From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by sourceware.org (Postfix) with ESMTPS id 8DE3C3858D33 for ; Wed, 1 Mar 2023 11:16:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8DE3C3858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ed1-x536.google.com with SMTP id ec43so52270849edb.8 for ; Wed, 01 Mar 2023 03:16:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=Aqshz7jSK/mHuj2KF7e4JGYwZemVAl8Ay4K3/g4BhdA=; b=Y9QB0BPRDRPil2vwiu50ACdSOxAZW11Y6KF8Ufq5Af3OnsFexfGbHuQrdYoVMOijNW zpz9K66SdCmIP+y1ngzjcClWcUbPYJlNdhbOfFdlADQe6uN5I9/9XFvNqv3T2HWI6EJk 0eYd9Ts2E6DelxafGXITnFtlgcAWSl8PIqWdbPaqTUP/415jVVq7C5xb3yr1QuQqj/RD P05JIAyO8fKLm/l8+wgYnKqmucaGXuCsPUZP1N8EgeWgwbqRPfEiBMF5U2cIWCxRoAKu FDNlO+YIHjUqIFj9YldBTi/aR57aN35IjirHTmvrHZEPEAazHrLNnqUmChREG4kedVEV w5Ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Aqshz7jSK/mHuj2KF7e4JGYwZemVAl8Ay4K3/g4BhdA=; b=2rSqHeStGr8zx1G2iPlEHLYXpxYasdXAFUpNbE2v+e4JfDahnVd46XJuXGJbSjutYY kVc4oE4xZXlikdOCOw4JNToiyIQB7yMONtEra/TCA36C4WnlEWMHSh36wM3tNiJYtb5G GvoS+a6vDzOAEzaAVxSnnO+xY6AVEqoz4Q19hsJRjLE5B50djZyHJZktdFnY72NRrAxd UQhN34UWxmw08ykeGaVL5mV6sv9eIKTo9aY1AvYxmx2mDmPhpt2CB7lly1xd3HaPLCOz XgfgO0Aco2DqsX5uN071Flo5z6m7Mi55cRAkdF8sgRO+Qoeunr+8wyoB1RTSwks2hJPG AhnA== X-Gm-Message-State: AO0yUKW+aPDqnRYLj+xzqsvZKBmuoFiVw3bCGabjE4qdkrxRRnGAgavY QkrDqrGuCq0V7mmX6Sd+pC4= X-Google-Smtp-Source: AK7set/8dZ46d3bWKKuGbTO6npU9GQhmoa5sYEcfkQtLe3d75NGc5Izu/VERu4RJUXV7y1hT1o2OFg== X-Received: by 2002:a17:907:868e:b0:8b1:7841:9f28 with SMTP id qa14-20020a170907868e00b008b178419f28mr8314445ejc.55.1677669402886; Wed, 01 Mar 2023 03:16:42 -0800 (PST) Received: from smtpclient.apple ([2001:620:618:5c8:2:80b3:0:6d8]) by smtp.gmail.com with ESMTPSA id e29-20020a170906749d00b008c33ebac259sm5621660ejl.127.2023.03.01.03.16.42 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2023 03:16:42 -0800 (PST) From: Shengyu Huang Message-Id: <5BF6D475-B981-4B7C-A86B-BCCEF629AC19@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_94A6BA93-21E9-4E76-AF03-0CE3E18AFCFB" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\)) Subject: Re: [GSoC][Static Analyzer] Some questions and request for a small patch to work on Date: Wed, 1 Mar 2023 12:16:31 +0100 In-Reply-To: Cc: GCC Development To: David Malcolm References: <960EE623-1B17-4321-B77E-FBCD9496BE1F@gmail.com> <40fbb064f56845908f797400e5d9443b6cf97fe4.camel@redhat.com> <594374fad6f19b956b3f0e6e5ce04ad51205186b.camel@redhat.com> X-Mailer: Apple Mail (2.3731.200.110.1.12) X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --Apple-Mail=_94A6BA93-21E9-4E76-AF03-0CE3E18AFCFB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Dave, > On 1 Mar 2023, at 00:59, David Malcolm wrote: >=20 > Did you get it to output your messages? >=20 Yes, I chose to emit the warning before the supergraph or exploded graph is= created (I guess this is enough, right?). I checked out from the trunk a w= eek ago, and I checked out from the latest trunk just now and built from mo= dified source again, by adding a line in the following code in analyzer/eng= ine.cc: FOR_EACH_FUNCTION_WITH_GIMPLE_BODY (node) { node->get_untransformed_body (); warning_at (DECL_SOURCE_LOCATION (node->decl), 0, "hello world, I=E2=80= =99m compiling %qE", node->decl); // ADDED } Compiling my own test script without optimizations, I got the output (surpr= isingly no warning from -Wanalyzer-shift-count-negative anymore): test.c: In function 'main': test.c:42:9: warning: left shift count is negative [-Wshift-count-negative] 42 | b =3D b << -1; | ^~ test.c: At top level: test.c:36:5: warning: hello world, I'm compiling 'main' 36 | int main() | ^~~~ test.c:27:6: warning: hello world, I'm compiling 're' 27 | void re (int c) | ^~ test.c:12:6: warning: hello world, I'm compiling 'f' 12 | void f (unsigned long *p, int r, int i) | ^ test.c:9:5: warning: hello world, I'm compiling 'fun2' 9 | int fun2() | ^~~~ test.c:4:5: warning: hello world, I'm compiling 'fun1' 4 | int fun1() | ^~~~ test.c: In function 'main': test.c:40:8: warning: use of uninitialized value 'a' [CWE-457] [-Wanalyzer-= use-of-uninitialized-value] 40 | int* c =3D a; | ^ 'main': events 1-3 | | 38 | int* a; | | ^ | | | | | (1) region created on stack here | | (2) capacity: 8 bytes | 39 | int b =3D 'c'; | 40 | int* c =3D a; | | ~ | | | | | (3) use of uninitialized value 'a' here | ~~ If I compiled it with -O2, I got additionally=20 test.c: In function 'f': test.c:20:34: warning: shift by count ('64') >=3D precision of type ('64') = [-Wanalyzer-shift-count-overflow] 20 | p[i--] =3D b + 1 >=3D 64 ? 0UL : 1UL << (b + 1); | ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~ 'f': events 1-5 | | 16 | while (i >=3D 0) | | ~~^~~~ | | | | | (1) following 'true' branch (when 'i >=3D 0')... | 17 | { | 18 | if (n > b) | | ~=20=20=20=20 | | | | | (2) ...to here | | (3) following 'true' branch (when 'b < n')... | 19 | { | 20 | p[i--] =3D b + 1 >=3D 64 ? 0UL : 1UL << (b + 1); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (4) ...to here | | (5) shift by count '64' here | which is documented as a false positive in PR98447. >=20 > The next thing to do might be to try stepping through the code in the > debugger; that's often a good way to learn about a new codebase. See: > https://gcc-newbies-guide.readthedocs.io/en/latest/debugging.html > and maybe have a look at the support scripts mentioned on that page. >=20 I did try to use gdb more to inspect the internals, but one thing I noticed= when using it is that I got `??()` in the backtrace, which I=E2=80=99ve ne= ver seen before. Some online sources say it happened due to =E2=80=9Ccorrup= ted stack=E2=80=9D, but I don=E2=80=99t know how that can happen either=E2= =80=A6However, after pulling changes from the trunk and rebuilding from the= source, =E2=80=9C??()=E2=80=9D disappeared and now I can step through the = execution without any problem (previously `step` and `continue` did not wor= k as expected=E2=80=A6). Do you have any clues what happened so that I can = fix it myself later if that happens again? Best, Shengyu > BTW, are you building trunk, or GCC 12? I've made a *lot* of changes > to the analyzer in trunk, so it would be good for you to be working > with something that's reasonably up-to-date. --Apple-Mail=_94A6BA93-21E9-4E76-AF03-0CE3E18AFCFB--