public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0
@ 2021-04-02 22:15 dmalcolm at gcc dot gnu.org
2021-04-02 22:41 ` [Bug analyzer/99886] Delay " dmalcolm at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-04-02 22:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886
Bug ID: 99886
Summary: Infinite loop in -fanalyzer seen on
gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Reproducer:
#include <stdlib.h>
struct coord {
float x;
float y;
};
void test_34 (void)
{
float *q;
struct coord *p = malloc (sizeof (struct coord));
if (!p)
return;
p->x = 0.0f;
q = &p->x;
free (p);
*q = 1.0f; /* { dg-warning "use after 'free' of 'q'" } */
};
when compiled with:
-fanalyzer -fanalyzer-verbosity=0
Doesn't happen at other verbosity levels.
Seems to be getting stuck here in diagnostic_manager::consolidate_conditions:
(gdb) bt
#0 0x00000000024a8777 in vec<ana::checker_event*, va_heap, vl_ptr>::length
(this=0x7fffffffca98) at ../../src/gcc/vec.h:1439
#1 0x00000000024c0d30 in ana::checker_path::num_events (this=0x7fffffffca90)
at ../../src/gcc/analyzer/checker-path.h:503
#2 0x00000000024c0138 in ana::diagnostic_manager::consolidate_conditions
(this=0x7fffffffcf00, path=0x7fffffffca90)
at ../../src/gcc/analyzer/diagnostic-manager.cc:2203
#3 0x00000000024bf433 in ana::diagnostic_manager::prune_path
(this=0x7fffffffcf00, path=0x7fffffffca90, sm=0x0, sval=0x0, state=0x0)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1783
#4 0x00000000024be1b6 in ana::diagnostic_manager::emit_saved_diagnostic
(this=0x7fffffffcf00, eg=..., sd=...)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1131
#5 0x00000000024c1af1 in ana::dedupe_winners::emit_best (this=0x7fffffffcc20,
dm=0x7fffffffcf00, eg=...)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1051
#6 0x00000000024bdfa6 in ana::diagnostic_manager::emit_saved_diagnostics
(this=0x7fffffffcf00, eg=...)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1100
#7 0x0000000001830e13 in ana::impl_run_checkers (logger=0x35ccbf0) at
../../src/gcc/analyzer/engine.cc:4892
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/99886] Delay loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0
2021-04-02 22:15 [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 dmalcolm at gcc dot gnu.org
@ 2021-04-02 22:41 ` dmalcolm at gcc dot gnu.org
2021-04-05 14:49 ` cvs-commit at gcc dot gnu.org
2021-04-05 14:52 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-04-02 22:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2021-04-02
Summary|Infinite loop in -fanalyzer |Delay loop in -fanalyzer
|seen on |seen on
|gcc.dg/analyzer/malloc-1.c |gcc.dg/analyzer/malloc-1.c
|with -fanalyzer-verbosity=0 |with -fanalyzer-verbosity=0
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Not an infinite loop; it "merely" counts very slowly from 0 to 0xffffffff due
to ((unsigned)0) - 1 as a loop boundary.
Testing a fix.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/99886] Delay loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0
2021-04-02 22:15 [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 dmalcolm at gcc dot gnu.org
2021-04-02 22:41 ` [Bug analyzer/99886] Delay " dmalcolm at gcc dot gnu.org
@ 2021-04-05 14:49 ` cvs-commit at gcc dot gnu.org
2021-04-05 14:52 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-04-05 14:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:69b66ff02353a87585329bb3cf4ac20d6dee1b16
commit r11-7987-g69b66ff02353a87585329bb3cf4ac20d6dee1b16
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Apr 5 10:48:01 2021 -0400
analyzer: fix apparent hang with -fanalyzer-verbosity=0 [PR analyzer/99886]
The analyzer appeared to enter an infinite loop on malloc-1.c
when -fanalyzer-verbosity=0 was used. In fact, it was slowly
counting from 0 to 0xffffffff.
Root cause is looping up to effectively ((unsigned)0) - 1 in
diagnostic_manager::consolidate_conditions when there are no events
in the path.
Fixed by the following, which uses signed integers when subtracting
from path->num_events () when simplifying checker_paths.
gcc/analyzer/ChangeLog:
PR analyzer/99886
* diagnostic-manager.cc
(diagnostic_manager::prune_interproc_events): Use signed integers
when subtracting one from path->num_events ().
(diagnostic_manager::consolidate_conditions): Likewise. Convert
next_idx to a signed int.
gcc/testsuite/ChangeLog:
PR analyzer/99886
* gcc.dg/analyzer/pr99886.c: New test.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/99886] Delay loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0
2021-04-02 22:15 [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 dmalcolm at gcc dot gnu.org
2021-04-02 22:41 ` [Bug analyzer/99886] Delay " dmalcolm at gcc dot gnu.org
2021-04-05 14:49 ` cvs-commit at gcc dot gnu.org
@ 2021-04-05 14:52 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-04-05 14:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99886
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-05 14:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-02 22:15 [Bug analyzer/99886] New: Infinite loop in -fanalyzer seen on gcc.dg/analyzer/malloc-1.c with -fanalyzer-verbosity=0 dmalcolm at gcc dot gnu.org
2021-04-02 22:41 ` [Bug analyzer/99886] Delay " dmalcolm at gcc dot gnu.org
2021-04-05 14:49 ` cvs-commit at gcc dot gnu.org
2021-04-05 14:52 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).