public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
@ 2023-11-30 21:14 dmalcolm at gcc dot gnu.org
2023-11-30 21:16 ` [Bug analyzer/112790] " dmalcolm at gcc dot gnu.org
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-11-30 21:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
Bug ID: 112790
Summary: -Wanalyzer-deref-before-check false positives seen in
Linux kernel due to inlining
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
https://godbolt.org/z/4fjjcfbPb
False positive on:
typedef unsigned char u8;
struct inode {
void *i_mapping;
u8 i_blkbits;
};
struct block_device {
struct inode *bd_inode;
};
int sync_blockdev(struct block_device *bdev);
int set_blocksize(struct block_device *bdev, u8 size) {
if (bdev->bd_inode->i_blkbits != size) {
sync_blockdev(bdev);
}
return 0;
}
extern int filemap_write_and_wait(void *);
int sync_blockdev(struct block_device *bdev) {
if (!bdev)
return 0;
return filemap_write_and_wait(bdev->bd_inode->i_mapping);
}
$ xgcc B. -Wall -fno-delete-null-pointer-checks -O2 -fanalyzer -g -S
False positive:
In function ‘sync_blockdev’,
inlined from ‘set_blocksize’ at t.c:12:5:
t.c:18:6: warning: check of ‘bdev’ for NULL after already dereferencing it
[-Wanalyzer-deref-before-check]
18 | if (!bdev)
| ^
‘set_blocksize’: events 1-4
|
| 11 | if (bdev->bd_inode->i_blkbits != size) {
| | ~~~~~^~~~~~~~~~
| | | |
| | | (1) pointer ‘bdev’ is dereferenced here
| | (2) following ‘true’ branch...
| 12 | sync_blockdev(bdev);
| | ~~~~~~~~~~~~~
| | |
| | (3) ...to here
| | (4) inlined call to ‘sync_blockdev’ from ‘set_blocksize’
|
+--> ‘sync_blockdev’: event 5
|
| 18 | if (!bdev)
| | ^
| | |
| | (5) pointer ‘bdev’ is checked for NULL here but it was
already dereferenced at (1)
|
The check from the inlined function shouldn't lead to this warning.
All of "-fno-delete-null-pointer-checks -O2 -fanalyzer -g" seem to be
necessary.
(reduced from block/bdev.c)
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/112790] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
2023-11-30 21:14 [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining dmalcolm at gcc dot gnu.org
@ 2023-11-30 21:16 ` dmalcolm at gcc dot gnu.org
2024-01-04 14:16 ` cvs-commit at gcc dot gnu.org
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-11-30 21:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2023-11-30
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Also affects gcc 13.2: https://godbolt.org/z/3WTrzGTTc
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/112790] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
2023-11-30 21:14 [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining dmalcolm at gcc dot gnu.org
2023-11-30 21:16 ` [Bug analyzer/112790] " dmalcolm at gcc dot gnu.org
@ 2024-01-04 14:16 ` cvs-commit at gcc dot gnu.org
2024-01-04 14:21 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-01-04 14:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
--- Comment #2 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:5743e1899d596497800f7d6f4273d535ea0abcdd
commit r14-6918-g5743e1899d596497800f7d6f4273d535ea0abcdd
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Jan 4 09:15:18 2024 -0500
analyzer: fix deref-before-check false positives due to inlining [PR112790]
gcc/analyzer/ChangeLog:
PR analyzer/112790
* checker-event.cc (class inlining_info): Move to...
* inlining-iterator.h (class inlining_info): ...here.
* sm-malloc.cc: Include "analyzer/inlining-iterator.h".
(maybe_complain_about_deref_before_check): Reject stmts that were
inlined from another function.
gcc/testsuite/ChangeLog:
PR analyzer/112790
* c-c++-common/analyzer/deref-before-check-pr112790.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/112790] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
2023-11-30 21:14 [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining dmalcolm at gcc dot gnu.org
2023-11-30 21:16 ` [Bug analyzer/112790] " dmalcolm at gcc dot gnu.org
2024-01-04 14:16 ` cvs-commit at gcc dot gnu.org
@ 2024-01-04 14:21 ` cvs-commit at gcc dot gnu.org
2024-01-04 15:06 ` dmalcolm at gcc dot gnu.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-01-04 14:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
--- Comment #3 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:05c99b1c7965f46f0ff17d5e8f4020a62c643ae5
commit r14-6919-g05c99b1c7965f46f0ff17d5e8f4020a62c643ae5
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Jan 4 09:19:06 2024 -0500
analyzer: add sarif properties for checker events
As another followup to r14-6057-g12b67d1e13b3cf, optionally add SARIF
property bags to threadFlowLocation objects when writing out diagnostic
paths, and add analyzer-specific properties to them.
