public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
@ 2020-06-03 11:28 hjl.tools at gmail dot com
2020-06-03 12:39 ` [Bug sanitizer/95496] " hjl.tools at gmail dot com
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: hjl.tools at gmail dot com @ 2020-06-03 11:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Bug ID: 95496
Summary: [10/11 Regression] Bogus -Wformat-overflow= warnings
with -fsanitize=undefined
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: hjl.tools at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
Created attachment 48666
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48666&action=edit
A testcase
GCC 10.1 gave
[hjl@gnu-cfl-2 tmp]$ gcc -Wall -S -O2 x.i -fsanitize=undefined
In function ‘pe_print_idata’,
inlined from ‘_bfd_pe_print_private_bfd_data_common’ at peXXigen.c:2979:3:
peXXigen.c:1378:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1378:3: warning: null format string [-Wformat-overflow=]
In function ‘pe_print_edata’,
inlined from ‘_bfd_pe_print_private_bfd_data_common’ at peXXigen.c:2980:3:
peXXigen.c:1713:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1719:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1716:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1719:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1719:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1737:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1744:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1740:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1744:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1744:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1747:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1750:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1750:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1755:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1760:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1760:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1760:3: warning: null format string [-Wformat-overflow=]
[hjl@gnu-cfl-2 tmp]$
GCC 9.3 is OK.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com @ 2020-06-03 12:39 ` hjl.tools at gmail dot com 2020-06-03 12:42 ` rguenth at gcc dot gnu.org ` (8 subsequent siblings) 9 siblings, 0 replies; 11+ messages in thread From: hjl.tools at gmail dot com @ 2020-06-03 12:39 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 H.J. Lu <hjl.tools at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2020-06-03 CC| |msebor at gcc dot gnu.org Status|UNCONFIRMED |NEW Ever confirmed|0 |1 --- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> --- It was caused by commit 22fca489eaf98f2691772b51773a1e4eb7bb4ef2 Author: Martin Sebor <msebor@redhat.com> Date: Mon Aug 26 18:29:45 2019 +0000 PR tree-optimization/83431 - -Wformat-truncation may incorrectly report trun cation gcc/ChangeLog: ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com 2020-06-03 12:39 ` [Bug sanitizer/95496] " hjl.tools at gmail dot com @ 2020-06-03 12:42 ` rguenth at gcc dot gnu.org 2020-06-03 15:52 ` msebor at gcc dot gnu.org ` (7 subsequent siblings) 9 siblings, 0 replies; 11+ messages in thread From: rguenth at gcc dot gnu.org @ 2020-06-03 12:42 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |diagnostic Target Milestone|--- |10.2 ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com 2020-06-03 12:39 ` [Bug sanitizer/95496] " hjl.tools at gmail dot com 2020-06-03 12:42 ` rguenth at gcc dot gnu.org @ 2020-06-03 15:52 ` msebor at gcc dot gnu.org 2020-06-03 16:37 ` msebor at gcc dot gnu.org ` (6 subsequent siblings) 9 siblings, 0 replies; 11+ messages in thread From: msebor at gcc dot gnu.org @ 2020-06-03 15:52 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |85741 --- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> --- The instrumentation added by the sanitizers is known to lead to introducing invalid code (typically by jump threading) that triggers spurious warnings. The dump for the attached file shows a number of invalid calls to fprintf. Some of those result in diagnostics (in fact, they all should). The first one looks like this. Note the tests for null and the subsequent uses of nulls in the fprintf calls: _707 = section_618->name; _708 = dcgettext ("bfd", "\nThe Export Tables (interpreted %s section contents)\n\n", 5); if (vfile_98(D) == 0B) goto <bb 222>; [0.00%] else goto <bb 224>; [100.00%] <bb 222> [count: 0]: __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data103); if (_708 == 0B) goto <bb 223>; [0.00%] else goto <bb 466>; [100.00%] <bb 223> [count: 0]: __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data104); fprintf (vfile_98(D), _708, _707); _709 = dcgettext ("bfd", "Export Flags \t\t\t%lx\n", 5); if (vfile_98(D) == 0B) goto <bb 225>; [0.00%] else goto <bb 226>; [100.00%] <bb 224> [local count: 7698574]: if (_708 == 0B) goto <bb 223>; [0.00%] else goto <bb 500>; [100.00%] <bb 225> [count: 0]: # _992 = PHI <_1012(466), _709(223)> __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data106); if (_992 == 0B) goto <bb 227>; [0.00%] else goto <bb 465>; [100.00%] <bb 226> [local count: 7698574]: # _2952 = PHI <_709(223), _1227(500)> if (_2952 == 0B) goto <bb 227>; [0.00%] else goto <bb 499>; [100.00%] <bb 227> [count: 0]: # _2558 = PHI <0B(225), 0B(226)> __builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data107); fprintf (vfile_98(D), 0B, _637); <<< null format: warning The calls with the null format are first seen in the dom3 dump, just after thread3. The instrumentation (and jump threading) and the warnings are inherently incompatible. They need to cooperate to avoid the spurious warnings. The sanitizers could mark up the code somehow to either keep jump threading from doing what it does or to let the warnings know the calls were synthesized. Until something like this is implemented the guidance we have been giving to users is to expect false positives from the warnings when using sanitizers (or disable the warnings). $ gcc -O2 -S -fsanitize=undefined -fdump-tree-strlen=/dev/stdout peXXigen.c | sed -n "/^_bfd_pe_print_private_bfd_data_commo/,/^}/p" | grep "fprintf (" | grep 0B fprintf (0B, "\nTime/Date\t\t%08lx", _26); fprintf (0B, "\nMajorLinkerVersion\t%d\n", _2667); fprintf (0B, "MinorLinkerVersion\t%d\n", _2958); fprintf (0B, "\nSectionAlignment\t%08x\n", _2856); fprintf (0B, "FileAlignment\t\t%08x\n", _2834); fprintf (0B, "MajorOSystemVersion\t%d\n", _2815); fprintf (0B, "MinorOSystemVersion\t%d\n", _2801); fprintf (0B, "MajorImageVersion\t%d\n", _2787); fprintf (0B, "MinorImageVersion\t%d\n", _2773); fprintf (0B, "MajorSubsystemVersion\t%d\n", _2766); fprintf (0B, "MinorSubsystemVersion\t%d\n", _2752); fprintf (0B, "Win32Version\t\t%08x\n", _2738); fprintf (0B, "SizeOfImage\t\t%08x\n", _2720); fprintf (0B, "SizeOfHeaders\t\t%08x\n", _2708); fprintf (0B, "CheckSum\t\t%08x\n", _2696); fprintf (0B, "\nDllCharacteristics\t%08x\n", _946); fprintf (0B, "\nLoaderFlags\t\t%08lx\n", _2618); fprintf (0B, "NumberOfRvaAndSizes\t%08lx\n", _2594); fprintf (0B, "Entry %1x ", j_2977); fprintf (0B, " %08lx ", _696); fprintf (vfile_98(D), 0B, _637); fprintf (vfile_98(D), 0B, _643); fprintf (vfile_98(D), 0B, _790, _780); fprintf (vfile_98(D), 0B); fprintf (vfile_98(D), 0B, _676); fprintf (vfile_98(D), 0B, _682); fprintf (vfile_98(D), 0B); fprintf (vfile_98(D), 0B); fprintf (vfile_98(D), 0B); fprintf (vfile_98(D), 0B); fprintf (0B, " %x", em_data_1082); fprintf (0B, "Subsystem\t\t%08x", _2689); fprintf (0B, _1020); fprintf (0B, _721, _670); fprintf (0B, _708, _707); fprintf (0B, _851, _850, addr_852); fprintf (0B, "Subsystem\t\t%08x", _2689); fprintf (0B, "Magic\t\t\t%04x", _30); fprintf (0B, "Magic\t\t\t%04x", _30); fprintf (vfile_98(D), 0B); fprintf (vfile_98(D), 0B); fprintf (vfile_98(D), 0B); fprintf (vfile_98(D), 0B, _682); fprintf (vfile_98(D), 0B, _682); fprintf (vfile_98(D), 0B, _613, _606); fprintf (vfile_98(D), 0B, _2485, _2483); fprintf (vfile_98(D), 0B, _1136); fprintf (vfile_98(D), 0B, _232); Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85741 [Bug 85741] [meta-bug] bogus/missing -Wformat-overflow ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com ` (2 preceding siblings ...) 2020-06-03 15:52 ` msebor at gcc dot gnu.org @ 2020-06-03 16:37 ` msebor at gcc dot gnu.org 2020-06-03 17:22 ` jakub at gcc dot gnu.org ` (5 subsequent siblings) 9 siblings, 0 replies; 11+ messages in thread From: msebor at gcc dot gnu.org @ 2020-06-03 16:37 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://gcc.gnu.org/bugzill | |a/show_bug.cgi?id=87884 --- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> --- See also pr87884. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com ` (3 preceding siblings ...) 