public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/109239] New: -Wanalyzer-deref-before-check seen on Linux kernel due to inlining with -fno-delete-null-pointer-checks
@ 2023-03-21 19:14 dmalcolm at gcc dot gnu.org
2023-03-22 12:42 ` [Bug analyzer/109239] " cvs-commit at gcc dot gnu.org
2023-03-22 12:48 ` dmalcolm at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-03-21 19:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109239
Bug ID: 109239
Summary: -Wanalyzer-deref-before-check seen on Linux kernel due
to inlining with -fno-delete-null-pointer-checks
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 54724
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54724&action=edit
Reproducer
I'm seeing various -Wanalyzer-deref-before-check false positives on the Linux
kernel; hopefully the attached is a representative reproducer for all of them.
When compiled with:
-fanalyzer -fno-delete-null-pointer-checks -O2
trunk falsely complains:
In function 'bus_get',
inlined from 'bus_remove_file' at <source>:122:7,
inlined from 'remove_probe_files' at <source>:139:3,
inlined from 'bus_unregister' at <source>:150:3:
<source>:105:6: warning: check of 'bus' for NULL after already dereferencing it
[-Wanalyzer-deref-before-check]
105 | if (bus) {
| ^
'bus_unregister': events 1-2
|
| 147 | if (bus->dev_root)
| | ~~~^~~~~~~~~~
| | |
| | (1) pointer 'bus' is dereferenced here
|......
| 150 | remove_probe_files(bus);
| | ~
| | |
| | (2) inlined call to 'remove_probe_files' from 'bus_unregister'
|
+--> 'remove_probe_files': event 3
|
| 139 | bus_remove_file(bus, &bus_attr_drivers_autoprobe);
| | ^
| | |
| | (3) inlined call to 'bus_remove_file' from
'remove_probe_files'
|
+--> 'bus_remove_file': event 4
|
| 122 | if (bus_get(bus)) {
| | ^
| | |
| | (4) inlined call to 'bus_get' from
'bus_remove_file'
|
+--> 'bus_get': event 5
|
| 105 | if (bus) {
| | ^
| | |
| | (5) pointer 'bus' is checked for NULL
here but it was already dereferenced at (1)
|
Compiler returned: 0
Trunk: https://godbolt.org/z/ErKf6fz86
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/109239] -Wanalyzer-deref-before-check seen on Linux kernel due to inlining with -fno-delete-null-pointer-checks
2023-03-21 19:14 [Bug analyzer/109239] New: -Wanalyzer-deref-before-check seen on Linux kernel due to inlining with -fno-delete-null-pointer-checks dmalcolm at gcc dot gnu.org
@ 2023-03-22 12:42 ` cvs-commit at gcc dot gnu.org
2023-03-22 12:48 ` dmalcolm at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-03-22 12:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109239
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:0c652ebbf79bd168766097f3ac4c1b3b79d68a43
commit r13-6800-g0c652ebbf79bd168766097f3ac4c1b3b79d68a43
Author: David Malcolm <dmalcolm@redhat.com>
Date: Wed Mar 22 08:40:34 2023 -0400
analyzer: fix false +ves from -Wanalyzer-deref-before-check due to inlining
[PR109239]
The patch has this effect on my integration tests of -fanalyzer:
Comparison:
GOOD: 129 (17.70% -> 17.92%)
BAD: 600 -> 591 (-9)
which is purely due to improvements to -Wanalyzer-deref-before-check
on the Linux kernel:
-Wanalyzer-deref-before-check:
GOOD: 1 (4.55% -> 7.69%)
BAD: 21 -> 12 (-9)
Known false positives: 16 -> 10 (-6)
linux-5.10.162: 7 -> 1 (-6)
Suspected false positives: 3 -> 0 (-3)
linux-5.10.162: 3 -> 0 (-3)
gcc/analyzer/ChangeLog:
PR analyzer/109239
* program-point.cc: Include "analyzer/inlining-iterator.h".
(program_point::effectively_intraprocedural_p): New function.
* program-point.h (program_point::effectively_intraprocedural_p):
New decl.
* sm-malloc.cc (deref_before_check::emit): Use it when rejecting
interprocedural cases, so that we reject interprocedural cases
that have become intraprocedural due to inlining.
gcc/testsuite/ChangeLog:
PR analyzer/109239
* gcc.dg/analyzer/deref-before-check-pr109239-linux-bus.c: New
test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/109239] -Wanalyzer-deref-before-check seen on Linux kernel due to inlining with -fno-delete-null-pointer-checks
2023-03-21 19:14 [Bug analyzer/109239] New: -Wanalyzer-deref-before-check seen on Linux kernel due to inlining with -fno-delete-null-pointer-checks dmalcolm at gcc dot gnu.org
2023-03-22 12:42 ` [Bug analyzer/109239] " cvs-commit at gcc dot gnu.org
@ 2023-03-22 12:48 ` dmalcolm at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-03-22 12:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109239
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|UNCONFIRMED |RESOLVED
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-22 12:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-21 19:14 [Bug analyzer/109239] New: -Wanalyzer-deref-before-check seen on Linux kernel due to inlining with -fno-delete-null-pointer-checks dmalcolm at gcc dot gnu.org
2023-03-22 12:42 ` [Bug analyzer/109239] " cvs-commit at gcc dot gnu.org
2023-03-22 12:48 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).