public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/109437] New: -Wanalyzer-out-of-bounds is emitted at most once per frame.
@ 2023-04-06 16:59 priour.be at gmail dot com
2023-05-01 12:09 ` [Bug analyzer/109437] " vultkayn at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: priour.be at gmail dot com @ 2023-04-06 16:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109437
Bug ID: 109437
Summary: -Wanalyzer-out-of-bounds is emitted at most once per
frame.
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: priour.be at gmail dot com
CC: priour.be at gmail dot com
Target Milestone: ---
Build: 13.0.1 20230328 (experimental)
OOB refers to Out-Of-Bounds.
Curiously, it seems that if a frame was a cause for a OOB (either by containing
the spurious code or by being a caller to such code), it will only emit one set
of warning, rather than at each unique compromising statements.
int consecutive_oob_in_frame ()
{
int arr[] = {1,2,3,4,5,6,7};
int y1 = arr[9]; // only this one is diagnosed
int y2 = arr[10]; // no OOB warning emitted here ...
int y3 = arr[50]; // ... nor here.
return (y1+y2+y3);
}
int main () {
consecutive_oob_in_frame (); // OOB warning emitted
int x [] = {1,2};
x[5]; /* silent, probably because another set of OOB warnings
has already been issued with this frame being the source */
return 0;
}
As per David suggestion, it might be worth to implement
pending_diagnostic::supercedes_p vfunc for the OOB checker.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/109437] -Wanalyzer-out-of-bounds is emitted at most once per frame.
2023-04-06 16:59 [Bug analyzer/109437] New: -Wanalyzer-out-of-bounds is emitted at most once per frame priour.be at gmail dot com
@ 2023-05-01 12:09 ` vultkayn at gcc dot gnu.org
2023-05-20 22:42 ` vultkayn at gcc dot gnu.org
2023-06-08 9:50 ` cvs-commit at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: vultkayn at gcc dot gnu.org @ 2023-05-01 12:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109437
Benjamin Priour <vultkayn at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vultkayn at gcc dot gnu.org
--- Comment #1 from Benjamin Priour <vultkayn at gcc dot gnu.org> ---
(In reply to Benjamin Priour from comment #0)
> OOB refers to Out-Of-Bounds.
>
> Curiously, it seems that if a frame was a cause for a OOB (either by
> containing the spurious code or by being a caller to such code), it will
> only emit one set of warning, rather than at each unique compromising
> statements.
>
>
> int consecutive_oob_in_frame ()
> {
> int arr[] = {1,2,3,4,5,6,7};
> int y1 = arr[9]; // only this one is diagnosed
> int y2 = arr[10]; // no OOB warning emitted here ...
> int y3 = arr[50]; // ... nor here.
> return (y1+y2+y3);
> }
>
> int main () {
> consecutive_oob_in_frame (); // OOB warning emitted
> int x [] = {1,2};
> x[5]; /* silent, probably because another set of OOB warnings
> has already been issued with this frame being the source */
> return 0;
> }
>
>
> As per David suggestion, it might be worth to implement
> pending_diagnostic::supercedes_p vfunc for the OOB checker.
Actually the cause seems to be related to
[https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109439]. Indeed, the further
warning are not emitted only after an OOB read. Consider:
int arr[] = {1,2,3,4,5,6,7};
arr[9] = 7; // 1 warning OOB
arr[15] = 12; // 1 warning OOB
int y = arr[12]; // 2 Warnings as in PR109439, terminate path
arr[11]; // No warnings
The reason is because of the poisoned_value diagnostic that is implementing the
diagnostic_path::terminate_path method
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/109437] -Wanalyzer-out-of-bounds is emitted at most once per frame.
2023-04-06 16:59 [Bug analyzer/109437] New: -Wanalyzer-out-of-bounds is emitted at most once per frame priour.be at gmail dot com
2023-05-01 12:09 ` [Bug analyzer/109437] " vultkayn at gcc dot gnu.org
@ 2023-05-20 22:42 ` vultkayn at gcc dot gnu.org
2023-06-08 9:50 ` cvs-commit at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: vultkayn at gcc dot gnu.org @ 2023-05-20 22:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109437
Benjamin Priour <vultkayn at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #2 from Benjamin Priour <vultkayn at gcc dot gnu.org> ---
I mark it as fixed as my current hotfix on PR109439 proved this one was indeed
just a consequence of it, and not a standalone bug.
*** This bug has been marked as a duplicate of bug 109439 ***
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/109437] -Wanalyzer-out-of-bounds is emitted at most once per frame.
2023-04-06 16:59 [Bug analyzer/109437] New: -Wanalyzer-out-of-bounds is emitted at most once per frame priour.be at gmail dot com
2023-05-01 12:09 ` [Bug analyzer/109437] " vultkayn at gcc dot gnu.org
2023-05-20 22:42 ` vultkayn at gcc dot gnu.org
@ 2023-06-08 9:50 ` cvs-commit at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-06-08 9:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109437
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The trunk branch has been updated by Benjamin Priour <vultkayn@gcc.gnu.org>:
https://gcc.gnu.org/g:9589a46ddadc8b93c224c3f84fa94746c04596bf
commit r14-1632-g9589a46ddadc8b93c224c3f84fa94746c04596bf
Author: Benjamin Priour <vultkayn@gcc.gnu.org>
Date: Thu Jun 8 11:38:08 2023 +0200
analyzer: Standalone OOB-warning [PR109437, PR109439]
This patch enhances -Wanalyzer-out-of-bounds that is no longer paired
with a -Wanalyzer-use-of-uninitialized-value on out-of-bounds-read.
This also fixes PR analyzer/109437.
Before there could always be at most one OOB-read warning per frame because
-Wanalyzer-use-of-uninitialized-value always terminates the analysis
path.
PR 109439
gcc/analyzer/ChangeLog:
* bounds-checking.cc (region_model::check_symbolic_bounds): Returns
whether the BASE_REG
region access was OOB.
(region_model::check_region_bounds): Likewise.
* region-model.cc (region_model::get_store_value): Creates an
unknown svalue on OOB-read access to REG.
(region_model::check_region_access): Returns whether an unknown
svalue needs be created.
(region_model::check_region_for_read): Passes check_region_access
return value.
* region-model.h: Update prior function definitions.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/out-of-bounds-2.c: Cleaned test for
uninitialized-value warning
* gcc.dg/analyzer/out-of-bounds-5.c: Likewise.
* gcc.dg/analyzer/pr101962.c: Likewise.
* gcc.dg/analyzer/realloc-5.c: Likewise.
* gcc.dg/analyzer/pr109439.c: New test.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-06-08 9:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-06 16:59 [Bug analyzer/109437] New: -Wanalyzer-out-of-bounds is emitted at most once per frame priour.be at gmail dot com
2023-05-01 12:09 ` [Bug analyzer/109437] " vultkayn at gcc dot gnu.org
2023-05-20 22:42 ` vultkayn at gcc dot gnu.org
2023-06-08 9:50 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).