[Bug analyzer/115089] -Wanalyzer-use-of-uninitialized-value false negative

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115089 --- Comment #3 from David Malcolm --- FWIW, adding -fno-analyzer-state-merge makes it find the issue; see https://godbolt.org/z/Ecfe9oqjv : In function 'main': :16:16: warning: use of uninitialized value 'x' [CWE-457]

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #11 from David Malcolm --- I've created a wiki page to track this project: https://gcc.gnu.org/wiki/StaticAnalyzer/CPython

[Bug jit/110466] jit.dg FAILs on ppc64le

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110466 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug driver/111700] ICE: SIGSEGV in needs_read_p (input.cc:598) with -fdiagnostics-format=sarif-file or -fdiagnostics-format=sarif-stderr on pre-processed input

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111700 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug middle-end/114348] Corrupt SARIF output on stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114348 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/110112] [11/12 Regression] gcc -fanalyzer takes an excessive amount of time

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110112 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] gcc |[11/12 Regression] gcc

[Bug analyzer/109577] -Wanalyzer-allocation-size mishandles __builtin_mul_overflow

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109577 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/110014] -Wanalyzer-allocation-size mishandles realloc (..., .... * sizeof (object))

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110014 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/110700] [12 Regression] ICE with -fanalyzer --analyzer-checker=taint on division of tainted floating-point values

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110700 David Malcolm changed: What|Removed |Added Summary|[12/13 Regression] ICE with |[12 Regression] ICE with

[Bug analyzer/110882] ICE with -fanalyzer on zero-sized array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/112889] [11/12 Regression] ICE with -fanalyzer seen on Linux kernel drivers/infiniband/hw/cxgb4/cm.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112889 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] ICE |[11/12 Regression] ICE with

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112790, which changed state. Bug 112790 Summary: -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790 What|Removed

[Bug analyzer/112790] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Summary|[13

[Bug analyzer/113333] [11/12 Regression] analyzer: False positives with calloc()

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=11 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] |[11/12 Regression]

[Bug analyzer/112969] [11/12 Regression] -Wanalyzer-exposure-through-uninit-copy false positive seen on Linux kernel's drivers/net/ethernet/intel/ice/ice_ptp.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112969 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] |[11/12 Regression]

[Bug analyzer/113253] [11/12 Regression] gcc -g causes -fanalyzer to issue false positive

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113253 David Malcolm changed: What|Removed |Added Summary|[11/12/13 Regression] gcc |[11/12 Regression] gcc -g

[Bug analyzer/111289] Unwarranted -Wanalyzer-va-arg-type-mismatch warning

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111289 David Malcolm changed: What|Removed |Added Summary|[13 Regression] Unwarranted |Unwarranted

[Bug analyzer/109251] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to check in macros

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109251 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Summary|[13

[Bug analyzer/114473] ICE: in deref_rvalue, at analyzer/region-model.cc:2780 with -fanalyzer -fanalyzer-call-summaries

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114473 David Malcolm changed: What|Removed |Added Summary|[13 Regression] ICE: in |ICE: in deref_rvalue, at

[Bug analyzer/114408] ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112792, which changed state. Bug 112792 Summary: -Wanalyzer-out-of-bounds false positives seen on Linux kernel with certain unions https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112792 What|Removed

[Bug analyzer/112792] -Wanalyzer-out-of-bounds false positives seen on Linux kernel with certain unions

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112792 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Summary|[13

[Bug analyzer/111475] [14 regression] Many C++ analyzer tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111475 David Malcolm changed: What|Removed |Added Target Milestone|14.0|14.2 Summary|[14/15

[Bug analyzer/114920] null_terminated_string_arg attribute does not warn for non-nul-terminated strings

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114920 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/114896] analyzer: false-positive with VLA (analyzer-out-of-bounds, CWE-121)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114896 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/111475] [14/15 regression] Many C++ analyzer tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111475 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #11 from David

[Bug analyzer/111475] [14/15 regression] Many C++ analyzer tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111475 --- Comment #9 from David Malcolm --- Sorry about this. Is there a machine in the compile farm I can test this on?

