public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
@ 2020-06-03 11:28 hjl.tools at gmail dot com
2020-06-03 12:39 ` [Bug sanitizer/95496] " hjl.tools at gmail dot com
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: hjl.tools at gmail dot com @ 2020-06-03 11:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Bug ID: 95496
Summary: [10/11 Regression] Bogus -Wformat-overflow= warnings
with -fsanitize=undefined
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: hjl.tools at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
Target Milestone: ---
Created attachment 48666
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48666&action=edit
A testcase
GCC 10.1 gave
[hjl@gnu-cfl-2 tmp]$ gcc -Wall -S -O2 x.i -fsanitize=undefined
In function ‘pe_print_idata’,
inlined from ‘_bfd_pe_print_private_bfd_data_common’ at peXXigen.c:2979:3:
peXXigen.c:1378:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1378:3: warning: null format string [-Wformat-overflow=]
In function ‘pe_print_edata’,
inlined from ‘_bfd_pe_print_private_bfd_data_common’ at peXXigen.c:2980:3:
peXXigen.c:1713:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1719:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1716:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1719:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1719:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1737:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1744:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1740:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1744:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1744:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1747:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1750:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1750:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1755:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1760:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1760:3: warning: null format string [-Wformat-overflow=]
peXXigen.c:1760:3: warning: null format string [-Wformat-overflow=]
[hjl@gnu-cfl-2 tmp]$
GCC 9.3 is OK.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
@ 2020-06-03 12:39 ` hjl.tools at gmail dot com
2020-06-03 12:42 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: hjl.tools at gmail dot com @ 2020-06-03 12:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2020-06-03
CC| |msebor at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
It was caused by
commit 22fca489eaf98f2691772b51773a1e4eb7bb4ef2
Author: Martin Sebor <msebor@redhat.com>
Date: Mon Aug 26 18:29:45 2019 +0000
PR tree-optimization/83431 - -Wformat-truncation may incorrectly report
trun
cation
gcc/ChangeLog:
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
2020-06-03 12:39 ` [Bug sanitizer/95496] " hjl.tools at gmail dot com
@ 2020-06-03 12:42 ` rguenth at gcc dot gnu.org
2020-06-03 15:52 ` msebor at gcc dot gnu.org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2020-06-03 12:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Target Milestone|--- |10.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
2020-06-03 12:39 ` [Bug sanitizer/95496] " hjl.tools at gmail dot com
2020-06-03 12:42 ` rguenth at gcc dot gnu.org
@ 2020-06-03 15:52 ` msebor at gcc dot gnu.org
2020-06-03 16:37 ` msebor at gcc dot gnu.org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-06-03 15:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |85741
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
The instrumentation added by the sanitizers is known to lead to introducing
invalid code (typically by jump threading) that triggers spurious warnings.
The dump for the attached file shows a number of invalid calls to fprintf.
Some of those result in diagnostics (in fact, they all should).
The first one looks like this. Note the tests for null and the subsequent uses
of nulls in the fprintf calls:
_707 = section_618->name;
_708 = dcgettext ("bfd", "\nThe Export Tables (interpreted %s section
contents)\n\n", 5);
if (vfile_98(D) == 0B)
goto <bb 222>; [0.00%]
else
goto <bb 224>; [100.00%]
<bb 222> [count: 0]:
__builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data103);
if (_708 == 0B)
goto <bb 223>; [0.00%]
else
goto <bb 466>; [100.00%]
<bb 223> [count: 0]:
__builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data104);
fprintf (vfile_98(D), _708, _707);
_709 = dcgettext ("bfd", "Export Flags \t\t\t%lx\n", 5);
if (vfile_98(D) == 0B)
goto <bb 225>; [0.00%]
else
goto <bb 226>; [100.00%]
<bb 224> [local count: 7698574]:
if (_708 == 0B)
goto <bb 223>; [0.00%]
else
goto <bb 500>; [100.00%]
<bb 225> [count: 0]:
# _992 = PHI <_1012(466), _709(223)>
__builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data106);
if (_992 == 0B)
goto <bb 227>; [0.00%]
else
goto <bb 465>; [100.00%]
<bb 226> [local count: 7698574]:
# _2952 = PHI <_709(223), _1227(500)>
if (_2952 == 0B)
goto <bb 227>; [0.00%]
else
goto <bb 499>; [100.00%]
<bb 227> [count: 0]:
# _2558 = PHI <0B(225), 0B(226)>
__builtin___ubsan_handle_nonnull_arg (&*.Lubsan_data107);
fprintf (vfile_98(D), 0B, _637); <<< null format: warning
The calls with the null format are first seen in the dom3 dump, just after
thread3. The instrumentation (and jump threading) and the warnings are
inherently incompatible. They need to cooperate to avoid the spurious
warnings. The sanitizers could mark up the code somehow to either keep jump
threading from doing what it does or to let the warnings know the calls were
synthesized. Until something like this is implemented the guidance we have
been giving to users is to expect false positives from the warnings when using
sanitizers (or disable the warnings).
