From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id A85B83857001; Fri, 12 Mar 2021 21:41:52 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A85B83857001
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/95758] Various issues when compiling glibc regex.c
Date: Fri, 12 Mar 2021 21:41:52 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 10.1.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: dmalcolm at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: blocked short_desc
Message-ID: <bug-95758-4-hMk0MUiuV6@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-95758-4@http.gcc.gnu.org/bugzilla/>
References: <bug-95758-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 21:41:52 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D95758

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |99390
            Summary|-Wanalyzer-use-after-free   |Various issues when
                   |false positive when         |compiling glibc regex.c
                   |compiling glibc regex.c     |

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this.

I tried again with GCC 11 HEAD and I don't see the use-after-free.  If there
are use-after-free bugs, the above looks likely to be another dup of bug 93=
695.

Adding -Wanalyzer-too-complex shows that the analyzer is hitting complexity
limits and giving up at numerous places in the code (it takes a *long* time=
 on
the attachment) - which could be masking the use-after-free false positive.=
  It
looks like the call summarization logic is failing, leading to blog-up of t=
he
analysis when all of the various nested function calls are expanded.

I also see many -Wanalyzer-malloc-leak reports, which may or may not be fal=
se
positives; difficult to tell without diving into the code.

Updating "Summary" accordingly, and adding to the call summarization tracke=
r.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99390
[Bug 99390] [meta-bug] tracker bug for call summaries in -fanalyzer=