From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 33F393858CD1; Sat, 6 Jan 2024 19:08:52 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 33F393858CD1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1704568132; bh=QRBE1kpOlm2ar71jOArgbU7hyPOUWgcmDEhb8VA6dAU=; h=From:To:Subject:Date:From; b=j6ZHnQmhN1G+UmOayEQ+IshM6XqWIek04hIdc97Z/IXZQMJJMlvm/xXjGpqz2ZVxV fsYkvs8DR2QUAy3rYuA391EZZEOazLWm1gRLqmg5abA9f2eTMOAc/x9rRET+ZxeRpd XQ0rJPBmRp51BcQ2+5FROB6KXIaFe9ISOfOel9dY= From: "eggert at cs dot ucla.edu" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/113253] New: gcc -g causes -fanalyzer to issue false positive Date: Sat, 06 Jan 2024 19:08:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.2.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: eggert at cs dot ucla.edu X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D113253 Bug ID: 113253 Summary: gcc -g causes -fanalyzer to issue false positive Product: gcc Version: 13.2.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: eggert at cs dot ucla.edu Target Milestone: --- Created attachment 56998 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D56998&action=3Dedit marker1.i file illustrating -fanalyzer -g bug This is a weird one, taken from bleeding-edge GNU Emacs, compiled with gcc (GCC) 13.2.1 20231205 (Red Hat 13.2.1-6) on x86-64. Compile the attached wi= th: gcc -O2 -S -g -fanalyzer marker1.i I get the following diagnostic, which is a false positive. If I do not use = the gcc's "-g" option, the compile is clean with no diagnostics. marker1.i: In function =E2=80=98set_marker_internal=E2=80=99: marker1.i:17754:7: warning: check of =E2=80=98(long unsigned int)buffer + 18446744073709551611=E2=80=99 for NULL after already dereferencing it [-Wanalyzer-deref-before-check] 17752 | if (NILP (position) | ~~~~~~~~~~~~~~~ 17753 | || (MARKERP (position) && !XMARKER (position)->buffer) | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 17754 | || !b) | ^~~~~ =E2=80=98set_marker_restricted=E2=80=99: events 1-2 | |17803 | set_marker_restricted (Lisp_Object marker, Lisp_Object positio= n, | | ^~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to =E2=80=98set_marker_restricted=E2=80=99 |...... |17806 | return set_marker_internal (marker, position, buffer, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) calling =E2=80=98set_marker_internal=E2=80=99 from =E2=80=98set_marker_restricted=E2=80=99 |17807 | 1 | | ~ |17808 | ); | | ~ | +--> =E2=80=98set_marker_internal=E2=80=99: events 3-4 | |17743 | set_marker_internal (Lisp_Object marker, Lisp_Object position, | | ^~~~~~~~~~~~~~~~~~~ | | | | | (3) entry to =E2=80=98set_marker_internal=E2=80=99 |...... |17749 | struct buffer *b =3D live_buffer (buffer); | | ~ | | | | | (4) inlined call to =E2=80=98live_= buffer=E2=80=99 from =E2=80=98set_marker_internal=E2=80=99 | +--> =E2=80=98live_buffer=E2=80=99: event 5 | |17737 | struct buffer *b =3D decode_buffer (buffer); | | ^~~~~~~~~~~~~~~~~~~~~~ | | | | | (5) calling =E2=80=98decode= _buffer=E2=80=99 from =E2=80=98set_marker_internal=E2=80=99 | =E2=80=98decode_buffer=E2=80=99: events 6-9 | |11274 | decode_buffer (Lisp_Object b) | | ^~~~~~~~~~~~~ | | | | | (6) entry to =E2=80=98decode_buffer=E2=80=99 |11275 | { |11276 | return NILP (b) ? (current_thread->m_current_buffer) : (CHECK_BUFFER (b), XBUFFER (b)); | |=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~ | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 | | | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 | (8) ...to here | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 | (9) calling =E2=80=98CHECK_BUFFER=E2=80=99 from =E2=80=98decode_buffer= =E2=80=99 | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 (7) following =E2=80=98false=E2=80=99 branch (when =E2=80=98b=E2=80=99 is= non-NULL)... | +--> =E2=80=98CHECK_BUFFER=E2=80=99: event 10 | |10892 | CHECK_BUFFER (Lisp_Object x) | | ^~~~~~~~~~~~ | | | | | (10) entry to =E2=80=98CHECK_BUFFER=E2=80= =99 | +--> =E2=80=98CHECK_BUFFER=E2=80=99: event 11 | |10894 | CHECK_TYPE (BUFFERP (x), builtin_lisp_symbol (346), x); | | ^ | | | | | (11) inlined call to =E2=80=98BUFFERP=E2=80=99 from =E2=80=98CHECK_BUFFER=E2=80=99 | +--> =E2=80=98BUFFERP=E2=80=99: event 12 | |10889 | return PSEUDOVECTORP (a, PVEC_BUFFER); | | ^ | | | | | (12) inlined call = to =E2=80=98PSEUDOVECTORP=E2=80=99 from =E2=80=98BUFFERP=E2=80=99 | +--> =E2=80=98PSEUDOVECTORP=E2=80=99= : event 13 | | 6274 | return (TAGGEDP ((= a), Lisp_Vectorlike) && ((((union vectorlike_header *) ((uintptr_t) XLP ((a)) - (uintptr_t) ((Lisp_Word_tag) (Lisp_Vectorlike) << (((0x7fffffffffffffffL | |=20=20=20=20=20=20=20= =20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~ | |=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 | | |=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 (13) following =E2=80=98true=E2=80=99 branch... | 6275 | >> (3 - 1)) = / 2 < | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 | 6276 |=20=20=20=20=20=20=20= =20 (9223372036854775807L) | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20=20=20=20=20=20=20=20=20 | 6277 | ) ? 0 : VALBITS))))->size & (( | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20 | 6278 |=20=20=20=20=20=20=20= =20 (9223372036854775807L) | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20=20=20=20=20=20=20=20=20 | 6279 | - | | ~=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20 | 6280 |=20=20=20=20=20=20=20= =20 (9223372036854775807L) | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20=20=20=20=20=20=20=20=20 | 6281 | / 2) | PVEC_TYPE_MASK)) =3D=3D (( | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20=20 | 6282 |=20=20=20=20=20=20=20= =20 (9223372036854775807L) | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20=20=20=20=20=20=20=20=20 | 6283 | - | | ~=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20 | 6284 |=20=20=20=20=20=20=20= =20 (9223372036854775807L) | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20=20=20=20=20=20=20=20=20 | 6285 | / 2) | ((cod= e) << PSEUDOVECTOR_AREA_BITS)))); | |=20=20=20=20=20=20=20= =20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | <--------------------+ | =E2=80=98CHECK_BUFFER=E2=80=99: event 14 | |10889 | return PSEUDOVECTORP (a, PVEC_BUFFER); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (14) ...to here | <------+ | =E2=80=98decode_buffer=E2=80=99: event 15 | |11276 | return NILP (b) ? (current_thread->m_current_buffer) : (CHECK_BUFFER (b), XBUFFER (b)); | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 ^~~~~~~~~~~~~~~~ | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 | | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 (15) returning to =E2=80=98decode_buffer=E2=80=99 from =E2=80=98CHECK_= BUFFER=E2=80=99 | <------+ | =E2=80=98set_marker_internal=E2=80=99: event 16 | |17749 | struct buffer *b =3D live_buffer (buffer); | | ^ | | | | | (16) inlined call to =E2=80=98live= _buffer=E2=80=99 from =E2=80=98set_marker_internal=E2=80=99 | +--> =E2=80=98live_buffer=E2=80=99: events 17-18 | |17737 | struct buffer *b =3D decode_buffer (buffer); | | ^~~~~~~~~~~~~~~~~~~~~~ | | | | | (17) returning to =E2=80=98set_marker_internal=E2=80=99 from =E2=80=98decode_buffer=E2=80=99 |17738 | return BUFFER_LIVE_P (b) ? b : | | ~=20=20=20=20=20=20=20=20=20=20=20=20 | | | | | (18) inlined call to =E2=80=98BUFFER_LI= VE_P=E2=80=99 from =E2=80=98live_buffer=E2=80=99 | +--> =E2=80=98BUFFER_LIVE_P=E2=80=99: event 19 | |11203 | return !NILP (((b)->name_)); | | ^~~~~~~~~~~~~~~~~~~ | | | | | (19) pointer =E2=80=98(long uns= igned int)buffer + 18446744073709551611=E2=80=99 is dereferenced here | <------+ | =E2=80=98live_buffer=E2=80=99: event 20 | |17738 | return BUFFER_LIVE_P (b) ? b : | | ~~~~~~~~~~~~~~~~~~~~~~^ | | | | | (20) following = =E2=80=98true=E2=80=99 branch... |17739 | ((void *)0) | | ~~~~~~~~~~~ | <------+ | =E2=80=98set_marker_internal=E2=80=99: events 21-22 | |17749 | struct buffer *b =3D live_buffer (buffer); | | ^~~~~~~~~~~~~~~~~~~~ | | | | | (21) ...to here |17750 | CHECK_MARKER (marker); | | ~~~~~~~~~~~~~~~~~~~~~ | | | | | (22) calling =E2=80=98CHECK_MARKER=E2=80=99 from =E2= =80=98set_marker_internal=E2=80=99 | +--> =E2=80=98CHECK_MARKER=E2=80=99: event 23 | |17445 | CHECK_MARKER (Lisp_Object x) | | ^~~~~~~~~~~~ | | | | | (23) entry to =E2=80=98CHECK_MARKER=E2=80=99 | +--> =E2=80=98CHECK_MARKER=E2=80=99: event 24 | |17447 | CHECK_TYPE (MARKERP (x), builtin_lisp_symbol (974), x); | | ^ | | | | | (24) inlined call to =E2=80= =98MARKERP=E2=80=99 from =E2=80=98CHECK_MARKER=E2=80=99 | +--> =E2=80=98MARKERP=E2=80=99: event 25 | | 8235 | return PSEUDOVECTORP (x, PVEC_MARKER); | | ^ | | | | | (25) inlined call to =E2=80=98PSEUDOVECTORP=E2=80=99 from =E2=80=98MARKERP=E2=80=99 | +--> =E2=80=98PSEUDOVECTORP=E2=80=99: event= 26 | | 6274 | return (TAGGEDP ((a), Lisp_Vectorlike) && ((((union vectorlike_header *) ((uintptr_t) XLP ((a)) - (uintptr_t) ((Lisp_Word_tag) (Lisp_Vectorlike) << (((0x7fffffffffffffffL | |=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~ | |=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 | | |=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 (26) following =E2=80=98true=E2=80=99 branch... | 6275 | >> (3 - 1)) / 2 < | | ~~~~~~~~~~~~~~~~~= =20=20=20=20=20=20=20 | 6276 | (922337203685477580= 7L) | | ~~~~~~~~~~~~~~~~~~~= ~~~=20=20 | 6277 | ) ? 0 : VALBITS))))->size & (( | |=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20 | 6278 | (922337203685477580= 7L) | | ~~~~~~~~~~~~~~~~~~~= ~~~=20=20 | 6279 | - | | ~=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 | 6280 | (922337203685477580= 7L) | | ~~~~~~~~~~~~~~~~~~~= ~~~=20=20 | 6281 | / 2) | PVEC_TYPE_MA= SK)) =3D=3D (( | |=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=20=20=20=20=20 | 6282 | (922337203685477580= 7L) | | ~~~~~~~~~~~~~~~~~~~= ~~~=20=20 | 6283 | - | | ~=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 | 6284 | (922337203685477580= 7L) | | ~~~~~~~~~~~~~~~~~~~= ~~~=20=20 | 6285 | / 2) | ((code) << PSEUDOVECTOR_AREA_BITS)))); | |=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | <--------------------+ | =E2=80=98CHECK_MARKER=E2=80=99: event 27 | | 8235 | return PSEUDOVECTORP (x, PVEC_MARKER); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (27) ...to here | <------+ | =E2=80=98set_marker_internal=E2=80=99: events 28-31 | | 8233 | MARKERP (Lisp_Object x) | | ~~~~~~~ | | | | | (30) ...to here |...... |17750 | CHECK_MARKER (marker); | | ^~~~~~~~~~~~~~~~~~~~~ | | | | | (28) returning to =E2=80=98set_marker_internal=E2=80= =99 from =E2=80=98CHECK_MARKER=E2=80=99 |17751 | m =3D XMARKER (marker); |17752 | if (NILP (position) | | ~~~~~~~~~~~~~~~~ | | | | | (29) following =E2=80=98false=E2=80=99 branch (whe= n =E2=80=98position=E2=80=99 is non-NULL)... |17753 | || (MARKERP (position) && !XMARKER (position)->buffer) | |=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |17754 | || !b) | | ~~~~~ | | | | | (31) pointer =E2=80=98(long unsigned int)buffer + 18446744073709551611=E2=80=99 is checked for NULL here but it was already d= ereferenced at (19) |=