* [Bug analyzer/94378] -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer
2020-03-28 3:08 [Bug analyzer/94378] New: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer simon.marchi at polymtl dot ca
@ 2020-03-29 15:02 ` marxin at gcc dot gnu.org
2020-04-01 19:37 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-03-29 15:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2020-03-29
Ever confirmed|0 |1
CC| |marxin at gcc dot gnu.org
Status|UNCONFIRMED |ASSIGNED
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/94378] -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer
2020-03-28 3:08 [Bug analyzer/94378] New: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer simon.marchi at polymtl dot ca
2020-03-29 15:02 ` [Bug analyzer/94378] " marxin at gcc dot gnu.org
@ 2020-04-01 19:37 ` cvs-commit at gcc dot gnu.org
2020-04-01 19:45 ` dmalcolm at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-04-01 19:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:a96f1c38a787fbc847cb014d4b094e2787d539a7
commit r10-7502-ga96f1c38a787fbc847cb014d4b094e2787d539a7
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Mar 30 17:02:59 2020 -0400
analyzer: handle compound assignments [PR94378]
PR analyzer/94378 reports a false -Wanalyzer-malloc-leak
when returning a struct containing a malloc-ed pointer.
The issue is that the assignment code was not handling
compound copies, only copying top-level values from region to region,
and not copying child values.
This patch introduces a region_model::copy_region function, using
it for assignments and when analyzing function return values.
It recursively copies nested values within structs, unions, and
arrays, fixing the bug.
gcc/analyzer/ChangeLog:
PR analyzer/94378
* checker-path.cc: Include "bitmap.h".
* constraint-manager.cc: Likewise.
* diagnostic-manager.cc: Likewise.
* engine.cc: Likewise.
(exploded_node::detect_leaks): Pass null region_id to pop_frame.
* program-point.cc: Include "bitmap.h".
* program-state.cc: Likewise.
* region-model.cc (id_set<region_id>::id_set): Convert to...
(region_id_set::region_id_set): ...this.
(svalue_id_set::svalue_id_set): New ctor.
(region_model::copy_region): New function.
(region_model::copy_struct_region): New function.
(region_model::copy_union_region): New function.
(region_model::copy_array_region): New function.
(stack_region::pop_frame): Drop return value. Add
"result_dst_rid" param; if it is non-null, use copy_region to copy
the result to it. Rather than capture and pass a single "known
used" return value to be used by purge_unused_values, instead
gather and pass a set of known used return values.
(root_region::pop_frame): Drop return value. Add "result_dst_rid"
param.
(region_model::on_assignment): Use copy_region.
(region_model::on_return): Likewise for the result.
(region_model::on_longjmp): Pass null for pop_frame's
result_dst_rid.
(region_model::update_for_return_superedge): Pass the region for
the
return value of the call, if any, to pop_frame, rather than setting
the lvalue for the lhs of the result.
(region_model::pop_frame): Drop return value. Add
"result_dst_rid" param.
(region_model::purge_unused_svalues): Convert third param from an
svalue_id * to an svalue_id_set *, updating the initial populating
of the "used" bitmap accordingly. Don't remap it when done.
(struct selftest::coord_test): New selftest fixture, extracted
from...
(selftest::test_dump_2): ...here.
(selftest::test_compound_assignment): New selftest.
(selftest::test_stack_frames): Pass null to new param of pop_frame.
(selftest::analyzer_region_model_cc_tests): Call the new selftest.
* region-model.h (class id_set): Delete template.
(class region_id_set): Reimplement, using old id_set
implementation.
(class svalue_id_set): Likewise. Convert from auto_sbitmap to
auto_bitmap.
(region::get_active_view): New accessor.
(stack_region::pop_frame): Drop return value. Add
"result_dst_rid" param.
(root_region::pop_frame): Likewise.
(region_model::pop_frame): Likewise.
(region_model::copy_region): New decl.
(region_model::purge_unused_svalues): Convert third param from an
svalue_id * to an svalue_id_set *.
(region_model::copy_struct_region): New decl.
(region_model::copy_union_region): New decl.
(region_model::copy_array_region): New decl.
gcc/testsuite/ChangeLog:
PR analyzer/94378
* gcc.dg/analyzer/compound-assignment-1.c: New test.
* gcc.dg/analyzer/compound-assignment-2.c: New test.
