[Bug analyzer/105892] RFE: -fanalyzer could complain about pointer subtraction of pointers to different memory chunks

2024-06-07 Thread dmalcolm at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105892

David Malcolm  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

--- Comment #3 from David Malcolm  ---
Implemented by the above patch for GCC 15.

[Bug analyzer/105892] RFE: -fanalyzer could complain about pointer subtraction of pointers to different memory chunks

2024-06-07 Thread cvs-commit at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105892

--- Comment #2 from GCC Commits  ---
The master branch has been updated by David Malcolm :

https://gcc.gnu.org/g:13dcaf1bb6d4f15665a47b14ac0c12cf454e38a2

commit r15-1107-g13dcaf1bb6d4f15665a47b14ac0c12cf454e38a2
Author: David Malcolm 
Date:   Fri Jun 7 16:14:28 2024 -0400

analyzer: new warning: -Wanalyzer-undefined-behavior-ptrdiff (PR
analyzer/105892)

Add a new warning to complain about pointer subtraction involving
different chunks of memory.

For example, given:

  #include 

  int arr[42];
  int sentinel;

  ptrdiff_t
  test_invalid_calc_of_array_size (void)
  {
return  - arr;
  }

this emits:

demo.c: In function âtest_invalid_calc_of_array_sizeâ:
demo.c:9:20: warning: undefined behavior when subtracting pointers
[CWE-469] [-Wanalyzer-undefined-behavior-ptrdiff]
9 |   return  - arr;
  |^
  events 1-2
â
â3 | int arr[42];
â  | ~~~
â  | |
â  | (2) underlying object for right-hand side of subtraction
created here
â4 | int sentinel;
â  | ^~~~
â  | |
â  | (1) underlying object for left-hand side of subtraction
created here
â
âââ> âtest_invalid_calc_of_array_sizeâ: event 3
   â
   â9 |   return  - arr;
   â  |^
   â  ||
   â  |(3) â ï¸  subtraction of
pointers has undefined behavior if they do not point into the same array object
   â

gcc/analyzer/ChangeLog:
PR analyzer/105892
* analyzer.opt (Wanalyzer-undefined-behavior-ptrdiff): New option.
* analyzer.opt.urls: Regenerate.
* region-model.cc (class undefined_ptrdiff_diagnostic): New.
(check_for_invalid_ptrdiff): New.
(region_model::get_gassign_result): Call it for POINTER_DIFF_EXPR.

gcc/ChangeLog:
* doc/invoke.texi: Add -Wanalyzer-undefined-behavior-ptrdiff.

gcc/testsuite/ChangeLog:
PR analyzer/105892
* c-c++-common/analyzer/out-of-bounds-pr110387.c: Add
expected warnings about pointer subtraction.
* c-c++-common/analyzer/ptr-subtraction-1.c: New test.
* c-c++-common/analyzer/ptr-subtraction-CWE-469-example.c: New
test.

Signed-off-by: David Malcolm

[Bug analyzer/105892] RFE: -fanalyzer could complain about pointer subtraction of pointers to different memory chunks

2022-06-16 Thread dmalcolm at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105892

--- Comment #1 from David Malcolm  ---
See also CWE 469: https://cwe.mitre.org/data/definitions/469.html