https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112790
Bug ID: 112790
Summary: -Wanalyzer-deref-before-check false positives seen in
Linux kernel due to inlining
Product: gcc
Version: unknown
Status: UNCONFIRMED
Se
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109077
--- Comment #4 from David Malcolm ---
Should be fixed on trunk for GCC 14 by the above patch.
Keeping open to track backporting to the GCC 11, 12 and 13 branches.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109077
--- Comment #2 from David Malcolm ---
PLUGIN_ANALYZER_INIT was added in r11-5583-g66dde7bc64b75d, so presumably this
affects GCC 11 onwards.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109077
David Malcolm changed:
What|Removed |Added
Blocks||107646
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103533
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112528
Bug ID: 112528
Summary: State explosions in
gcc.dg/analyzer/pr93032-mztools-{signed,unsigned}-char
.c when enabling taint checker
Product: gcc
Version: unknown
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112425
Bug ID: 112425
Summary: Invalid SARIF output when column number is zero
Product: gcc
Version: unknown
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112317
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
--- Comment #6 from David Malcolm ---
Oops; the above got truncated; the string_cst prints as follows in gdb
(gdb) pt string_cst
unit-size
align:8 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7fffea77293
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
--- Comment #5 from David Malcolm ---
It's complaining about the read from the string literal.
If I change the string in the reproducer from "hello world" to "foo", I see:
(gdb) pt string_cst
unit-size
align:8 warn_i
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
--- Comment #4 from David Malcolm ---
(In reply to David Malcolm from comment #3)
> Thanks; that reproducer works for me.
...or rather, demonstrates the ICE in a way that I can see in the debugger.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-10-11
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
--- Comment #1 from David Malcolm ---
Am trying to reproduce locally, but when I run this in my BUILDDIR/gcc:
./gdc -B. -S -fanalyzer oob.d
I get:
d21: error: cannot find source code for runtime library file 'object.d'
Possibly a silly que
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111700
--- Comment #3 from David Malcolm ---
Should be fixed on trunk by the above patch.
Keeping open to track backporting the fix to gcc 13.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111700
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-10-06
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104940
--- Comment #6 from David Malcolm ---
https://github.com/kristerw/pysmtgcc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104940
--- Comment #5 from David Malcolm ---
See also:
https://kristerw.github.io/2022/11/01/verifying-optimizations/
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111567
--- Comment #1 from David Malcolm ---
This PR tracks adding support for the attribute to -fanalyzer (which I can take
a look at).
Adding the attribute itself is tracked by PR 108896.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111567
Bug ID: 111567
Summary: RFE: support counted_by in analyzer
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111312
--- Comment #3 from David Malcolm ---
Another example can be seen here:
https://gcc.gnu.org/pipermail/gcc-patches/2023-August/628759.html
in:
gcc/testsuite/c-c++-common/analyzer/overlapping-buffers.c
where -Wanalyzer-overlapping-buffers only
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111396
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111312
David Malcolm changed:
What|Removed |Added
CC||rguenth at gcc dot gnu.org
--- Comment
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110529
David Malcolm changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111329
--- Comment #2 from David Malcolm ---
Possibly another duplicate of bug 110483.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110520
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Status|UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
--- Comment #2 from David Malcolm ---
(In reply to David Malcolm from comment #1)
[...]
> I'll open a bug about that.
Filed as bug 111312; made this one block that one.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |NEW
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111312
Bug ID: 111312
Summary: Should the analyzer run earlier?
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |NEW
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110529
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |NEW
Summary|-Wanalyzer-null-
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213
David Malcolm changed:
What|Removed |Added
Summary|-Wanalyzer-out-of-bounds|-Wanalyzer-out-of-bounds
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55
Bug ID: 55
Summary: RFE: better diagrams for string operations
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: an
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44
--- Comment #2 from David Malcolm ---
See also bug 6906 and bug 57612
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44
--- Comment #1 from David Malcolm ---
See e.g.:
https://wiki.sei.cmu.edu/confluence/display/c/PRE31-C.+Avoid+side+effects+in+arguments+to+unsafe+macros
https://stackoverflow.com/questions/10593492/catching-assert-with-side-effects
cppcheck:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44
Bug ID: 44
Summary: RFE: could -fanalyzer warn about assertions that have
side effects?
