From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 1D285396EC82; Wed, 20 Jan 2021 16:48:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1D285396EC82 From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/98753] -Wfree-nonheap-object on Bison generated code Date: Wed, 20 Jan 2021 16:48:41 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: WAITING X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2021 16:48:42 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D98753 --- Comment #5 from Martin Sebor --- I can't reproduce the warning with the default options. There are just two calls to free() in the dump. In each instance its argument resolves to the yymsg pointer and not to the yyssa array as in the warning message in comme= nt #0. We would also need to see the command line options you use to compile = the file (please review https://gcc.gnu.org/bugs/#need for the full details we = ask for). In GCC 11, -Wfree-nonheap-object was enhanced to validate every argument to every deallocation function. Prior to GCC 11 it only considered a negligib= le subset of arguments (basically just straight addresses of variables). The warning was prone to false positives then (as is evident from pr54202), and= the enhancement hasn't changed that. Different optimization options produce different intermediate representatio= n.=20 Some result in constants substituted for what would otherwise be variables.= =20 When a constant is substituted into an expression that it's not valid for it might trigger a warning because in the IL it's indistinguishable from a bug= in the original source code. There's nothing a warning designed to detect such invalid expressions can do about it. Changing this message alone to say "free() may be called with non-heap object" wouldn't be appropriate without also changing all the other messages that are subject to the same problem (= all flow-sensitive warnings are). At least two solutions are theoretically possible: a) make the warning "smarter" than the optimization it depends on that does the substitution, a= nd have it figure out that the invalid code was synthesized by it, doesn't occ= ur in the source code, and cannot be reached in the program given the preconditions, or b) make the optimizations "smarter" either by not substituting constants into contexts where they're invalid, or by figuring = out that these invalid expressions cannot be reached based on their preconditio= ns.=20 The two sets of preconditions need not be the same. Both approaches are wo= rth exploring but both are hard and neither will ever be perfect. Which is par= tly why GCC documents that "Warnings are diagnostic messages that report constructions that are not inherently erroneous but that are risky or sugge= st there may have been an error." If the warning gets it wrong #pragma GCC diagnostic can be used to avoid the false positive.=