From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 934503858C62; Thu, 30 Nov 2023 21:14:20 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 934503858C62 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1701378860; bh=kvzrfj4YG6lXNIICEINegQzFMnIDzEpHN/rAJ9GjyLI=; h=From:To:Subject:Date:From; b=qZ+AlQ5PCqPx0kDjG+gkYUuSqQMdsD4Q6Fy7Ggqyr0H81W4ZSPqLuzxNT32Dk2c+7 5G6TYYWnnRZzJE0OiryyuKxlRv/mz8fzRE1ZatDPK63CdqmwOjvTx48kzgJfKFhMNy /zRRC913RyHHVV+SIK+DYrOZpRVJmSebcX4VYT3w= From: "dmalcolm at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/112790] New: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining Date: Thu, 30 Nov 2023 21:14:20 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dmalcolm at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D112790 Bug ID: 112790 Summary: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- https://godbolt.org/z/4fjjcfbPb False positive on: typedef unsigned char u8; struct inode { void *i_mapping; u8 i_blkbits; }; struct block_device { struct inode *bd_inode; }; int sync_blockdev(struct block_device *bdev); int set_blocksize(struct block_device *bdev, u8 size) { if (bdev->bd_inode->i_blkbits !=3D size) { sync_blockdev(bdev); } return 0; } extern int filemap_write_and_wait(void *); int sync_blockdev(struct block_device *bdev) { if (!bdev) return 0; return filemap_write_and_wait(bdev->bd_inode->i_mapping); } $ xgcc B. -Wall -fno-delete-null-pointer-checks -O2 -fanalyzer -g -S=20 False positive: In function =E2=80=98sync_blockdev=E2=80=99, inlined from =E2=80=98set_blocksize=E2=80=99 at t.c:12:5: t.c:18:6: warning: check of =E2=80=98bdev=E2=80=99 for NULL after already d= ereferencing it [-Wanalyzer-deref-before-check] 18 | if (!bdev) | ^ =E2=80=98set_blocksize=E2=80=99: events 1-4 | | 11 | if (bdev->bd_inode->i_blkbits !=3D size) { | | ~~~~~^~~~~~~~~~ | | | | | | | (1) pointer =E2=80=98bdev=E2=80=99 is dereferenced h= ere | | (2) following =E2=80=98true=E2=80=99 branch... | 12 | sync_blockdev(bdev); | | ~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) inlined call to =E2=80=98sync_blockdev=E2=80=99 from = =E2=80=98set_blocksize=E2=80=99 | +--> =E2=80=98sync_blockdev=E2=80=99: event 5 | | 18 | if (!bdev) | | ^ | | | | | (5) pointer =E2=80=98bdev=E2=80=99 is checked for = NULL here but it was already dereferenced at (1) | The check from the inlined function shouldn't lead to this warning. All of "-fno-delete-null-pointer-checks -O2 -fanalyzer -g" seem to be necessary. (reduced from block/bdev.c)=