-03-10 13:22 ` cvs-commit at gcc dot gnu.org
2023-03-10 13:58 ` dmalcolm at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-03-10 13:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109060
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:c4fd232f9843bb800548a906653aeb0723cdb411
commit r13-6581-gc4fd232f9843bb800548a906653aeb0723cdb411
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Mar 10 08:20:10 2023 -0500
analyzer: fix deref-before-check false +ves seen in haproxy
[PR108475,PR109060]
Integration testing showed various false positives from
-Wanalyzer-deref-before-check where the expression that's dereferenced
is different from the one that's checked, but the diagnostic is emitted
because they both evaluate to the same symbolic value.
This patch rejects such warnings, unless we have tree expressions for
both and that both tree expressions are "spelled the same way" i.e.
would be printed to the same user-facing string.
gcc/analyzer/ChangeLog:
PR analyzer/108475
PR analyzer/109060
* sm-malloc.cc (deref_before_check::deref_before_check):
Initialize new field m_deref_expr. Assert that arg is non-NULL.
(deref_before_check::emit): Reject cases where the spelling of the
thing that was dereferenced differs from that of what is checked,
or if the dereference expression was not found. Remove code to
handle NULL m_arg.
(deref_before_check::describe_state_change): Remove code to handle
NULL m_arg.
(deref_before_check::describe_final_event): Likewise.
(deref_before_check::sufficiently_similar_p): New.
(deref_before_check::m_deref_expr): New field.
(malloc_state_machine::maybe_complain_about_deref_before_check):
Don't warn if the diag_ptr is NULL.
gcc/testsuite/ChangeLog:
PR analyzer/108475
PR analyzer/109060
* gcc.dg/analyzer/deref-before-check-pr108475-1.c: New test.
* gcc.dg/analyzer/deref-before-check-pr108475-haproxy-tcpcheck.c:
New test.
* gcc.dg/analyzer/deref-before-check-pr109060-haproxy-cfgparse.c:
New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/109060] -Wanalyzer-deref-before-check false positives seen in haproxy's cfgparse.c: parse_process_number
2023-03-07 21:45 [Bug analyzer/109060] New: -Wanalyzer-deref-before-check false positives seen in haproxy's cfgparse.c: parse_process_number dmalcolm at gcc dot gnu.org
2023-03-10 13:22 ` [Bug analyzer/109060] " cvs-commit at gcc dot gnu.org
@ 2023-03-10 13:58 ` dmalcolm at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-03-10 13:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109060
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-10 13:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-07 21:45 [Bug analyzer/109060] New: -Wanalyzer-deref-before-check false positives seen in haproxy's cfgparse.c: parse_process_number dmalcolm at gcc dot gnu.org
2023-03-10 13:22 ` [Bug analyzer/109060] " cvs-commit at gcc dot gnu.org
2023-03-10 13:58 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).