[Bug analyzer/95758] Various issues when compiling glibc regex.c

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/95758] Various issues when compiling glibc regex.c
Date: Fri, 12 Mar 2021 21:41:52 +0000	[thread overview]
Message-ID: <bug-95758-4-hMk0MUiuV6@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-95758-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95758

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |99390
            Summary|-Wanalyzer-use-after-free   |Various issues when
                   |false positive when         |compiling glibc regex.c
                   |compiling glibc regex.c     |

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this.

I tried again with GCC 11 HEAD and I don't see the use-after-free.  If there
are use-after-free bugs, the above looks likely to be another dup of bug 93695.

Adding -Wanalyzer-too-complex shows that the analyzer is hitting complexity
limits and giving up at numerous places in the code (it takes a *long* time on
the attachment) - which could be masking the use-after-free false positive.  It
looks like the call summarization logic is failing, leading to blog-up of the
analysis when all of the various nested function calls are expanded.

I also see many -Wanalyzer-malloc-leak reports, which may or may not be false
positives; difficult to tell without diving into the code.

Updating "Summary" accordingly, and adding to the call summarization tracker.

Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99390
[Bug 99390] [meta-bug] tracker bug for call summaries in -fanalyzer

     prev parent reply	other threads:[~2021-03-12 21:41 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-19  5:56 [Bug analyzer/95758] New: -Wanalyzer-use-after-free false positive " eggert at cs dot ucla.edu
2021-03-12 21:41 ` dmalcolm at gcc dot gnu.org [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-95758-4-hMk0MUiuV6@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).