From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 605213858D39; Tue, 14 Mar 2023 12:17:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 605213858D39 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1678796234; bh=AUlhHW3aoM5X3W2IOyVlMwsNjcRHXl+FHvgE+YgRXhQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=vTlUVLQkaRy+4MjC30R+PEAl24St9QeDWkl1rScQYRTzS/HwBH08g3JmAbXifbiIA DiebF5GQFFqha53dN8h5TQ80g+Z8zdORi1lDt10FsePO4SE4l2RDzWTC7iosoo+lJo JNUQfFJOJ7iEjDLSQfaEvXBiPSipg+J2K9iuCmJs= From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/109123] Bogus warning: pointer used after 'realloc' -Wuse-after-free with -O2 Date: Tue, 14 Mar 2023 12:17:14 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 12.2.1 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109123 --- Comment #7 from Richard Biener --- (In reply to Manuel L=C3=B3pez-Ib=C3=A1=C3=B1ez from comment #6) > (In reply to Manuel L=C3=B3pez-Ib=C3=A1=C3=B1ez from comment #5) > > Is this code motion valid? Is there any point in the middle-end that ch= ecks > > the validity of the pointer beyond a free/realloc? > >=20 > > If there is a point where such check happens, perhaps it would be a good > > place to apply no_warning attribute to the pointer. >=20 > Answering to myself: It seems the dispute is over the meaning of "use". > According to the middle-end and for the purposes of realloc/free, "use" > means dereference, while for the warning "use" is any read of the value. Yes - that's for practicality since for memory operations we do have dependences on the realloc. > By only warning for dereferences, the warning may miss some obvious cases > like: >=20 > tmp =3D realloc(v->_begin, sizeof(double) * n); > v->_end =3D v->_begin + old_size; > v->_begin =3D tmp; >=20 > However, given that the assumption of the middle-end has worked for decad= es, > and it will be not possible to fix it, warning only for dereferences (or > moving warning for value-uses to a level not enabled by -Wall) would seem > more user-friendly. Warning for "escapes" (the store is an escape point) is also sensible I thi= nk. Warning for other uses is really only sensible before any code motion pass took place. Unfortunately the testsuite is full of cases expected to be diagnosed but are no longer with any change to the operation.=