public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/99771] New: Analyzer diagnostics should not say "<unknown>"
@ 2021-03-25 15:26 dmalcolm at gcc dot gnu.org
2021-03-25 15:26 ` [Bug analyzer/99771] " dmalcolm at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-03-25 15:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99771
Bug ID: 99771
Summary: Analyzer diagnostics should not say "<unknown>"
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Various analyzer diagnostics talk about "<unknown>"; examples can be seen in
the testsuite:
data-model-10.c:
*new_table->m_f = NULL; // "dereference of possibly-NULL '<unknown>'"
malloc-1.c (test_44):
free (global_ptr); // "leak of '<unknown>'"
malloc-ipa-13.c:
calls_free (f.m_p); //"passing freed pointer '<unknown>' in call to
'calls_free' from 'test'"
and IIRC I've seen these "in the wild" recently as well.
We shouldn't emit "<unknown>" to the end-user.
Filing this bug to have a place to track fixing these.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/99771] Analyzer diagnostics should not say "<unknown>"
2021-03-25 15:26 [Bug analyzer/99771] New: Analyzer diagnostics should not say "<unknown>" dmalcolm at gcc dot gnu.org
@ 2021-03-25 15:26 ` dmalcolm at gcc dot gnu.org
2021-03-30 21:52 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-03-25 15:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99771
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2021-03-25
Status|UNCONFIRMED |ASSIGNED
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/99771] Analyzer diagnostics should not say "<unknown>"
2021-03-25 15:26 [Bug analyzer/99771] New: Analyzer diagnostics should not say "<unknown>" dmalcolm at gcc dot gnu.org
2021-03-25 15:26 ` [Bug analyzer/99771] " dmalcolm at gcc dot gnu.org
@ 2021-03-30 21:52 ` cvs-commit at gcc dot gnu.org
2021-03-31 23:18 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-03-30 21:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99771
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:0f9aa35c79a0fe195d5076375b5794246cf44819
commit r11-7917-g0f9aa35c79a0fe195d5076375b5794246cf44819
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Mar 26 13:26:15 2021 -0400
analyzer: only call get_diagnostic_tree when it's needed
impl_sm_context::get_diagnostic_tree could be expensive, and
I find myself needing to put a breakpoint on it to debug
PR analyzer/99771, so only call it if we're about to use
the result.
gcc/analyzer/ChangeLog:
* sm-file.cc (fileptr_state_machine::on_stmt): Only call
get_diagnostic_tree if the result will be used.
* sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
(malloc_state_machine::on_deallocator_call): Likewise.
(malloc_state_machine::on_realloc_call): Likewise.
(malloc_state_machine::on_realloc_call): Likewise.
* sm-sensitive.cc
(sensitive_state_machine::warn_for_any_exposure): Likewise.
* sm-taint.cc (taint_state_machine::on_stmt): Likewise.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/99771] Analyzer diagnostics should not say "<unknown>"
2021-03-25 15:26 [Bug analyzer/99771] New: Analyzer diagnostics should not say "<unknown>" dmalcolm at gcc dot gnu.org
2021-03-25 15:26 ` [Bug analyzer/99771] " dmalcolm at gcc dot gnu.org
2021-03-30 21:52 ` cvs-commit at gcc dot gnu.org
@ 2021-03-31 23:18 ` cvs-commit at gcc dot gnu.org
2021-03-31 23:21 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-03-31 23:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99771
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:e4bb1bd60a9fd1bed36092a990aa5fed5d45bfa6
commit r11-7941-ge4bb1bd60a9fd1bed36092a990aa5fed5d45bfa6
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Mar 29 16:13:32 2021 -0400
analyzer: avoid printing '<unknown>' for SSA names [PR99771]
We don't want to print '<unknown>' in our diagnostics, but
PR analyzer/99771 lists various cases where -fanalyzer does, due to
using the SSA_NAME for a temporary when determining the best tree to
use.
This can happen in two ways:
(a) ...when a better expression than the SSA_NAME could be built, but
finding it requires traversing the relationships in the region_model
in a graph-like way, rather than by considering individual svalues and
regions.
(b) ...when the only remaining user of the underlying svalue is the
SSA_NAME, typically due to the diagnostic referring to a temporary.
I've been experimenting with fixing (a), but don't have a good fix yet.
In the meantime, this patch addresses (b) by detecting if we have
the SSA_NAME for a temporary, and, for the cases where it's possible,
reconstructing a tree by walking the def-stmts. This fixes various
cases of (b) and ameliorates some cases of (a).
gcc/analyzer/ChangeLog:
PR analyzer/99771
* analyzer.cc (maybe_reconstruct_from_def_stmt): New.
(fixup_tree_for_diagnostic_1): New.
(fixup_tree_for_diagnostic): New.
* analyzer.h (fixup_tree_for_diagnostic): New decl.
* checker-path.cc (call_event::get_desc): Call
fixup_tree_for_diagnostic and use it for the call_with_state call.
