public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/96616] New: Many new analyzer failures
@ 2020-08-14 15:59 segher at gcc dot gnu.org
2020-08-14 16:18 ` [Bug analyzer/96616] " dmalcolm at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: segher at gcc dot gnu.org @ 2020-08-14 15:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
Bug ID: 96616
Summary: Many new analyzer failures
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: segher at gcc dot gnu.org
Target Milestone: ---
On powerpc64-linux.
For -m32:
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 100)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 101)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 102)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 124)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 125)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 126)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 127)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 128)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 129)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 30)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 31)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 51)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 52)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 72)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 73)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 74)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 75)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 99)
+FAIL: gcc.dg/analyzer/init.c (test for excess errors)
+FAIL: gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
For -m64:
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 100)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 101)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 102)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 124)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 125)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 126)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 127)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 128)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 129)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 72)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 73)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 74)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 75)
+FAIL: gcc.dg/analyzer/init.c (test for warnings, line 99)
+FAIL: gcc.dg/analyzer/init.c (test for excess errors)
+FAIL: gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
(That latter one is over a screenful of
/home/segher/src/gcc/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11:
war
ning: terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-c
omplex]
and all the rest are variations on
/home/segher/src/gcc/gcc/testsuite/gcc.dg/analyzer/init.c:72:3: warning:
UNKNOWN
).
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/96616] Many new analyzer failures
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
@ 2020-08-14 16:18 ` dmalcolm at gcc dot gnu.org
2020-08-14 22:43 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-08-14 16:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0 |1
Last reconfirmed| |2020-08-14
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks; sorry about this. Seems to be the same set of failures as PR 96609; am
investigating.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/96616] Many new analyzer failures
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
2020-08-14 16:18 ` [Bug analyzer/96616] " dmalcolm at gcc dot gnu.org
@ 2020-08-14 22:43 ` cvs-commit at gcc dot gnu.org
2020-08-14 22:57 ` dmalcolm at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-08-14 22:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:2867118ddda9b56d991c16022f7d3d634ed08313
commit r11-2708-g2867118ddda9b56d991c16022f7d3d634ed08313
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Aug 14 15:49:52 2020 -0400
analyzer: fix initialization from constant pool [PR96609,PR96616]
PR testsuite/96609 and PR analyzer/96616 report various testsuite
failures seen on powerpc64, aarch64, and arm in new tests added by
r11-2694-g808f4dfeb3a95f50f15e71148e5c1067f90a126d.
Some of these failures (in gcc.dg/analyzer/init.c, and on arm
in gcc.dg/analyzer/casts-1.c) relate to initializations from var_decls
in the constant pool. I wrote the tests assuming that the gimplified
stmts would initialize the locals via a gassign of code CONSTRUCTOR,
whereas on these targets some of the initializations are gassign from
a VAR_DECL e.g.:
c = *.LC0;
where "*.LC0" is a var_decl with DECL_IN_CONSTANT_POOL set.
For example, in test_7:
struct coord c[2] = {{3, 4}, {5, 6}};
__analyzer_eval (c[0].x == 3); /* { dg-warning "TRUE" } */
after the initialization, the store was simply recording:
cluster for: c: INIT_VAL(*.LC0)
when I was expecting the cluster for c to have:
cluster for: c
key: {kind: direct, start: 0, size: 32, next: 32}
value: 'int' {(int)3}
key: {kind: direct, start: 32, size: 32, next: 64}
value: 'int' {(int)4}
key: {kind: direct, start: 64, size: 32, next: 96}
value: 'int' {(int)5}
key: {kind: direct, start: 96, size: 32, next: 128}
value: 'int' {(int)6}
The test for c[0].x == 3 would then generate:
cluster for: _2: (SUB(SUB(INIT_VAL(*.LC0), c[(int)0]),
c[(int)0].x)==(int)3)
which is UNKNOWN, leading to the test failing.