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109027
--- Comment #6 from David Malcolm ---
Bug 111099 is possibly a duplicate of this.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111099
--- Comment #2 from David Malcolm ---
Infinite recursion within ana::constraint_manager::eval_condition; possible
duplicate of bug 109027
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111099
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Status|UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #9 from David Malcolm ---
(In reply to David Malcolm from comment #4)
> Some ideas of projects we could analyze:
https://github.com/fedora-python/python-ethtool
(Although deprecated, it's relatively small and has been ported to Pyth
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-08-17
Status|UNCONFIRM
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #8 from David Malcolm ---
(In reply to David Malcolm from comment #4)
> Some ideas of projects we could analyze:
* https://pypi.org/project/mercurial/ ; see:
https://repo.mercurial-scm.org/hg-stable/file/tip/mercurial/cext
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #7 from David Malcolm ---
(In reply to David Malcolm from comment #6)
> (In reply to David Malcolm from comment #5)
> Some attribute ideas:
>
> extern int PyDict_SetItem(PyObject *p, PyObject *key, PyObject *val)
> __attribute__((
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #6 from David Malcolm ---
(In reply to David Malcolm from comment #5)
> How precisely to track behavior of API entrypoints? We can’t implement
> known_functions that precisely model every entrypoint.
>
> Consider:
> https://docs.py
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #5 from David Malcolm ---
How precisely to track behavior of API entrypoints? We can’t implement
known_functions that precisely model every entrypoint.
Consider:
https://docs.python.org/3/c-api/dict.html#c.PyDict_SetItem
which has:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #4 from David Malcolm ---
Some ideas of projects we could analyze:
- minimal Cython-generated C file
- https://pypi.org/project/psycopg2/
- https://pypi.org/project/numpy
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Status|UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110426
David Malcolm changed:
What|Removed |Added
Status|ASSIGNED|RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110902
Bug ID: 110902
Summary: Missing cast in region_model_manager::maybe_fold_binop
on MULT_EXPR by 1
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: norma
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882
David Malcolm changed:
What|Removed |Added
CC||asolokha at gmx dot com
--- Comment #6
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108171
David Malcolm changed:
What|Removed |Added
Resolution|--- |DUPLICATE
Status|ASSIGNED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108171
David Malcolm changed:
What|Removed |Added
Status|NEW |ASSIGNED
--- Comment #5 from David Malc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882
David Malcolm changed:
What|Removed |Added
Summary|[13/14 Regression] ICE with |[13 Regression] ICE with
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882
--- Comment #1 from David Malcolm ---
It's failing this assertion:
#1 0x016e2295 in ana::binding_key::make (mgr=0x7fff91d8,
r=0x3275340) at ../../src/gcc/analyzer/store.cc:132
132 gcc_assert (bit_size > 0);
(gdb) list
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110882
Bug ID: 110882
Summary: ICE with -fanalyzer on zero-sized array
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Pri
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110830
--- Comment #2 from David Malcolm ---
The "supercedes_p" logic is called in
diagnostic_manager::emit_saved_diagnostics here:
best_candidates.handle_interactions (this);
I *think* every saved_diagnostic ought to have a non-NULL m_best_epath by
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110830
--- Comment #1 from David Malcolm ---
For reference, I implemented use_after_free::supercedes_p in commit
g:33255ad3ac14e3953750fe0f2d82b901c2852ff6 as part of the gcc 12
(re)implementation of -Wanalyzer-use-of-uninitialized-value.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361
David Malcolm changed:
What|Removed |Added
Status|ASSIGNED|RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361
--- Comment #4 from David Malcolm ---
1st patch posted for this (adding -fsarif-time-report):
https://gcc.gnu.org/pipermail/gcc-patches/2023-April/615109.html
2nd patch:
https://gcc.gnu.org/pipermail/gcc-patches/2023-July/625767.html
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109365
David Malcolm changed:
What|Removed |Added
CC||dmalcolm at gcc dot gnu.org
--- Comment
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110612
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110455
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86656
Bug 86656 depends on bug 110433, which changed state.
