public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "vultkayn at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/109437] -Wanalyzer-out-of-bounds is emitted at most once per frame.
Date: Mon, 01 May 2023 12:09:01 +0000 [thread overview]
Message-ID: <bug-109437-4-NOWKnxuBUE@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-109437-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109437
Benjamin Priour <vultkayn at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vultkayn at gcc dot gnu.org
--- Comment #1 from Benjamin Priour <vultkayn at gcc dot gnu.org> ---
(In reply to Benjamin Priour from comment #0)
> OOB refers to Out-Of-Bounds.
>
> Curiously, it seems that if a frame was a cause for a OOB (either by
> containing the spurious code or by being a caller to such code), it will
> only emit one set of warning, rather than at each unique compromising
> statements.
>
>
> int consecutive_oob_in_frame ()
> {
> int arr[] = {1,2,3,4,5,6,7};
> int y1 = arr[9]; // only this one is diagnosed
> int y2 = arr[10]; // no OOB warning emitted here ...
> int y3 = arr[50]; // ... nor here.
> return (y1+y2+y3);
> }
>
> int main () {
> consecutive_oob_in_frame (); // OOB warning emitted
> int x [] = {1,2};
> x[5]; /* silent, probably because another set of OOB warnings
> has already been issued with this frame being the source */
> return 0;
> }
>
>
> As per David suggestion, it might be worth to implement
> pending_diagnostic::supercedes_p vfunc for the OOB checker.
Actually the cause seems to be related to
[https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109439]. Indeed, the further
warning are not emitted only after an OOB read. Consider:
int arr[] = {1,2,3,4,5,6,7};
arr[9] = 7; // 1 warning OOB
arr[15] = 12; // 1 warning OOB
int y = arr[12]; // 2 Warnings as in PR109439, terminate path
arr[11]; // No warnings
The reason is because of the poisoned_value diagnostic that is implementing the
diagnostic_path::terminate_path method
next prev parent reply other threads:[~2023-05-01 12:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-06 16:59 [Bug analyzer/109437] New: " priour.be at gmail dot com
2023-05-01 12:09 ` vultkayn at gcc dot gnu.org [this message]
2023-05-20 22:42 ` [Bug analyzer/109437] " vultkayn at gcc dot gnu.org
2023-06-08 9:50 ` cvs-commit at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-109437-4-NOWKnxuBUE@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).