public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c
@ 2024-01-10 20:42 dmalcolm at gcc dot gnu.org
2024-01-10 22:01 ` [Bug analyzer/113314] " dmalcolm at gcc dot gnu.org
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-01-10 20:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314
Bug ID: 113314
Summary: -Wanalyzer-infinite-loop false positive seen on
haproxy's fd.c
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 57027
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57027&action=edit
Reproducer
https://godbolt.org/z/1oYYear8z
t.c: In function ‘fd_add_to_fd_list’:
t.c:71:15: warning: infinite loop [CWE-835] [-Wanalyzer-infinite-loop]
71 | next = fdtab[fd].update.next;
| ^
‘fd_add_to_fd_list’: events 1-5
|
| 71 | next = fdtab[fd].update.next;
| | ^
| | |
| | (1) infinite loop here
| 72 | if (next > -2)
| | ~
| | |
| | (2) if it ever follows ‘false’ branch, it will always do
so...
| 73 | goto done;
| 74 | if (next == -2)
| | ~
| | |
| | (3) ...to here
| | (4) if it ever follows ‘true’ branch, it will always do so...
| 75 | goto redo_next;
| | ~~~~
| | |
| | (5) ...to here
|
‘fd_add_to_fd_list’: event 6
|
|cc1:
| (6): looping back...
|
‘fd_add_to_fd_list’: event 7
|
| 71 | next = fdtab[fd].update.next;
| | ^
| | |
| | (7) ...to here
Seen on haproxy-2.7.1's src/fd.c (in analyzer integration tests).
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/113314] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c
2024-01-10 20:42 [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c dmalcolm at gcc dot gnu.org
@ 2024-01-10 22:01 ` dmalcolm at gcc dot gnu.org
2024-02-16 13:54 ` [Bug analyzer/113314] [14 Regression] " dmalcolm at gcc dot gnu.org
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-01-10 22:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Indeed, if this is a single-threaded program, then this code:
63 void
64 fd_add_to_fd_list(volatile struct fdlist* list, int fd)
65 {
66 int next;
67 int new;
68 int old;
69 int last;
70 redo_next:
71 next = fdtab[fd].update.next;
72 if (next > -2)
73 goto done;
74 if (next == -2)
75 goto redo_next;
does look like an infinite loop when next == 2.
Perhaps the presence of the atomic builtin later in the function should be a
clue to the analyzer that this is multi-threaded, and that
fdtab[fd].update.next can be changed (presuambly by another thread)
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c
2024-01-10 20:42 [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c dmalcolm at gcc dot gnu.org
2024-01-10 22:01 ` [Bug analyzer/113314] " dmalcolm at gcc dot gnu.org
@ 2024-02-16 13:54 ` dmalcolm at gcc dot gnu.org
2024-03-04 13:05 ` rguenth at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-02-16 13:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
Last reconfirmed| |2024-02-16
Summary|-Wanalyzer-infinite-loop |[14 Regression]
|false positive seen on |-Wanalyzer-infinite-loop
|haproxy's fd.c |false positive seen on
| |haproxy's fd.c
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c
2024-01-10 20:42 [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c dmalcolm at gcc dot gnu.org
2024-01-10 22:01 ` [Bug analyzer/113314] " dmalcolm at gcc dot gnu.org
2024-02-16 13:54 ` [Bug analyzer/113314] [14 Regression] " dmalcolm at gcc dot gnu.org
@ 2024-03-04 13:05 ` rguenth at gcc dot gnu.org
2024-03-07 20:51 ` law at gcc dot gnu.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-03-04 13:05 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |14.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c
2024-01-10 20:42 [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c dmalcolm at gcc dot gnu.org
` (2 preceding siblings ...)
2024-03-04 13:05 ` rguenth at gcc dot gnu.org
@ 2024-03-07 20:51 ` law at gcc dot gnu.org
2024-03-25 16:12 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: law at gcc dot gnu.org @ 2024-03-07 20:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314
Jeffrey A. Law <law at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |law at gcc dot gnu.org
Priority|P3 |P2
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c
2024-01-10 20:42 [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c dmalcolm at gcc dot gnu.org
` (3 preceding siblings ...)
2024-03-07 20:51 ` law at gcc dot gnu.org
@ 2024-03-25 16:12 ` dmalcolm at gcc dot gnu.org
2024-03-25 18:40 ` pinskia at gcc dot gnu.org
2024-05-07 7:43 ` [Bug analyzer/113314] [14/15 " rguenth at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-03-25 16:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to David Malcolm from comment #1)
[...]
> 70 redo_next:
> 71 next = fdtab[fd].update.next;
> 72 if (next > -2)
> 73 goto done;
> 74 if (next == -2)
> 75 goto redo_next;
>
> does look like an infinite loop when next == 2.
Presumably I meant -2 here.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c
2024-01-10 20:42 [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c dmalcolm at gcc dot gnu.org
` (4 preceding siblings ...)
2024-03-25 16:12 ` dmalcolm at gcc dot gnu.org
@ 2024-03-25 18:40 ` pinskia at gcc dot gnu.org
2024-05-07 7:43 ` [Bug analyzer/113314] [14/15 " rguenth at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-03-25 18:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Note a volatile memory location change even without this being multi-threaded;
an async signal (USR1..USR4, or ALRM, etc.) could come in and change the value.
Or the memory could be shared memory between 2 different processes; though I
suspect in that case you want to use atomics.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug analyzer/113314] [14/15 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c
2024-01-10 20:42 [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c dmalcolm at gcc dot gnu.org
` (5 preceding siblings ...)
2024-03-25 18:40 ` pinskia at gcc dot gnu.org
@ 2024-05-07 7:43 ` rguenth at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-05-07 7:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|14.0 |14.2
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 14.1 is being released, retargeting bugs to GCC 14.2.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-05-07 7:43 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-10 20:42 [Bug analyzer/113314] New: -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c dmalcolm at gcc dot gnu.org
2024-01-10 22:01 ` [Bug analyzer/113314] " dmalcolm at gcc dot gnu.org
2024-02-16 13:54 ` [Bug analyzer/113314] [14 Regression] " dmalcolm at gcc dot gnu.org
2024-03-04 13:05 ` rguenth at gcc dot gnu.org
2024-03-07 20:51 ` law at gcc dot gnu.org
2024-03-25 16:12 ` dmalcolm at gcc dot gnu.org
2024-03-25 18:40 ` pinskia at gcc dot gnu.org
2024-05-07 7:43 ` [Bug analyzer/113314] [14/15 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).