Bug 110433 Summary: ASAN reports mismatching new/delete when compiling analyzer
testcases
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110433
What|Removed |
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110433
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110387
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110700
--- Comment #3 from David Malcolm ---
Should be fixed on trunk by the above patch. Keeping open to track backporting
to branches for gcc 12 and gcc 13.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110387
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-07-19
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110700
David Malcolm changed:
What|Removed |Added
Summary|gcc -fanalyzer |ICE with -fanalyzer
|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110466
--- Comment #9 from David Malcolm ---
Should be fixed on trunk for gcc 14 by the above commits.
Keeping open to track backporting to gcc 13.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483
--- Comment #1 from David Malcolm ---
Thanks for filing this; sorry about the failures.
What's the endianness of the hosts that this is happening on?
Is there a machine in the GCC compile farm that this happens on?
The row of indices is is cr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110466
--- Comment #6 from David Malcolm ---
(In reply to Andrew Pinski from comment #5)
> (In reply to Andrew Pinski from comment #4)
> > (In reply to David Malcolm from comment #3)
> > >
> > > Reading symbols from
> > > /home/dmalcolm/build/gcc/te
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110466
--- Comment #3 from David Malcolm ---
With the above fix, the remaining failures are:
FAIL: FAIL
FAIL: FAIL
FAIL: FAIL
which are from testdebuginfo.c; I see:
Reading symbols from
/home/dmalcolm/build/gcc/testsuite/jit4/jit-debuginfo.o...Dwa
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110466
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-06-28
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110426
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Status|UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110433
--- Comment #1 from David Malcolm ---
I haven't reproduced this yet, but I notice that I forgot to give class
spatial_item a virtual dtor, which looking at the backtrace may be the root
cause.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110164
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|ASSIGNED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110164
David Malcolm changed:
What|Removed |Added
URL||https://gcc.gnu.org/piperma
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110172
--- Comment #1 from David Malcolm ---
Quoting:
https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions
"""
-fexceptions
Enable exception handling. Generates extra code needed to propagate
exceptions. For some targets, th
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110285
David Malcolm changed:
What|Removed |Added
Summary|-Wanalyzer-infinite-recursi |-Wanalyzer-infinite-recursi
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107583
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|ASSIGNED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107583
David Malcolm changed:
What|Removed |Added
Status|NEW |ASSIGNED
Assignee|unassigned
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107583
David Malcolm changed:
What|Removed |Added
CC||dmalcolm at gcc dot gnu.org
--- Comment
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110164
David Malcolm changed:
What|Removed |Added
Status|NEW |ASSIGNED
CC|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90342
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
CC|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84890
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|ASSIGNED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110014
--- Comment #2 from David Malcolm ---
Thanks for fixing this Tim.
Keeping open to track backporting this to the gcc 13 branch.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109577
--- Comment #4 from David Malcolm ---
Thanks for fixing this Tim.
Keeping open to track backporting this to the gcc 13 branch.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110112
--- Comment #5 from David Malcolm ---
Should be fixed on trunk for gcc 14 by the above patch.
Keeping this open to track backporting it.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110112
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-06-08
Status|UNCONFIRM
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110172
Bug ID: 110172
Summary: Leak false positives from -fanalyzer with -fexceptions
(even on C code)
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109015
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109580
David Malcolm changed:
What|Removed |Added
CC||rguenth at gcc dot gnu.org
--- Comment
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109580
--- Comment #3 from David Malcolm ---
The optimized stmt with UNKNOWN_LOCATION is created from:
(gdb) call inform(stmt->location, "stmt in gimple_simplify")
../../src/pr109580.c:10:9: note: stmt in gimple_simplify
10 | err |= dup2(nfd, 0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109580
--- Comment #2 from David Malcolm ---
The warning is emitted on this statement:
_23 = _3 | _5;
within this basic block in the optimized code:
[local count: 217325344]:
nfd_26 = emacs_open_noquit ("/dev/null", 2, 0);
_3 = nfd_26 < 0;
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109580
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-04-21
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109570
--- Comment #2 from David Malcolm ---
Thanks for filing this bug.
I think -fanalyzer should warn about fclose(NULL), but not for free(NULL).
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106000
David Malcolm changed:
What|Removed |Added
Blocks||109432
--- Comment #8 from David Malcol
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106626
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361
--- Comment #3 from David Malcolm ---
Created attachment 54804
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54804&action=edit
v1 of patch for this
This patch works, but it also enables the output on stderr, and I see
significant differe
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109361
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-03-31
Ever confirmed|0
301 - 400 of 1409 matches
Mail list logo