[Bug target/113235] SMHasher SHA3-256 benchmark is almost 40% slower vs. Clang (not enough complete loop peeling)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113235 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org

[Bug analyzer/114778] ICE: in get_region_for_local, at analyzer/region.cc:1366

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114778 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/106634] [13/14 Regression] ICE in get_region_for_local with nested function extension since r13-2029-g7e3b45befdbbf1a1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106634 David Malcolm changed: What|Removed |Added CC||iamanonymous.cs at gmail dot com ---

[Bug analyzer/114778] ICE: in get_region_for_local, at analyzer/region.cc:1366

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114778 --- Comment #1 from David Malcolm --- Thanks for filing this. It's failing this assertion in frame_region::get_region_for_local : 1421case VAR_DECL: 1422 gcc_assert (!is_global_var (expr)); 1423 /* Fall

[Bug analyzer/114472] [14 Regression] ICE: in falls_short_of_p, at analyzer/store.cc:365 (in exceeds_p, at analyzer/store.cc:342) with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114472 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/114677] [13/14 Regression] -Wanalyzer-fd-leak false positive writing to int * param

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114677 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed|

[Bug analyzer/114472] [14 Regression] ICE: in falls_short_of_p, at analyzer/store.cc:365 (in exceeds_p, at analyzer/store.cc:342) with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114472 --- Comment #3 from David Malcolm --- I'm testing a fix for this.

[Bug analyzer/94365] false positive leak when using container_of-like constructs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94365 --- Comment #3 from David Malcolm --- (In reply to David Malcolm from comment #2) > Testing again with trunk (for GCC 12); the false leak of ‘a’ report still > occurs, but the -Wanalyzer-free-of-non-heap report is fixed. False leak still

[Bug analyzer/114588] Analyzer buffer overflow ASCII art hardcodes "RED" and "GREEN" as the terminal colors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114588 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/114616] New: RFE: show type and possible ranges of size in -Wanalyzer-tainted-size and -Wanalyzer-tainted-allocation-size

Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- It's really helpful when triaging analyzer reports from -Wanalyzer

[Bug analyzer/114594] Issues seen with -Wanalyzer-malloc-leak on htop/XUtils.c: String_split

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114594 --- Comment #1 from David Malcolm --- The "leak" was fixed in htop by https://github.com/htop-dev/htop/commit/62c2d820add3dadea7569af051d2afd804f08432

[Bug analyzer/114594] New: Issues seen with -Wanalyzer-malloc-leak on htop/XUtils.c: String_split

Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org CC: BenBE at geshi dot org Target Milestone: --- Created attachment 57881 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57

[Bug analyzer/114588] New: Analyzer buffer overflow ASCII art hardcodes "RED" and "GREEN" as the terminal colors

Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- As noted by ycombinator user "ephaeton" here: https://news.ycombinato

[Bug analyzer/114473] [13 Regression] ICE: in deref_rvalue, at analyzer/region-model.cc:2780 with -fanalyzer -fanalyzer-call-summaries

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114473 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] ICE: in |[13 Regression] ICE: in

[Bug analyzer/114473] [13/14 Regression] ICE: in deref_rvalue, at analyzer/region-model.cc:2780 with -fanalyzer -fanalyzer-call-summaries

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114473 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Priority|P3

[Bug analyzer/114472] [14 Regression] ICE: in falls_short_of_p, at analyzer/store.cc:365 (in exceeds_p, at analyzer/store.cc:342) with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114472 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314 --- Comment #2 from David Malcolm --- (In reply to David Malcolm from comment #1) [...] > 70redo_next: > 71 next = fdtab[fd].update.next; > 72 if (next > -2) > 73goto done; > 74

[Bug analyzer/114408] [13 Regression] ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] ICE when |[13 Regression] ICE when

[Bug analyzer/108455] -Wanalyzer-deref-before-check false positive seen in git pack-revindex.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108455 --- Comment #5 from David Malcolm --- Note: the above patch caused the ICE in bug 114408.

[Bug analyzer/114408] [13/14 Regression] ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #5 from David

[Bug analyzer/114408] [13/14 Regression] ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408 --- Comment #2 from David Malcolm --- Created attachment 57781 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57781=edit WIP patch for the the ICE The attached patch seems to fix the ICE. AIUI I'm lazily creating dominance info as it's

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112975, which changed state. Bug 112975 Summary: [14 Regression] -Wanalyzer-tainted-allocation-size false positive seen in Linux kernel's drivers/xen/privcmd.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112975

[Bug analyzer/112975] [14 Regression] -Wanalyzer-tainted-allocation-size false positive seen in Linux kernel's drivers/xen/privcmd.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112975 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/112974] [14 Regression] -Wanalyzer-tainted-array-index false positive seen on Linux kernel drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112974 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 112974, which changed state. Bug 112974 Summary: [14 Regression] -Wanalyzer-tainted-array-index false positive seen on Linux kernel drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c

