From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id A1BCF3858D39; Sun, 26 Mar 2023 21:08:29 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A1BCF3858D39 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1679864909; bh=sU4a9b8W5U9RAZQHqHHjSusSTnyZmbEDfMBq6jBK0zQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=QZRE9Uw5QoTkC7tybIv8lcnKrF3yh8lF2nLxxZlmvYHIuNMArs4weVlnLszTNJ/OM nzM/FBUMMkU1zcq7HTJmQPSQT7SUOSZzgU2A4881qrmZmLCNyQElxziilWblTdHBx3 R0w/bi2zcBffQA0YrFDIgTtU1ISrnD0OECI9cBxM= From: "jg at jguk dot org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/109266] Wanalyzer-null-dereference does not warn when struct is at null Date: Sun, 26 Mar 2023 21:08:29 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: jg at jguk dot org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109266 --- Comment #2 from Jonny Grant --- Thank you for your reply David. Your analyzer is very good already. I played around a bit, a base of nullptr doesn't give a warning. But changi= ng to 0x10 does give array-bounds warning. cc1plus: note: source object is likely at address zero :13:13: warning: array subscript 0 is outside array bounds of 'a_t = [0]' [-Warray-bounds=3D] https://godbolt.org/z/PhhT48xxP Found Andrew Pinski comment says 4096 is not accessible: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106699#c1 I wondered if you know how to turn on that "cc1plus: note: source object is likely at address zero? It seems different from normal warnings. It would be fantastic if there was a way for me to specify on the gcc comma= nd line an address range I didn't want read and/or writable. That would be gre= at to get build warnings from those addresses if the compiler could see them b= eing accessed. At the moment, I always need to use the JTAG debugger to set some hw breakpoints on read from various addresses to catch those accesses (as they= are mapped to the interrupt vector from 0x0). On Windows I've had various crash= es where the access was address 0x10 so felt like that was probably a struct offset too I don't know very much about gcc internals. I did wonder if the analyzer can see the base address of the struct being passed as 0x0 in the RTL file? I tried -fdump-rtl-all but couldn't see the 0x0 address, or when I changed = to 0x10 either=