https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97074
Bug ID: 97074 Summary: -Wanalyzer-malloc-leak false positive when merging states Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- https://godbolt.org/z/5P3T8E #include <stdlib.h> void *x, *y; void test_1 (int flag) { void *p = malloc (1024); if (flag) x = p; else y = p; __analyzer_dump (); } Has this false leak report: t.c:13:1: warning: leak of ‘p’ [CWE-401] [-Wanalyzer-malloc-leak] 13 | } | ^ ‘test_1’: events 1-2 | | 7 | void *p = malloc (1024); | | ^~~~~~~~~~~~~ | | | | | (1) allocated here |...... | 13 | } | | ~ | | | | | (2) ‘p’ leaks here; was allocated at (1) | __analyzer_dump shows that state merging leads to a merger of the x and y values to unknown at the join-point: rmodel: stack depth: 1 frame (index 0): frame: ‘test_1’@1 clusters within :: cluster for: x: UNKNOWN(void *) cluster for: y: UNKNOWN(void *) clusters within frame: ‘test_1’@1 cluster for: p_4: &HEAP_ALLOCATED_REGION(8) m_called_unknown_fn: FALSE constraint_manager: equiv classes: constraints: malloc: global: start 0x3d10590: &HEAP_ALLOCATED_REGION(8): unchecked (malloc) (‘p_4’)