[Bug analyzer/113619] [14 Regression] -Wanalyzer-tainted-divisor false positive seen in Linux kernel's fs/ceph/ioctl.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113619 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 113619, which changed state. Bug 113619 Summary: [14 Regression] -Wanalyzer-tainted-divisor false positive seen in Linux kernel's fs/ceph/ioctl.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113619 What

[Bug analyzer/109251] [13 Regression] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to check in macros

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109251 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED Summary|[13/14

[Bug analyzer/113505] [14 Regression] ICE: SIGSEGV in tree_class_check (tree.h:3766) with -O -fdump-analyzer -fanalyzer since r14-6239

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113505 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug middle-end/114348] Corrupt SARIF output on stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114348 --- Comment #5 from David Malcolm --- Should be fixed on trunk for GCC 14 by the above patch. Keeping open to backport. (In reply to Tobias Specht from comment #2) [...snip...] > A workaround could be, to only parse the first line as json,

[Bug analyzer/113505] [14 Regression] ICE: SIGSEGV in tree_class_check (tree.h:3766) with -O -fdump-analyzer -fanalyzer since r14-6239

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113505 --- Comment #5 from David Malcolm --- Thanks, am testing your patch now.

[Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/110928] [14 Regression] ICE with -fanalyzer on -Wanalyzer-out-of-bounds checker

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110928 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug analyzer/110902] Missing cast in region_model_manager::maybe_fold_binop on MULT_EXPR by 1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110902 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/111305] [13/14 Regression] GCC Static Analyzer -Wanalyzer-out-of-bounds false postive

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111305 David Malcolm changed: What|Removed |Added Priority|P2 |P3 Summary|[13/14

[Bug analyzer/111441] [14 Regression] ICE generating access diagram, in fold_binary_loc, at fold-const.cc:11580

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111441 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug middle-end/114348] Corrupt SARIF output on stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114348 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286 --- Comment #5 from David Malcolm --- Aha - thanks! Am working on a fix.

[Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286 --- Comment #3 from David Malcolm --- Looking at https://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html#index-_005f_005fatomic_005fload I see this signature for __atomic_load with 3 arguments: Built-in Function: void __atomic_load

[Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #2 from David

[Bug analyzer/114285] Use of uninitialized value when copying a struct field by field

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114285 --- Comment #2 from David Malcolm --- (In reply to Antoni from comment #0) > Created attachment 57655 [details] > Reproducer for the bug [...] > I tried to reproduce in C and I attached the reproducer. Trunk with -fanalyzer:

[Bug analyzer/114159] [13 Regression] ICE: in call_info, at analyzer/call-info.cc:143 with -fanalyzer -fanalyzer-call-summaries --param=analyzer-max-svalue-depth=0

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114159 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] ICE: in |[13 Regression] ICE: in

[Bug analyzer/114159] [13/14 Regression] ICE: in call_info, at analyzer/call-info.cc:143 with -fanalyzer -fanalyzer-call-summaries --param=analyzer-max-svalue-depth=0

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114159 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483 --- Comment #6 from David Malcolm --- Thanks; let's keep using this PR for the stuff in comment #5. I've been looking at these on gcc211 in the compile farm: * I see out-of-bounds-diagram-11.c failing as you describe (the overflow in test6

[Bug middle-end/92830] -fdiagnostics-url shows the wrong URL for warnings which are not in 'gcc' but e.g. in 'gfortran'

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92830 --- Comment #7 from David Malcolm --- (In reply to GCC Commits from comment #5) > The master branch has been updated by David Malcolm : > > https://gcc.gnu.org/g:fa29cf0c3f19b648e30b16fd2485c3c17a528a6e > > commit

[Bug analyzer/111802] [14 Regression] New analyser diagram failures since commit b365e9d57ad4

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111802 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/111881] [14 Regression] analyzer: ICE in ensure_closed, at analyzer/constraint-manager.cc:130 with -Ofast

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111881 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/111305] [13/14 Regression] GCC Static Analyzer -Wanalyzer-out-of-bounds FP and ICE problem

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111305 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-26

[Bug analyzer/105898] RFE: -fanalyzer should complain about overlapping args to memcpy and mempcpy

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105898 --- Comment #4 from David Malcolm --- I implemented this a different way, for memcpy, in r14-3556-g034d99e81484fb (by special-casing it). We don't yet check mempcpy, wmemcpy, or wmempcp; keeping bug open to handle those.

