[Bug c/114776] New: -Wuse-after-free analysis believes assert() but not g_assert_null()

[Bug c/114776] New: -Wuse-after-free analysis believes assert() but not g_assert_null()

[alan.coopersmith at oracle dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114776

            Bug ID: 114776
           Summary: -Wuse-after-free analysis believes assert() but not
                    g_assert_null()
           Product: gcc
           Version: 13.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: alan.coopersmith at oracle dot com
  Target Milestone: ---

Created attachment 57985
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57985&action=edit
Test case

When reviewing the -Wuse-after-free error reported in:
 https://gitlab.freedesktop.org/xorg/lib/libxmu/-/merge_requests/13

in which gcc gives a use-after-free warning for p in:
    p2 = Xmureallocarray(p, 2, ALLOC_LIMIT);
    g_assert_null(p2);
    [...]
    free(p);
even though the realloc failed and returned NULL and did not free p.

I found that the -Wuse-after-free warning went away if I changed
    g_assert_null(p2);
to
    assert(p2 == NULL);

so it appears something in the way g_assert_null from glib is defined
does not convince gcc that p2 must be NULL the way the simple system
assert does.

I've made a cut down test case, and can reproduce the false alarm with

gcc `pkg-config --cflags glib-2.0` -Wall -O2 -c realloc.c

using gcc 13.2.0 on Solaris 11.4.66 on x86-64.  (The original report came
from a gentoo Linux user, and I reproduced on Debian Linux, so this isn't
OS-specific.)

Adding -DUSE_SYSTEM_ASSERT to the compiler command line makes the warning
go away.

[Bug tree-optimization/114776] -Wuse-after-free analysis believes assert() but not g_assert_null()

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114776

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2024-04-18
     Ever confirmed|0                           |1

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Can you attach the preprocessed source?

It is almost definitely the way g_assert_null is defined.

[Bug tree-optimization/114776] -Wuse-after-free analysis believes assert() but not g_assert_null()

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114776

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
As far as I can tell g_assertion_message does not have noreturn on it which
means this invalid.

It only has G_ANALYZER_NORETURN on it.
which is only defined to analyzer_noreturn if running under clang's analyzer.

[Bug tree-optimization/114776] -Wuse-after-free analysis believes assert() but not g_assert_null()

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114776

--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Seems like g_assertion_message should have _Noreturn on it if you are compiling
for C11-C17 and [[noreturn]] for C++11+ (and C23+).

[Bug tree-optimization/114776] -Wuse-after-free analysis believes assert() but not g_assert_null()

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114776

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |RESOLVED
         Resolution|---                         |INVALID

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---


So g_assertion_message can actually return in one case.
https://github.com/GNOME/glib/blob/81eaabb30803b0e30edca888772f7459fa389650/glib/gtestutils.c#L3305

So yes this is a valid warning.

[Bug tree-optimization/114776] -Wuse-after-free analysis believes assert() but not g_assert_null()

[alan.coopersmith at oracle dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114776

--- Comment #5 from Alan Coopersmith <alan.coopersmith at oracle dot com> ---
Created attachment 57986
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57986&action=edit
Preproccessed test case

[Bug tree-optimization/114776] -Wuse-after-free analysis believes assert() but not g_assert_null()

[alan.coopersmith at oracle dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114776

--- Comment #6 from Alan Coopersmith <alan.coopersmith at oracle dot com> ---
Thanks, I didn't realize there was a test_nonfatal_assertions path through
the g_assert that could return here.

I'll update the wording on my proposed workaround to reflect that:
https://gitlab.freedesktop.org/xorg/lib/libxmu/-/merge_requests/16