This was useful for debugging PR analyzer/112790.
gcc/analyzer/ChangeLog:
* checker-event.cc: Include "diagnostic-format-sarif.h" and
"tree-logical-location.h".
(checker_event::maybe_add_sarif_properties): New.
(superedge_event::maybe_add_sarif_properties): New.
(superedge_event::superedge_event): Add comment.
* checker-event.h (checker_event::maybe_add_sarif_properties): New
decl.
(superedge_event::maybe_add_sarif_properties): New decl.
gcc/ChangeLog:
* diagnostic-format-sarif.cc
(sarif_builder::make_logical_location_object): Convert to...
(make_sarif_logical_location_object): ...this.
(sarif_builder::set_any_logical_locs_arr): Update for above
change.
(sarif_builder::make_thread_flow_location_object): Call
maybe_add_sarif_properties on each diagnostic_event.
* diagnostic-format-sarif.h (class logical_location): New forward
decl.
(make_sarif_logical_location_object): New decl.
* diagnostic-path.h (class sarif_object): New forward decl.
(diagnostic_event::maybe_add_sarif_properties): New vfunc.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/112790] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
2023-11-30 21:14 [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining dmalcolm at gcc dot gnu.org
` (2 preceding siblings ...)
2024-01-04 14:21 ` cvs-commit at gcc dot gnu.org
@ 2024-01-04 15:06 ` dmalcolm at gcc dot gnu.org
2024-04-14 5:20 ` [Bug analyzer/112790] [13 Regression] " pinskia at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-01-04 15:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch on trunk.
Keeping open as it still affects GCC 13.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/112790] [13 Regression] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
2023-11-30 21:14 [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining dmalcolm at gcc dot gnu.org
` (3 preceding siblings ...)
2024-01-04 15:06 ` dmalcolm at gcc dot gnu.org
@ 2024-04-14 5:20 ` pinskia at gcc dot gnu.org
2024-05-09 17:11 ` cvs-commit at gcc dot gnu.org
2024-05-09 17:52 ` [Bug analyzer/112790] " dmalcolm at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-04-14 5:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |13.3
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/112790] [13 Regression] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
2023-11-30 21:14 [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining dmalcolm at gcc dot gnu.org
` (4 preceding siblings ...)
2024-04-14 5:20 ` [Bug analyzer/112790] [13 Regression] " pinskia at gcc dot gnu.org
@ 2024-05-09 17:11 ` cvs-commit at gcc dot gnu.org
2024-05-09 17:52 ` [Bug analyzer/112790] " dmalcolm at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-05-09 17:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
--- Comment #5 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-13 branch has been updated by David Malcolm
<dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:994477c41049d45b60a4d6db7f624fe5c89860fe
commit r13-8751-g994477c41049d45b60a4d6db7f624fe5c89860fe
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu May 9 13:09:29 2024 -0400
analyzer: fix deref-before-check false positives due to inlining [PR112790]
Backported from commit r14-6918-g5743e1899d5964 (moving testcase from
c-c++-common to gcc.dg).
gcc/analyzer/ChangeLog:
PR analyzer/112790
* checker-event.cc (class inlining_info): Move to...
* inlining-iterator.h (class inlining_info): ...here.
* sm-malloc.cc: Include "analyzer/inlining-iterator.h".
(maybe_complain_about_deref_before_check): Reject stmts that were
inlined from another function.
gcc/testsuite/ChangeLog:
PR analyzer/112790
* gcc.dg/analyzer/deref-before-check-pr112790.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/112790] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
2023-11-30 21:14 [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining dmalcolm at gcc dot gnu.org
` (5 preceding siblings ...)
2024-05-09 17:11 ` cvs-commit at gcc dot gnu.org
@ 2024-05-09 17:52 ` dmalcolm at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-05-09 17:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Summary|[13 Regression] |-Wanalyzer-deref-before-che
|-Wanalyzer-deref-before-che |ck false positives seen in
|ck false positives seen in |Linux kernel due to
|Linux kernel due to |inlining
|inlining |
Status|ASSIGNED |RESOLVED
--- Comment #6 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed for GCC 13 (for the upcoming GCC 13.3) by the above patch.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-05-09 17:52 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-30 21:14 [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining dmalcolm at gcc dot gnu.org
2023-11-30 21:16 ` [Bug analyzer/112790] " dmalcolm at gcc dot gnu.org
2024-01-04 14:16 ` cvs-commit at gcc dot gnu.org
2024-01-04 14:21 ` cvs-commit at gcc dot gnu.org
2024-01-04 15:06 ` dmalcolm at gcc dot gnu.org
2024-04-14 5:20 ` [Bug analyzer/112790] [13 Regression] " pinskia at gcc dot gnu.org
2024-05-09 17:11 ` cvs-commit at gcc dot gnu.org
2024-05-09 17:52 ` [Bug analyzer/112790] " dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).