[Bug analyzer/113999] [14 Regression] ICE: in string_cst_has_null_terminator, at analyzer/region-model.cc:3651 with -fanalyzer on gcc.dg/tree-ssa/strncpy-2.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113999 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/113998] [14 Regression] ICE: in get_last_byte_offset, at analyzer/ranges.cc:171 with -fanalyzer and __builtin_strncpy()

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113998 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/111289] [13 Regression] Unwarranted -Wanalyzer-va-arg-type-mismatch warning

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111289 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] |[13 Regression] Unwarranted

[Bug analyzer/110520] -Wanalyzer-null-dereference false negative with `*ptr = 10086`

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110520 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/113983] [14 Regression] ICE: tree check: expected integer_cst, have vector_cst in maybe_undo_optimize_bit_field_compare, at analyzer/region-model-manager.cc:606 with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113983 --- Comment #5 from David Malcolm --- (In reply to Andrew Pinski from comment #4) > Fixed. Thanks!

[Bug analyzer/113999] [14 Regression] ICE: in string_cst_has_null_terminator, at analyzer/region-model.cc:3651 with -fanalyzer on gcc.dg/tree-ssa/strncpy-2.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113999 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-19

[Bug analyzer/113998] [14 Regression] ICE: in get_last_byte_offset, at analyzer/ranges.cc:171 with -fanalyzer and __builtin_strncpy()

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113998 --- Comment #2 from David Malcolm --- Thanks for filing this bug. I'm testing a fix.

[Bug analyzer/113998] [14 Regression] ICE: in get_last_byte_offset, at analyzer/ranges.cc:171 with -fanalyzer and __builtin_strncpy()

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113998 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/109802] [13 Regression] ICE using dubious flexible arrays in unions

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109802 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/110285] [13/14 Regression] -Wanalyzer-infinite-recursion false positive involving floating-point values

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110285 David Malcolm changed: What|Removed |Added Last reconfirmed||2024-02-16 Ever confirmed|0

[Bug analyzer/109851] [13/14 Regression] False positive va_arg when iterating through format string with for-loop

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109851 David Malcolm changed: What|Removed |Added Summary|False positive va_arg when |[13/14 Regression] False

[Bug analyzer/109579] -Wanalyzer-out-of-bounds false positive in Emacs mapping stack

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109579 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/109628] -Wanalyzer-use-of-uninitialized-value false positive on static storage

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109628 David Malcolm changed: What|Removed |Added Resolution|--- |WORKSFORME

[Bug analyzer/111213] -Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213 David Malcolm changed: What|Removed |Added Status|NEW |SUSPENDED --- Comment #4 from David

[Bug analyzer/105755] -Wanalyzer-null-dereference regression compiling Emacs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105755 David Malcolm changed: What|Removed |Added Resolution|--- |WORKSFORME

[Bug analyzer/108562] [meta-bug] tracker bug for issues with -Wanalyzer-null-dereference

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108562 Bug 108562 depends on bug 105755, which changed state. Bug 105755 Summary: -Wanalyzer-null-dereference regression compiling Emacs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105755 What|Removed |Added

[Bug analyzer/105755] -Wanalyzer-null-dereference regression compiling Emacs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105755 --- Comment #3 from David Malcolm --- Current status of reproducer on Compiler Explorer: GCC trunk: no warning: https://godbolt.org/z/o6ecKKa8e GCC 13.2: no warning: https://godbolt.org/z/z7hdYx1Y7 GCC 12.3: false +ve:

[Bug analyzer/108400] [12/13/14 Regression] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/105961] -Wanalyzer-use-of-uninitialized-value false positive after "= {0}"

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105961 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/109251] [13/14 Regression] -Wanalyzer-deref-before-check false positives seen in Linux kernel due to check in macros

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109251 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/113314] [14 Regression] -Wanalyzer-infinite-loop false positive seen on haproxy's fd.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113314 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/111289] [13/14 Regression] Unwarranted -Wanalyzer-va-arg-type-mismatch warning

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111289 David Malcolm changed: What|Removed |Added Summary|Unwarranted |[13/14 Regression]

[Bug analyzer/111266] [13 Regression] Missing -Wanalyzer-out-of-bounds for concrete offset overwrite.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111266 David Malcolm changed: What|Removed |Added Summary|[13/14 Regression] Missing |[13 Regression] Missing

  1   2   3   4   5   6   7   8   9   10   >