[Bug tree-optimization/104715] [12 Regression] false dangling pointer with strstr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715 --- Comment #7 from CVS Commits --- The master branch has been updated by Martin Sebor : https://gcc.gnu.org/g:b11465f1150a11d6a9b186417c468c8191ae41a1 commit r12-7440-gb11465f1150a11d6a9b186417c468c8191ae41a1 Author: Martin Sebor Date: Tue Mar 1 16:56:06 2022 -0700 Add a test for true positives related to PR104715. Related to: PR tree-optimization/104715 - false dangling pointer with strstr gcc/testsuite/ChangeLog: PR tree-optimization/104715 * gcc.dg/Wdangling-pointer-3.c: New test.
[Bug tree-optimization/104715] [12 Regression] false dangling pointer with strstr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715 Jakub Jelinek changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #6 from Jakub Jelinek --- Fixed.
[Bug tree-optimization/104715] [12 Regression] false dangling pointer with strstr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715 --- Comment #5 from CVS Commits --- The master branch has been updated by Jakub Jelinek : https://gcc.gnu.org/g:1a0e3bba4b735fa8e4463d52950d0ce9c30c16c7 commit r12-7439-g1a0e3bba4b735fa8e4463d52950d0ce9c30c16c7 Author: Jakub Jelinek Date: Tue Mar 1 21:05:31 2022 +0100 warn-access: Fix up check_pointer_uses [PR104715] The following testcase emits bogus -Wdangling-pointer warnings. The bug is that when it sees that ptr immediate use is a call that returns one of its arguments, it will assume that the return value is based on ptr, but that is the case only if ptr is passed to the argument that is actually returned (so e.g. for memcpy the first argument, etc.). When the builtins guarantee e.g. that the result is based on the first argument (either ERF_RETURNS_ARG 0 in which case it will always just returns the first argument as is, or when it is something like strstr or strpbrk or mempcpy that it returns some pointer based on the first argument), it means the result is not based on second or following argument if any. The second hunk fixes this. The first hunk just removes an unnecessary TREE_CODE check, the code only pushes SSA_NAMEs into the pointers vector and if it didn't, it uses FOR_EACH_IMM_USE_FAST (use_p, iter, ptr) a few lines below this, which of course requires that ptr is a SSA_NAME. Tree checking on SSA_NAME_VERSION will already ensure that if it wasn't a SSA_NAME, we'd ICE. 2022-03-01 Jakub Jelinek PR tree-optimization/104715 * gimple-ssa-warn-access.cc (pass_waccess::check_pointer_uses): Don't unnecessarily test if ptr is a SSA_NAME, it has to be. Only push lhs of a call if gimple_call_return_arg is equal to ptr, not just when it is non-NULL. * c-c++-common/Wdangling-pointer-7.c: New test.
[Bug tree-optimization/104715] [12 Regression] false dangling pointer with strstr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715 Jakub Jelinek changed: What|Removed |Added Assignee|unassigned at gcc dot gnu.org |jakub at gcc dot gnu.org Status|NEW |ASSIGNED --- Comment #4 from Jakub Jelinek --- Created attachment 52526 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52526=edit gcc12-pr104715.patch Untested fix. Note, I think pass_waccess::gimple_call_return_arg should also handle BUILT_IN_STRPBRK, but that is probably GCC 13 material.
[Bug tree-optimization/104715] [12 Regression] false dangling pointer with strstr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715 Jakub Jelinek changed: What|Removed |Added Priority|P3 |P1
[Bug tree-optimization/104715] [12 Regression] false dangling pointer with strstr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715
Jakub Jelinek changed:
What|Removed |Added
CC||jakub at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek ---
Other tests:
char *
foo (char *p)
{
{
char q[61] =
"012345678901234567890123456789012345678901234567890123456789";
char *r = q;
p = __builtin_strcat (p, r);
}
return p;
}
char *
bar (char *p)
{
{
char q[] = "0123456789";
char *r = q;
p = __builtin_strstr (p, r);
}
return p;
}
char *
baz (char *p)
{
{
char q[] = "0123456789";
char *r = q;
p = __builtin_strpbrk (p, r);
}
return p;
}
unsigned long
qux (char *p)
{
unsigned long s;
{
char q[] = "0123456789";
char *r = q;
s = __builtin_strspn (p, r);
}
return s;
}
There is false positive warning on foo and bar and not on baz/qux.
Using q directly in the builtin calls doesn't result in a warning though.
I wanted to suggest that pass_waccess::check_call_dangling would add support
for
ERF_RETURNS_ARG functions (ignore all arguments but the one that is returned)
and similarly handle various builtins that guarnatee certain arguments don't
really escape like in addition to those ERF_RETURNS_ARG ones mempcpy, strcat,
strncat, strpbrk, strstr, strspn, strcspn for which only something based on the
first argument can be returned (for strspn/strcspn based on no argument).
But apparently that function doesn't do anything on these testcases because
isn't passed to it.
[Bug tree-optimization/104715] [12 Regression] false dangling pointer with strstr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715
--- Comment #2 from Andrew Pinski ---
Reduced to show it is an issue with strstr:
char *
trim_xml_text(char * intxt)
{
char * etext;
{
char z[]="<", *pz = z;
etext = __builtin_strstr(intxt, pz);
}
return etext;
}
[Bug tree-optimization/104715] [12 Regression] false dangling pointer with strstr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104715 Martin Liška changed: What|Removed |Added Status|UNCONFIRMED |NEW Target Milestone|--- |12.0 Last reconfirmed||2022-02-28 Ever confirmed|0 |1 CC||marxin at gcc dot gnu.org, ||msebor at gcc dot gnu.org --- Comment #1 from Martin Liška --- Isolated from autogen: https://sourceforge.net/p/autogen/bugs/211/