$ gcc -O2 -S -fsanitize=undefined -fdump-tree-strlen=/dev/stdout peXXigen.c |
sed -n "/^_bfd_pe_print_private_bfd_data_commo/,/^}/p" | grep "fprintf (" |
grep 0B
fprintf (0B, "\nTime/Date\t\t%08lx", _26);
fprintf (0B, "\nMajorLinkerVersion\t%d\n", _2667);
fprintf (0B, "MinorLinkerVersion\t%d\n", _2958);
fprintf (0B, "\nSectionAlignment\t%08x\n", _2856);
fprintf (0B, "FileAlignment\t\t%08x\n", _2834);
fprintf (0B, "MajorOSystemVersion\t%d\n", _2815);
fprintf (0B, "MinorOSystemVersion\t%d\n", _2801);
fprintf (0B, "MajorImageVersion\t%d\n", _2787);
fprintf (0B, "MinorImageVersion\t%d\n", _2773);
fprintf (0B, "MajorSubsystemVersion\t%d\n", _2766);
fprintf (0B, "MinorSubsystemVersion\t%d\n", _2752);
fprintf (0B, "Win32Version\t\t%08x\n", _2738);
fprintf (0B, "SizeOfImage\t\t%08x\n", _2720);
fprintf (0B, "SizeOfHeaders\t\t%08x\n", _2708);
fprintf (0B, "CheckSum\t\t%08x\n", _2696);
fprintf (0B, "\nDllCharacteristics\t%08x\n", _946);
fprintf (0B, "\nLoaderFlags\t\t%08lx\n", _2618);
fprintf (0B, "NumberOfRvaAndSizes\t%08lx\n", _2594);
fprintf (0B, "Entry %1x ", j_2977);
fprintf (0B, " %08lx ", _696);
fprintf (vfile_98(D), 0B, _637);
fprintf (vfile_98(D), 0B, _643);
fprintf (vfile_98(D), 0B, _790, _780);
fprintf (vfile_98(D), 0B);
fprintf (vfile_98(D), 0B, _676);
fprintf (vfile_98(D), 0B, _682);
fprintf (vfile_98(D), 0B);
fprintf (vfile_98(D), 0B);
fprintf (vfile_98(D), 0B);
fprintf (vfile_98(D), 0B);
fprintf (0B, " %x", em_data_1082);
fprintf (0B, "Subsystem\t\t%08x", _2689);
fprintf (0B, _1020);
fprintf (0B, _721, _670);
fprintf (0B, _708, _707);
fprintf (0B, _851, _850, addr_852);
fprintf (0B, "Subsystem\t\t%08x", _2689);
fprintf (0B, "Magic\t\t\t%04x", _30);
fprintf (0B, "Magic\t\t\t%04x", _30);
fprintf (vfile_98(D), 0B);
fprintf (vfile_98(D), 0B);
fprintf (vfile_98(D), 0B);
fprintf (vfile_98(D), 0B, _682);
fprintf (vfile_98(D), 0B, _682);
fprintf (vfile_98(D), 0B, _613, _606);
fprintf (vfile_98(D), 0B, _2485, _2483);
fprintf (vfile_98(D), 0B, _1136);
fprintf (vfile_98(D), 0B, _232);
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85741
[Bug 85741] [meta-bug] bogus/missing -Wformat-overflow
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
` (2 preceding siblings ...)
