[Bug analyzer/93993] ICE in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93993 --- Comment #7 from Paul Thomas --- (In reply to Martin Liška from comment #6) > (In reply to Paul Thomas from comment #5) > > (In reply to CVS Commits from comment #4) > > > The master branch has been updated by David Malcolm > > > : > > > > > > https://gcc.gnu.org/g:4ac3eb5c5f157bea22b5ae34b0df254d729dac25 > > > > > > commit r10-7028-g4ac3eb5c5f157bea22b5ae34b0df254d729dac25 > > > Author: David Malcolm > > > Date: Wed Mar 4 12:10:34 2020 -0500 > > > > > > analyzer: add regression test for fixed ICE [PR94028] > > > > > > The C++ reproducer for PR analyzer/94028 generates a similar ICE > > > to that of the Fortran reproducer for PR analyzer/93993 and, like > > > it, was fixed by r10-7023-g3d66e153b40ed000af30a9e569a05f34d5d576aa. > > > > > > This patch adds the C++ reproducer as a regression test. > > > > > > gcc/testsuite/ChangeLog: > > > PR analyzer/94028 > > > * g++.dg/analyzer/pr94028.C: New test. > > > > FAIL: gfortran.dg/analyzer/pr93993.f90 -O (test for excess errors) > > Excess errors: > > /home/pault/gitsources/gcc/gcc/testsuite/gfortran.dg/analyzer/pr93993.f90:21: > > 0: Warning: leak of 'tm' [CWE-401] [-Wanalyzer-malloc-leak] > > > > On current 10-branch. FC31/x86_64 > > > > Paul > > @David: The test-case is still failing. Are you planning to fix it or may I > mark it as xfail? Hi All, It is still failing on 10-branch. Cheers Paul
[Bug analyzer/93993] ICE in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93993 Martin Liška changed: What|Removed |Added CC||marxin at gcc dot gnu.org --- Comment #6 from Martin Liška --- (In reply to Paul Thomas from comment #5) > (In reply to CVS Commits from comment #4) > > The master branch has been updated by David Malcolm : > > > > https://gcc.gnu.org/g:4ac3eb5c5f157bea22b5ae34b0df254d729dac25 > > > > commit r10-7028-g4ac3eb5c5f157bea22b5ae34b0df254d729dac25 > > Author: David Malcolm > > Date: Wed Mar 4 12:10:34 2020 -0500 > > > > analyzer: add regression test for fixed ICE [PR94028] > > > > The C++ reproducer for PR analyzer/94028 generates a similar ICE > > to that of the Fortran reproducer for PR analyzer/93993 and, like > > it, was fixed by r10-7023-g3d66e153b40ed000af30a9e569a05f34d5d576aa. > > > > This patch adds the C++ reproducer as a regression test. > > > > gcc/testsuite/ChangeLog: > > PR analyzer/94028 > > * g++.dg/analyzer/pr94028.C: New test. > > FAIL: gfortran.dg/analyzer/pr93993.f90 -O (test for excess errors) > Excess errors: > /home/pault/gitsources/gcc/gcc/testsuite/gfortran.dg/analyzer/pr93993.f90:21: > 0: Warning: leak of 'tm' [CWE-401] [-Wanalyzer-malloc-leak] > > On current 10-branch. FC31/x86_64 > > Paul @David: The test-case is still failing. Are you planning to fix it or may I mark it as xfail?
[Bug analyzer/93993] ICE in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93993 Paul Thomas changed: What|Removed |Added CC||pault at gcc dot gnu.org --- Comment #5 from Paul Thomas --- (In reply to CVS Commits from comment #4) > The master branch has been updated by David Malcolm : > > https://gcc.gnu.org/g:4ac3eb5c5f157bea22b5ae34b0df254d729dac25 > > commit r10-7028-g4ac3eb5c5f157bea22b5ae34b0df254d729dac25 > Author: David Malcolm > Date: Wed Mar 4 12:10:34 2020 -0500 > > analyzer: add regression test for fixed ICE [PR94028] > > The C++ reproducer for PR analyzer/94028 generates a similar ICE > to that of the Fortran reproducer for PR analyzer/93993 and, like > it, was fixed by r10-7023-g3d66e153b40ed000af30a9e569a05f34d5d576aa. > > This patch adds the C++ reproducer as a regression test. > > gcc/testsuite/ChangeLog: > PR analyzer/94028 > * g++.dg/analyzer/pr94028.C: New test. FAIL: gfortran.dg/analyzer/pr93993.f90 -O (test for excess errors) Excess errors: /home/pault/gitsources/gcc/gcc/testsuite/gfortran.dg/analyzer/pr93993.f90:21:0: Warning: leak of 'tm' [CWE-401] [-Wanalyzer-malloc-leak] On current 10-branch. FC31/x86_64 Paul
[Bug analyzer/93993] ICE in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93993 --- Comment #4 from CVS Commits --- The master branch has been updated by David Malcolm : https://gcc.gnu.org/g:4ac3eb5c5f157bea22b5ae34b0df254d729dac25 commit r10-7028-g4ac3eb5c5f157bea22b5ae34b0df254d729dac25 Author: David Malcolm Date: Wed Mar 4 12:10:34 2020 -0500 analyzer: add regression test for fixed ICE [PR94028] The C++ reproducer for PR analyzer/94028 generates a similar ICE to that of the Fortran reproducer for PR analyzer/93993 and, like it, was fixed by r10-7023-g3d66e153b40ed000af30a9e569a05f34d5d576aa. This patch adds the C++ reproducer as a regression test. gcc/testsuite/ChangeLog: PR analyzer/94028 * g++.dg/analyzer/pr94028.C: New test.
