public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 @ 2021-04-02 22:15 dmalcolm at gcc dot gnu.org 2021-04-02 22:41 ` [Bug analyzer/99886] Delay " dmalcolm at gcc dot gnu.org ` (2 more replies) 0 siblings, 3 replies; 4+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2021-04-02 22:15 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886 Bug ID: 99886 Summary: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Reproducer: #include <stdlib.h> struct coord { float x; float y; }; void test_34 (void) { float *q; struct coord *p = malloc (sizeof (struct coord)); if (!p) return; p->x = 0.0f; q = &p->x; free (p); *q = 1.0f; /* { dg-warning "use after 'free' of 'q'" } */ }; when compiled with: -fanalyzer -fanalyzer-verbosity=0 Doesn't happen at other verbosity levels. Seems to be getting stuck here in diagnostic_manager::consolidate_conditions: (gdb) bt #0 0x00000000024a8777 in vec<ana::checker_event*, va_heap, vl_ptr>::length (this=0x7fffffffca98) at ../../src/gcc/vec.h:1439 #1 0x00000000024c0d30 in ana::checker_path::num_events (this=0x7fffffffca90) at ../../src/gcc/analyzer/checker-path.h:503 #2 0x00000000024c0138 in ana::diagnostic_manager::consolidate_conditions (this=0x7fffffffcf00, path=0x7fffffffca90) at ../../src/gcc/analyzer/diagnostic-manager.cc:2203 #3 0x00000000024bf433 in ana::diagnostic_manager::prune_path (this=0x7fffffffcf00, path=0x7fffffffca90, sm=0x0, sval=0x0, state=0x0) at ../../src/gcc/analyzer/diagnostic-manager.cc:1783 #4 0x00000000024be1b6 in ana::diagnostic_manager::emit_saved_diagnostic (this=0x7fffffffcf00, eg=..., sd=...) at ../../src/gcc/analyzer/diagnostic-manager.cc:1131 #5 0x00000000024c1af1 in ana::dedupe_winners::emit_best (this=0x7fffffffcc20, dm=0x7fffffffcf00, eg=...) at ../../src/gcc/analyzer/diagnostic-manager.cc:1051 #6 0x00000000024bdfa6 in ana::diagnostic_manager::emit_saved_diagnostics (this=0x7fffffffcf00, eg=...) at ../../src/gcc/analyzer/diagnostic-manager.cc:1100 #7 0x0000000001830e13 in ana::impl_run_checkers (logger=0x35ccbf0) at ../../src/gcc/analyzer/engine.cc:4892 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/99886] Delay loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 2021-04-02 22:15 [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 dmalcolm at gcc dot gnu.org @ 2021-04-02 22:41 ` dmalcolm at gcc dot gnu.org 2021-04-05 14:49 ` cvs-commit at gcc dot gnu.org 2021-04-05 14:52 ` dmalcolm at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2021-04-02 22:41 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886 David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |ASSIGNED Last reconfirmed| |2021-04-02 Summary|Infinite loop in -fanalyzer |Delay loop in -fanalyzer |seen on |seen on |gcc.dg/analyzer/malloc-1.c |gcc.dg/analyzer/malloc-1.c |with -fanalyzer-verbosity=0 |with -fanalyzer-verbosity=0 --- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> --- Not an infinite loop; it "merely" counts very slowly from 0 to 0xffffffff due to ((unsigned)0) - 1 as a loop boundary. Testing a fix. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/99886] Delay loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 2021-04-02 22:15 [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 dmalcolm at gcc dot gnu.org 2021-04-02 22:41 ` [Bug analyzer/99886] Delay " dmalcolm at gcc dot gnu.org @ 2021-04-05 14:49 ` cvs-commit at gcc dot gnu.org 2021-04-05 14:52 ` dmalcolm at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2021-04-05 14:49 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886 --- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:69b66ff02353a87585329bb3cf4ac20d6dee1b16 commit r11-7987-g69b66ff02353a87585329bb3cf4ac20d6dee1b16 Author: David Malcolm <dmalcolm@redhat.com> Date: Mon Apr 5 10:48:01 2021 -0400 analyzer: fix apparent hang with -fanalyzer-verbosity=0 [PR analyzer/99886] The analyzer appeared to enter an infinite loop on malloc-1.c when -fanalyzer-verbosity=0 was used. In fact, it was slowly counting from 0 to 0xffffffff. Root cause is looping up to effectively ((unsigned)0) - 1 in diagnostic_manager::consolidate_conditions when there are no events in the path. Fixed by the following, which uses signed integers when subtracting from path->num_events () when simplifying checker_paths. gcc/analyzer/ChangeLog: PR analyzer/99886 * diagnostic-manager.cc (diagnostic_manager::prune_interproc_events): Use signed integers when subtracting one from path->num_events (). (diagnostic_manager::consolidate_conditions): Likewise. Convert next_idx to a signed int. gcc/testsuite/ChangeLog: PR analyzer/99886 * gcc.dg/analyzer/pr99886.c: New test. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/99886] Delay loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 2021-04-02 22:15 [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 dmalcolm at gcc dot gnu.org 2021-04-02 22:41 ` [Bug analyzer/99886] Delay " dmalcolm at gcc dot gnu.org 2021-04-05 14:49 ` cvs-commit at gcc dot gnu.org @ 2021-04-05 14:52 ` dmalcolm at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2021-04-05 14:52 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886 David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|ASSIGNED |RESOLVED --- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> --- Should be fixed by the above patch. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-05 14:52 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-04-02 22:15 [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 dmalcolm at gcc dot gnu.org 2021-04-02 22:41 ` [Bug analyzer/99886] Delay " dmalcolm at gcc dot gnu.org 2021-04-05 14:49 ` cvs-commit at gcc dot gnu.org 2021-04-05 14:52 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).