2020-06-03 15:52 ` msebor at gcc dot gnu.org
@ 2020-06-03 16:37 ` msebor at gcc dot gnu.org
2020-06-03 17:22 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: msebor at gcc dot gnu.org @ 2020-06-03 16:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://gcc.gnu.org/bugzill
| |a/show_bug.cgi?id=87884
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
See also pr87884.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
` (3 preceding siblings ...)
2020-06-03 16:37 ` msebor at gcc dot gnu.org
@ 2020-06-03 17:22 ` jakub at gcc dot gnu.org
2020-07-23 6:51 ` rguenth at gcc dot gnu.org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-06-03 17:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to Martin Sebor from comment #2)
> The instrumentation added by the sanitizers is known to lead to introducing
> invalid code (typically by jump threading) that triggers spurious warnings.
I don't think this is accurate description, the instrumentation doesn't lead to
introduction of any invalid code, all it leads to is due to the instrumentation
some code is less optimized. It is the property of jump threading that it
often can result in code that will actually never be executed (i.e. dead code),
that can happen easily both with sanitization or if one adds whatever the
sanitizer adds by hand. And then the question is if the compiler is able to
find out the code is dead and optimize it away before these warnings warn about
it.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
` (4 preceding siblings ...)
2020-06-03 17:22 ` jakub at gcc dot gnu.org
@ 2020-07-23 6:51 ` rguenth at gcc dot gnu.org
2021-01-14 8:58 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2020-07-23 6:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.2 |10.3
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 10.2 is released, adjusting target milestone.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
` (5 preceding siblings ...)
2020-07-23 6:51 ` rguenth at gcc dot gnu.org
@ 2021-01-14 8:58 ` rguenth at gcc dot gnu.org
2021-04-08 12:02 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-01-14 8:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
` (6 preceding siblings ...)
2021-01-14 8:58 ` rguenth at gcc dot gnu.org
@ 2021-04-08 12:02 ` rguenth at gcc dot gnu.org
2022-06-28 10:40 ` [Bug sanitizer/95496] [10/11/12/13 " jakub at gcc dot gnu.org
2023-07-07 10:37 ` [Bug sanitizer/95496] [11/12/13/14 " rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-04-08 12:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.3 |10.4
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 10.3 is being released, retargeting bugs to GCC 10.4.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [10/11/12/13 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
` (7 preceding siblings ...)
2021-04-08 12:02 ` rguenth at gcc dot gnu.org
@ 2022-06-28 10:40 ` jakub at gcc dot gnu.org
2023-07-07 10:37 ` [Bug sanitizer/95496] [11/12/13/14 " rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-06-28 10:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.4 |10.5
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 10.4 is being released, retargeting bugs to GCC 10.5.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug sanitizer/95496] [11/12/13/14 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
` (8 preceding siblings ...)
2022-06-28 10:40 ` [Bug sanitizer/95496] [10/11/12/13 " jakub at gcc dot gnu.org
@ 2023-07-07 10:37 ` rguenth at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-07-07 10:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95496
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.5 |11.5
--- Comment #8 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 10 branch is being closed.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-07-07 10:37 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-03 11:28 [Bug sanitizer/95496] New: [10/11 Regression] Bogus -Wformat-overflow= warnings with -fsanitize=undefined hjl.tools at gmail dot com
2020-06-03 12:39 ` [Bug sanitizer/95496] " hjl.tools at gmail dot com
2020-06-03 12:42 ` rguenth at gcc dot gnu.org
2020-06-03 15:52 ` msebor at gcc dot gnu.org
2020-06-03 16:37 ` msebor at gcc dot gnu.org
2020-06-03 17:22 ` jakub at gcc dot gnu.org
2020-07-23 6:51 ` rguenth at gcc dot gnu.org
2021-01-14 8:58 ` rguenth at gcc dot gnu.org
2021-04-08 12:02 ` rguenth at gcc dot gnu.org
2022-06-28 10:40 ` [Bug sanitizer/95496] [10/11/12/13 " jakub at gcc dot gnu.org
2023-07-07 10:37 ` [Bug sanitizer/95496] [11/12/13/14 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).