[Bug tree-optimization/80532] warning on pointer access after free

[Bug tree-optimization/80532] warning on pointer access after free

[egallager at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

Eric Gallager <egallager at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |egallager at gcc dot gnu.org

--- Comment #4 from Eric Gallager <egallager at gcc dot gnu.org> ---
(In reply to David Malcolm from comment #3)
> My analyzer finds these:
> 
> ./xgcc -B. -fanalyzer -c ../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c
> -ftime-report
> ../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c: In function ‘free_list’:
> ../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c:14:28: warning: use after
> ‘free’ of ‘p’ [CWE-416] [-Wanalyzer-use-after-free]
>    14 |   for (p = head; p != 0; p = p->next) /* { dg-warning "use after
> 'free' of 'p'" } */
>       |                          ~~^~~~~~~~~
>   ‘free_list’: events 1-4
>     |
>     |   14 |   for (p = head; p != 0; p = p->next) /* { dg-warning "use
> after 'free' of 'p'" } */
>     |      |   ^~~                    ~~~~~~~~~~~
>     |      |   |                        |
>     |      |   |                        (4) use after ‘free’ of ‘p’; freed
> at (3)
>     |      |   (1) following ‘true’ branch (when ‘p’ is non-NULL)...
>     |   15 |     free (p); /* { dg-message "freed here" } */
>     |      |     ~~~~~~~~
>     |      |     |
>     |      |     (2) ...to here
>     |      |     (3) freed here
>     |
> ../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c:14:28: note: 8 duplicates
>    14 |   for (p = head; p != 0; p = p->next) /* { dg-warning "use after
> 'free' of 'p'" } */
>       |                          ~~^~~~~~~~~
> ../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c: In function ‘foobar’:
> ../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c:24:3: warning:
> double-‘free’ of ‘p’ [CWE-415] [-Wanalyzer-double-free]
>    24 |   free (p); /* { dg-warning "double-'free' of 'p'" } */
>       |   ^~~~~~~~
>   ‘foobar’: events 1-2
>     |
>     |   22 |   memset (p, 0, n);
>     |      |   ^~~~~~~~~~~~~~~~
>     |      |   |
>     |      |   (1) first ‘free’ here
>     |   23 |   free (p); /* { dg-message "first 'free' here" } */
>     |   24 |   free (p); /* { dg-warning "double-'free' of 'p'" } */
>     |      |   ~~~~~~~~
>     |      |   |
>     |      |   (2) second ‘free’ here; first ‘free’ was at (1)
>     |

So... since the analyzer has been merged now... ok to close as FIXED?

[Bug tree-optimization/80532] warning on pointer access after free

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

--- Comment #5 from Martin Sebor <msebor at gcc dot gnu.org> ---
My hope is to implement the warning in the middle end (I actually have a
prototype  but it's not ready for GCC 11).

[Bug tree-optimization/80532] warning on pointer access after free

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

[Bug tree-optimization/80532] warning on pointer access after free

[egallager at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

--- Comment #6 from Eric Gallager <egallager at gcc dot gnu.org> ---
(In reply to Martin Sebor from comment #5)
> My hope is to implement the warning in the middle end (I actually have a
> prototype  but it's not ready for GCC 11).

So... do you want to take over the "assignee" role from David, then?

[Bug tree-optimization/80532] warning on pointer access after free

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|dmalcolm at gcc dot gnu.org        |msebor at gcc dot gnu.org

--- Comment #7 from Martin Sebor <msebor at gcc dot gnu.org> ---
Since David's already implemented this in the analyzer and I have work in
progress to add this to the middle end core let me assign this to myself.

