From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 9079A3858C5F; Mon, 1 May 2023 12:09:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9079A3858C5F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1682942942; bh=+ml22TiD6ONHvx9PMA8Bf8KPaVP1gQ93p3lcUnXstaQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=RHwtq5CcRe37mNauNg7357Dgk04CCsFUYgGiRPvq4sli22TRLal1QJoZq+MhupG3x gFJmRFzsZ7CeeboBy59WM/dPZ4kVZKZqqw2CbuViqPwPjBhOKVH0Y8PRG+FzCffGli 4VG0giM9U2f6d1cze57taAlfM9dEYN/aiK8kYEvE= From: "vultkayn at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/109437] -Wanalyzer-out-of-bounds is emitted at most once per frame. Date: Mon, 01 May 2023 12:09:01 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: vultkayn at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109437 Benjamin Priour changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vultkayn at gcc dot gnu.org --- Comment #1 from Benjamin Priour --- (In reply to Benjamin Priour from comment #0) > OOB refers to Out-Of-Bounds. >=20 > Curiously, it seems that if a frame was a cause for a OOB (either by > containing the spurious code or by being a caller to such code), it will > only emit one set of warning, rather than at each unique compromising > statements. >=20 >=20 > int consecutive_oob_in_frame () > { > int arr[] =3D {1,2,3,4,5,6,7}; > int y1 =3D arr[9]; // only this one is diagnosed > int y2 =3D arr[10]; // no OOB warning emitted here ... > int y3 =3D arr[50]; // ... nor here. > return (y1+y2+y3); > } >=20 > int main () { > consecutive_oob_in_frame (); // OOB warning emitted > int x [] =3D {1,2}; > x[5]; /* silent, probably because another set of OOB warnings > has already been issued with this frame being the source */ > return 0; > } >=20 >=20 > As per David suggestion, it might be worth to implement > pending_diagnostic::supercedes_p vfunc for the OOB checker. Actually the cause seems to be related to [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109439]. Indeed, the further warning are not emitted only after an OOB read. Consider: int arr[] =3D {1,2,3,4,5,6,7}; arr[9] =3D 7; // 1 warning OOB arr[15] =3D 12; // 1 warning OOB int y =3D arr[12]; // 2 Warnings as in PR109439, terminate path arr[11]; // No warnings The reason is because of the poisoned_value diagnostic that is implementing= the diagnostic_path::terminate_path method=