This patch fixes the init.c and casts-1.c failures by special-casing
reads from a var_decl with DECL_IN_CONSTANT_POOL set, so that they build
a compound_svalue containing the bindings implied by the CONSTRUCTOR
node for DECL_INITIAL.
gcc/analyzer/ChangeLog:
PR testsuite/96609
PR analyzer/96616
* region-model.cc (region_model::get_store_value): Call
maybe_get_constant_value on decl_regions first.
* region-model.h (decl_region::maybe_get_constant_value): New decl.
* region.cc (decl_region::get_stack_depth): Likewise.
(decl_region::maybe_get_constant_value): New.
* store.cc (get_subregion_within_ctor): New.
(binding_map::apply_ctor_to_region): New.
* store.h (binding_map::apply_ctor_to_region): New decl.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/96616] Many new analyzer failures
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
2020-08-14 16:18 ` [Bug analyzer/96616] " dmalcolm at gcc dot gnu.org
2020-08-14 22:43 ` cvs-commit at gcc dot gnu.org
@ 2020-08-14 22:57 ` dmalcolm at gcc dot gnu.org
2020-08-14 22:59 ` dmalcolm at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-08-14 22:57 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |seurer at gcc dot gnu.org
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
*** Bug 96609 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/96616] Many new analyzer failures
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
` (2 preceding siblings ...)
2020-08-14 22:57 ` dmalcolm at gcc dot gnu.org
@ 2020-08-14 22:59 ` dmalcolm at gcc dot gnu.org
2020-08-17 12:46 ` [Bug analyzer/96616] pr93032-mztools.c -Wanalyzer-too-complex warnings on some targets dmalcolm at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-08-14 22:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
The init.c issue should be fixed by commit
r11-2708-g2867118ddda9b56d991c16022f7d3d634ed08313
I'm still investigating the pr93032-mztools.c -Wanalyzer-too-complex warnings
(affects at least arm and aarch64 also).
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/96616] pr93032-mztools.c -Wanalyzer-too-complex warnings on some targets
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
` (3 preceding siblings ...)
2020-08-14 22:59 ` dmalcolm at gcc dot gnu.org
@ 2020-08-17 12:46 ` dmalcolm at gcc dot gnu.org
2020-08-25 18:19 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-08-17 12:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Many new analyzer failures |pr93032-mztools.c
| |-Wanalyzer-too-complex
| |warnings on some targets
--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Updating title to reflect that the remaining work is fixing the
-Wanalyzer-too-complex warnings that are showing up on some targets (at least
arm, aarch64, and powerpc64, but not x86_64 as far as I can tell).
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/96616] pr93032-mztools.c -Wanalyzer-too-complex warnings on some targets
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
` (4 preceding siblings ...)
2020-08-17 12:46 ` [Bug analyzer/96616] pr93032-mztools.c -Wanalyzer-too-complex warnings on some targets dmalcolm at gcc dot gnu.org
@ 2020-08-25 18:19 ` dmalcolm at gcc dot gnu.org
2020-09-16 23:02 ` cvs-commit at gcc dot gnu.org
2020-09-16 23:21 ` dmalcolm at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-08-25 18:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
--- Comment #6 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
*** Bug 96785 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/96616] pr93032-mztools.c -Wanalyzer-too-complex warnings on some targets
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
` (5 preceding siblings ...)
2020-08-25 18:19 ` dmalcolm at gcc dot gnu.org
@ 2020-09-16 23:02 ` cvs-commit at gcc dot gnu.org
2020-09-16 23:21 ` dmalcolm at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-09-16 23:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:b28491dc2d79763ecbff4f0b9f1f3e48a443be1d
commit r11-3245-gb28491dc2d79763ecbff4f0b9f1f3e48a443be1d
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue Aug 18 18:52:17 2020 -0400
analyzer: bulk merger/processing of runs of nodes at CFG join points
Prior to this patch the analyzer worklist considered only one node or
two nodes at a time, processing and/or merging state individually or
pairwise.