[Bug tree-optimization/80532] warning on pointer access after free

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |patch

--- Comment #8 from Martin Sebor <msebor at gcc dot gnu.org> ---
Patch submitted for GCC 12:
https://gcc.gnu.org/pipermail/gcc-patches/2021-November/583044.html

[Bug tree-optimization/80532] warning on pointer access after free

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:

https://gcc.gnu.org/g:671a283636de75f7ed638ee6b01ed2d44361b8b6

commit r12-6605-g671a283636de75f7ed638ee6b01ed2d44361b8b6
Author: Martin Sebor <msebor@redhat.com>
Date:   Sat Jan 15 16:37:54 2022 -0700

    Add -Wuse-after-free [PR80532].

    gcc/c-family/ChangeLog

            PR tree-optimization/80532
            * c.opt (-Wuse-after-free): New options.

    gcc/ChangeLog:

            PR tree-optimization/80532
            * common.opt (-Wuse-after-free): New options.
            * diagnostic-spec.c (nowarn_spec_t::nowarn_spec_t): Handle
            OPT_Wreturn_local_addr and OPT_Wuse_after_free_.
            * diagnostic-spec.h (NW_DANGLING): New enumerator.
            * doc/invoke.texi (-Wuse-after-free): Document new option.
            * gimple-ssa-warn-access.cc (pass_waccess::check_call): Rename...
            (pass_waccess::check_call_access): ...to this.
            (pass_waccess::check): Rename...
            (pass_waccess::check_block): ...to this.
            (pass_waccess::check_pointer_uses): New function.
            (pass_waccess::gimple_call_return_arg): New function.
            (pass_waccess::warn_invalid_pointer): New function.
            (pass_waccess::check_builtin): Handle free and realloc.
            (gimple_use_after_inval_p): New function.
            (get_realloc_lhs): New function.
            (maybe_warn_mismatched_realloc): New function.
            (pointers_related_p): New function.
            (pass_waccess::check_call): Call check_pointer_uses.
            (pass_waccess::execute): Compute and free dominance info.

    libcpp/ChangeLog:

            * files.c (_cpp_find_file): Substitute a valid pointer for
            an invalid one to avoid -Wuse-after-free.

    libiberty/ChangeLog:

            * regex.c: Suppress -Wuse-after-free.

    gcc/testsuite/ChangeLog:

            PR tree-optimization/80532
            * gcc.dg/Wmismatched-dealloc-2.c: Avoid -Wuse-after-free.
            * gcc.dg/Wmismatched-dealloc-3.c: Same.
            * gcc.dg/analyzer/file-1.c: Prune expected warning.
            * gcc.dg/analyzer/file-2.c: Same.
            * gcc.dg/attr-alloc_size-6.c: Disable -Wuse-after-free.
            * gcc.dg/attr-alloc_size-7.c: Same.
            * c-c++-common/Wuse-after-free-2.c: New test.
            * c-c++-common/Wuse-after-free-3.c: New test.
            * c-c++-common/Wuse-after-free-4.c: New test.
            * c-c++-common/Wuse-after-free-5.c: New test.
            * c-c++-common/Wuse-after-free-6.c: New test.
            * c-c++-common/Wuse-after-free-7.c: New test.
            * c-c++-common/Wuse-after-free.c: New test.
            * g++.dg/warn/Wmismatched-dealloc-3.C: New test.
            * g++.dg/warn/Wuse-after-free.C: New test.

[Bug tree-optimization/80532] warning on pointer access after free

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
   Target Milestone|---                         |12.0
         Resolution|---                         |FIXED

--- Comment #10 from Martin Sebor <msebor at gcc dot gnu.org> ---
Implemented in GCC 12 as -Wuse-after-free.

[Bug tree-optimization/80532] warning on pointer access after free

[egallager at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532

--- Comment #11 from Eric Gallager <egallager at gcc dot gnu.org> ---
(In reply to CVS Commits from comment #9)
> The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:
> 
> https://gcc.gnu.org/g:671a283636de75f7ed638ee6b01ed2d44361b8b6
> 
> commit r12-6605-g671a283636de75f7ed638ee6b01ed2d44361b8b6
> Author: Martin Sebor <msebor@redhat.com>
> Date:   Sat Jan 15 16:37:54 2022 -0700
> 
[...snip...]
>     libiberty/ChangeLog:
>     
>             * regex.c: Suppress -Wuse-after-free.

Was this part necessary? I'm wondering if it might be covering up an actual
error that I'm seeing on CheriBSD on cfarm240...