* gcc.dg/analyzer/compound-assignment-3.c: New test.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/94378] -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer
2020-03-28 3:08 [Bug analyzer/94378] New: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer simon.marchi at polymtl dot ca
2020-03-29 15:02 ` [Bug analyzer/94378] " marxin at gcc dot gnu.org
2020-04-01 19:37 ` cvs-commit at gcc dot gnu.org
@ 2020-04-01 19:45 ` dmalcolm at gcc dot gnu.org
2020-04-01 22:21 ` simon.marchi at polymtl dot ca
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-04-01 19:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for reporting this. Should be fixed by above commit.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/94378] -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer
2020-03-28 3:08 [Bug analyzer/94378] New: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer simon.marchi at polymtl dot ca
` (2 preceding siblings ...)
2020-04-01 19:45 ` dmalcolm at gcc dot gnu.org
@ 2020-04-01 22:21 ` simon.marchi at polymtl dot ca
2020-04-01 22:33 ` dmalcolm at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: simon.marchi at polymtl dot ca @ 2020-04-01 22:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
--- Comment #3 from Simon Marchi <simon.marchi at polymtl dot ca> ---
Thanks, I confirm that issue with the snippet I posted is fixed.
It didn't fix the original issue that lead be to making this minimal
reproducer, so I guess I'll have to go back and make another reproducer. In
the mean time, in case you want to take a look, what I believe to be a false
positive is triggered when building this project:
https://github.com/efficios/argpar
It's not a minimal reproducer, but it's not big either and it's easy to build /
has no external dependency. There's the chance that there is actually a leak,
but I've looked at the analyzer report over and over and I don't see anything
wrong.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/94378] -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer
2020-03-28 3:08 [Bug analyzer/94378] New: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer simon.marchi at polymtl dot ca
` (3 preceding siblings ...)
2020-04-01 22:21 ` simon.marchi at polymtl dot ca
@ 2020-04-01 22:33 ` dmalcolm at gcc dot gnu.org
2020-04-01 22:38 ` simon.marchi at polymtl dot ca
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-04-01 22:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Can you attach the analyzer report please?
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/94378] -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer
2020-03-28 3:08 [Bug analyzer/94378] New: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer simon.marchi at polymtl dot ca
` (4 preceding siblings ...)
2020-04-01 22:33 ` dmalcolm at gcc dot gnu.org
@ 2020-04-01 22:38 ` simon.marchi at polymtl dot ca
2020-04-01 23:03 ` dmalcolm at gcc dot gnu.org
2020-04-02 15:46 ` simon.marchi at polymtl dot ca
7 siblings, 0 replies; 9+ messages in thread
From: simon.marchi at polymtl dot ca @ 2020-04-01 22:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
--- Comment #5 from Simon Marchi <simon.marchi at polymtl dot ca> ---
Created attachment 48165
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48165&action=edit
Analyzer report for argpar
Here it is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/94378] -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer
2020-03-28 3:08 [Bug analyzer/94378] New: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer simon.marchi at polymtl dot ca
` (5 preceding siblings ...)
2020-04-01 22:38 ` simon.marchi at polymtl dot ca
@ 2020-04-01 23:03 ` dmalcolm at gcc dot gnu.org
2020-04-02 15:46 ` simon.marchi at polymtl dot ca
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-04-01 23:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
--- Comment #6 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks Simon. The second diagnostic definitely looks like a false positive; am
not sure about the first. Please can you file a separate bug about this.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/94378] -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer
2020-03-28 3:08 [Bug analyzer/94378] New: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer simon.marchi at polymtl dot ca
` (6 preceding siblings ...)
2020-04-01 23:03 ` dmalcolm at gcc dot gnu.org
@ 2020-04-02 15:46 ` simon.marchi at polymtl dot ca
7 siblings, 0 replies; 9+ messages in thread
From: simon.marchi at polymtl dot ca @ 2020-04-02 15:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
--- Comment #7 from Simon Marchi <simon.marchi at polymtl dot ca> ---
(In reply to David Malcolm from comment #6)
> Thanks Simon. The second diagnostic definitely looks like a false positive;
> am not sure about the first. Please can you file a separate bug about this.
I filed a bug with a minimal reproducer for the second report:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94458
^ permalink raw reply [flat|nested] 9+ messages in thread