This could lead to explosions of merger nodes at CFG join points,
especially after switch statements, which could have large numbers
of in-edges, and thus large numbers of merger exploded_nodes could
be created, exceeding the per-point limit and thus stopping analysis
with -Wanalyzer-too-complex.
This patch special-cases the handling for runs of consecutive
nodes in the worklist at a CFG join point, processing and merging
them all together.
The patch fixes a state explosion seen in bzip2.c seen when attempting
to reproduce PR analyzer/95188, in a switch statement in a loop for
argument parsing. With this patch, the analyzer successfully
consolidates the state after the argument parsing to a single exploded
node.
In gcc.dg/analyzer/pr96653.c there is a switch statement with over 300
cases which leads to hitting the per-point limit. With this patch
the consolidation code doesn't manage to merge all of them due to other
worklist-ordering bugs, and it still hits the per-point limits, but it
does manage some very long consolidations:
merged 2 in-enodes into 2 out-enode(s) at SN: 403
merged 2 in-enodes into 2 out-enode(s) at SN: 403
merged 2 in-enodes into 1 out-enode(s) at SN: 11
merged 29 in-enodes into 1 out-enode(s) at SN: 35
merged 6 in-enodes into 1 out-enode(s) at SN: 41
merged 31 in-enodes into 1 out-enode(s) at SN: 35
and with a followup patch to fix an SCC issue it manages:
merged 358 in-enodes into 2 out-enode(s) at SN: 402
The patch appears to fix the failure on non-x86_64 of:
gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
which is PR analyzer/96616.
Unfortunately, the patch introduces a memory leak false positive in
gcc.dg/analyzer/pr94851-1.c, but this appears to be a pre-existing bug
that was hidden by state-merging failures.
gcc/analyzer/ChangeLog:
* engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
(exploded_graph::process_worklist): Call
maybe_process_run_of_before_supernode_enodes.
(exploded_graph::maybe_process_run_of_before_supernode_enodes):
New.
(exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
* exploded-graph.h (enum exploded_node::status): Add
STATUS_BULK_MERGED.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/bzip2-arg-parse-1.c: New test.
* gcc.dg/analyzer/loop-n-down-to-1-by-1.c: Remove xfail.
* gcc.dg/analyzer/pr94851-1.c: Add xfail.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/96616] pr93032-mztools.c -Wanalyzer-too-complex warnings on some targets
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
` (6 preceding siblings ...)
2020-09-16 23:02 ` cvs-commit at gcc dot gnu.org
@ 2020-09-16 23:21 ` dmalcolm at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-09-16 23:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96616
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #8 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to David Malcolm from comment #5)
> Updating title to reflect that the remaining work is fixing the
> -Wanalyzer-too-complex warnings that are showing up on some targets (at
> least arm, aarch64, and powerpc64, but not x86_64 as far as I can tell).
I believe that this was fixed by
r11-3245-gb28491dc2d79763ecbff4f0b9f1f3e48a443be1d
(aka "analyzer: bulk merger/processing of runs of nodes at CFG join points").
Marking this one as resolved.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-09-16 23:21 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-14 15:59 [Bug analyzer/96616] New: Many new analyzer failures segher at gcc dot gnu.org
2020-08-14 16:18 ` [Bug analyzer/96616] " dmalcolm at gcc dot gnu.org
2020-08-14 22:43 ` cvs-commit at gcc dot gnu.org
2020-08-14 22:57 ` dmalcolm at gcc dot gnu.org
2020-08-14 22:59 ` dmalcolm at gcc dot gnu.org
2020-08-17 12:46 ` [Bug analyzer/96616] pr93032-mztools.c -Wanalyzer-too-complex warnings on some targets dmalcolm at gcc dot gnu.org
2020-08-25 18:19 ` dmalcolm at gcc dot gnu.org
2020-09-16 23:02 ` cvs-commit at gcc dot gnu.org
2020-09-16 23:21 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).