(warning_event::get_desc): Likewise for the final_event and
make_label_text calls.
* engine.cc (impl_region_model_context::on_state_leak): Likewise
for the on_leak and add_diagnostic calls.
* region-model.cc (region_model::get_representative_tree):
Likewise for the result.
gcc/testsuite/ChangeLog:
PR analyzer/99771
* gcc.dg/analyzer/data-model-10.c: Update expected output.
* gcc.dg/analyzer/malloc-ipa-13.c: Likewise.
* gcc.dg/analyzer/malloc-ipa-13a.c: New test.
* gcc.dg/analyzer/pr99771-1.c: New test.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/99771] Analyzer diagnostics should not say "<unknown>"
2021-03-25 15:26 [Bug analyzer/99771] New: Analyzer diagnostics should not say "<unknown>" dmalcolm at gcc dot gnu.org
` (2 preceding siblings ...)
2021-03-31 23:18 ` cvs-commit at gcc dot gnu.org
@ 2021-03-31 23:21 ` dmalcolm at gcc dot gnu.org
2022-03-07 19:21 ` cvs-commit at gcc dot gnu.org
2022-03-08 19:17 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-03-31 23:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99771
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
The above patch fixes some of the occurrences of the bug (due to (b)), but not
those due to (a), so keeping this bug open.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/99771] Analyzer diagnostics should not say "<unknown>"
2021-03-25 15:26 [Bug analyzer/99771] New: Analyzer diagnostics should not say "<unknown>" dmalcolm at gcc dot gnu.org
` (3 preceding siblings ...)
2021-03-31 23:21 ` dmalcolm at gcc dot gnu.org
@ 2022-03-07 19:21 ` cvs-commit at gcc dot gnu.org
2022-03-08 19:17 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-03-07 19:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99771
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:0af37ad4422052be4b7f779737e14c80e57d0ad9
commit r12-7525-g0af37ad4422052be4b7f779737e14c80e57d0ad9
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Mar 7 14:19:30 2022 -0500
analyzer: fix leak suppression at end of 'main' [PR101983]
PR analyzer/101983 reports what I thought were false positives
from -Wanalyzer-malloc-leak, but on closer inspection, the
analyzer is correctly reporting heap-allocated buffers that are
no longer reachable.
However, these "leaks" occur at the end of "main". The analyzer already
has some logic to avoid reporting leaks at the end of main, where the
leak is detected at the end of the EXIT basic block. However, in this
case,
the leak is detected at the clobber in BB 2 here:
<bb 2> :
func (&res);
res ={v} {CLOBBER(eol)};
_4 = 0;
<bb 3> :
<L0>:
return _4;
where we have a chain BB 2 -> BB 3 -> EXIT BB.
This patch generalizes the "are we at the end of 'main'" detection to
handle such cases, silencing -Wanalyzer-malloc-leak on them.
There's a remaining issue where the analyzer unhelpfully describes one
of the leaking values as '<unknown>', rather than 'res.a', but I'm
leaving that for a followup (covered by PR analyzer/99771).
gcc/analyzer/ChangeLog:
PR analyzer/101983
* engine.cc (returning_from_function_p): New.
(impl_region_model_context::on_state_leak): Use it when rejecting
leaks at the return from "main".
gcc/testsuite/ChangeLog:
PR analyzer/101983
* gcc.dg/analyzer/pr101983-main.c: New test.
* gcc.dg/analyzer/pr101983-not-main.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/99771] Analyzer diagnostics should not say "<unknown>"
2021-03-25 15:26 [Bug analyzer/99771] New: Analyzer diagnostics should not say "<unknown>" dmalcolm at gcc dot gnu.org
` (4 preceding siblings ...)
2022-03-07 19:21 ` cvs-commit at gcc dot gnu.org
@ 2022-03-08 19:17 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-03-08 19:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99771
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:b7175f36812b32d3de242f15c065b9cb68e957a9
commit r12-7541-gb7175f36812b32d3de242f15c065b9cb68e957a9
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue Mar 8 14:16:48 2022 -0500
analyzer: more test coverage of leak detection [PR99771]
gcc/testsuite/ChangeLog:
PR analyzer/99771
* gcc.dg/analyzer/leak-4.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-03-08 19:17 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-25 15:26 [Bug analyzer/99771] New: Analyzer diagnostics should not say "<unknown>" dmalcolm at gcc dot gnu.org
2021-03-25 15:26 ` [Bug analyzer/99771] " dmalcolm at gcc dot gnu.org
2021-03-30 21:52 ` cvs-commit at gcc dot gnu.org
2021-03-31 23:18 ` cvs-commit at gcc dot gnu.org
2021-03-31 23:21 ` dmalcolm at gcc dot gnu.org
2022-03-07 19:21 ` cvs-commit at gcc dot gnu.org
2022-03-08 19:17 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).