2020-06-03 16:37 ` msebor at gcc dot gnu.org @ 2020-06-03 17:22 ` jakub at gcc dot gnu.org 2020-07-23 6:51 ` rguenth at gcc dot gnu.org ` (4 subsequent siblings) 9 siblings, 0 replies; 11+ messages in thread From: jakub at gcc dot gnu.org @ 2020-06-03 17:22 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 --- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> --- (In reply to Martin Sebor from comment #2) > The instrumentation added by the sanitizers is known to lead to introducing > invalid code (typically by jump threading) that triggers spurious warnings. I don't think this is accurate description, the instrumentation doesn't lead to introduction of any invalid code, all it leads to is due to the instrumentation some code is less optimized. It is the property of jump threading that it often can result in code that will actually never be executed (i.e. dead code), that can happen easily both with sanitization or if one adds whatever the sanitizer adds by hand. And then the question is if the compiler is able to find out the code is dead and optimize it away before these warnings warn about it. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com ` (4 preceding siblings ...) 2020-06-03 17:22 ` jakub at gcc dot gnu.org @ 2020-07-23 6:51 ` rguenth at gcc dot gnu.org 2021-01-14 8:58 ` rguenth at gcc dot gnu.org ` (3 subsequent siblings) 9 siblings, 0 replies; 11+ messages in thread From: rguenth at gcc dot gnu.org @ 2020-07-23 6:51 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|10.2 |10.3 --- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> --- GCC 10.2 is released, adjusting target milestone. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com ` (5 preceding siblings ...) 2020-07-23 6:51 ` rguenth at gcc dot gnu.org @ 2021-01-14 8:58 ` rguenth at gcc dot gnu.org 2021-04-08 12:02 ` rguenth at gcc dot gnu.org ` (2 subsequent siblings) 9 siblings, 0 replies; 11+ messages in thread From: rguenth at gcc dot gnu.org @ 2021-01-14 8:58 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P3 |P2 ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com ` (6 preceding siblings ...) 2021-01-14 8:58 ` rguenth at gcc dot gnu.org @ 2021-04-08 12:02 ` rguenth at gcc dot gnu.org 2022-06-28 10:40 ` [Bug sanitizer/95496] [10/11/12/13 " jakub at gcc dot gnu.org 2023-07-07 10:37 ` [Bug sanitizer/95496] [11/12/13/14 " rguenth at gcc dot gnu.org 9 siblings, 0 replies; 11+ messages in thread From: rguenth at gcc dot gnu.org @ 2021-04-08 12:02 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|10.3 |10.4 --- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> --- GCC 10.3 is being released, retargeting bugs to GCC 10.4. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11/12/13 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com ` (7 preceding siblings ...) 2021-04-08 12:02 ` rguenth at gcc dot gnu.org @ 2022-06-28 10:40 ` jakub at gcc dot gnu.org 2023-07-07 10:37 ` [Bug sanitizer/95496] [11/12/13/14 " rguenth at gcc dot gnu.org 9 siblings, 0 replies; 11+ messages in thread From: jakub at gcc dot gnu.org @ 2022-06-28 10:40 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 Jakub Jelinek <jakub at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|10.4 |10.5 --- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> --- GCC 10.4 is being released, retargeting bugs to GCC 10.5. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [11/12/13/14 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com ` (8 preceding siblings ...) 2022-06-28 10:40 ` [Bug sanitizer/95496] [10/11/12/13 " jakub at gcc dot gnu.org @ 2023-07-07 10:37 ` rguenth at gcc dot gnu.org 9 siblings, 0 replies; 11+ messages in thread From: rguenth at gcc dot gnu.org @ 2023-07-07 10:37 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496 Richard Biener <rguenth at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|10.5 |11.5 --- Comment #8 from Richard Biener <rguenth at gcc dot gnu.org> --- GCC 10 branch is being closed. ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-07-07 10:37 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com 2020-06-03 12:39 ` [Bug sanitizer/95496] " hjl.tools at gmail dot com 2020-06-03 12:42 ` rguenth at gcc dot gnu.org 2020-06-03 15:52 ` msebor at gcc dot gnu.org 2020-06-03 16:37 ` msebor at gcc dot gnu.org 2020-06-03 17:22 ` jakub at gcc dot gnu.org 2020-07-23 6:51 ` rguenth at gcc dot gnu.org 2021-01-14 8:58 ` rguenth at gcc dot gnu.org 2021-04-08 12:02 ` rguenth at gcc dot gnu.org 2022-06-28 10:40 ` [Bug sanitizer/95496] [10/11/12/13 " jakub at gcc dot gnu.org 2023-07-07 10:37 ` [Bug sanitizer/95496] [11/12/13/14 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).