[Bug analyzer/93993] ICE in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93993 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #3 from David Malcolm --- The ICE should be fixed by r10-7024-ge516294a1acb28d44cfd583cc6a80354044e.
[Bug analyzer/93993] ICE in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93993
--- Comment #2 from CVS Commits ---
The master branch has been updated by David Malcolm :
https://gcc.gnu.org/g:e516294a1acb28d44cfd583cc6a80354044e
commit r10-7024-ge516294a1acb28d44cfd583cc6a80354044e
Author: David Malcolm
Date: Tue Mar 3 16:36:13 2020 -0500
analyzer: handle __builtin_expect [PR93993]
The false warning:
pr93993.f90:19:0:
19 | allocate (tm) ! { dg-warning "dereference of possibly-NULL" }
|
Warning: dereference of possibly-NULL ‘_6’ [CWE-690]
[-Wanalyzer-possible-null-dereference]
in the reproducer for PR analyzer/93993 is due to a BUILTIN_EXPECT in
the chain of SSA expressions between the malloc and the condition
guarding the edge: the analyzer didn't "know" about the relationship
between initial argument to BUILTIN_EXPECT and the return value.
This patch implements support for BUILTIN_EXPECT so that the return
value is known to be equal to the initial argument. This adds
constraints when exploring the CFG edges, eliminating the above
false positive.
Doing so also eliminated the leak warning from the reproducer. The
issue was that leaked_pvs was empty within
impl_region_model_context::on_state_leak, due to the leaking region
being a view, of type struct Pdtet_8 *, of a region of type
struct pdtet_8 *, which led region_model::get_representative_path_var to
return a NULL_TREE value.
Hence the patch also implements view support for
region_model::get_representative_path_var, restoring the leak
diagnostic, albeit changing the wording to:
Warning: leak of ‘(struct Pdtet_8) qb’ [CWE-401] [-Wanalyzer-malloc-leak]
It's not clear to me if we should emit leaks at a fortran "end program"
(currently we suppress them for leaks at the end of main).
gcc/analyzer/ChangeLog:
PR analyzer/93993
* region-model.cc (region_model::on_call_pre): Handle
BUILT_IN_EXPECT and its variants.
(region_model::add_any_constraints_from_ssa_def_stmt): Split out
gassign handling into add_any_constraints_from_gassign; add gcall
handling.
(region_model::add_any_constraints_from_gassign): New function,
based on the above. Add handling for NOP_EXPR.
(region_model::add_any_constraints_from_gcall): New function.
(region_model::get_representative_path_var): Handle views.
* region-model.h
(region_model::add_any_constraints_from_ssa_def_stmt): New decl.
(region_model::add_any_constraints_from_gassign): New decl.
gcc/testsuite/ChangeLog:
PR analyzer/93993
* gcc.dg/analyzer/expect-1.c: New test.
* gcc.dg/analyzer/malloc-4.c: New test.
* gfortran.dg/analyzer/pr93993.f90: Remove xfail from dg-bogus.
Move location of leak warning and update message.
[Bug analyzer/93993] ICE in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93993
--- Comment #1 from CVS Commits ---
The master branch has been updated by David Malcolm :
https://gcc.gnu.org/g:3d66e153b40ed000af30a9e569a05f34d5d576aa
commit r10-7023-g3d66e153b40ed000af30a9e569a05f34d5d576aa
Author: David Malcolm
Date: Tue Mar 3 10:53:04 2020 -0500
analyzer: fix ICE on non-lvalue in prune_for_sm_diagnostic [PR93993]
PR analyzer/93993 reports another ICE within
diagnostic_manager::prune_for_sm_diagnostic in which the expression
of interest becomes a non-lvalue (similar to PR 93544, PR 93647, and
PR 93950), due to attempting to get an lvalue for a non-lvalue with a
NULL context, leading to an ICE when the failure is reported to
make_region_for_unexpected_tree_code. The tree in question is
an ADDR_EXPR of a VAR_DECL, due to:
event 11: switching var of interest from ‘tm’ in callee to ‘’ in
caller
This patch adds more bulletproofing to the routine by introducing
a tentative_region_model_context class that can be passed in such
circumstances which records that an error occurred, and then
checking to see if an error was recorded, thus avoiding the ICE.
This is papering over the problem, but a better solution seems more
like stage 1 material.
The patch also refactors the error-checking for CONSTANT_CLASS_P.
The testcase pr93993.f90 has a false positive:
pr93993.f90:19:0:
19 | allocate (tm) ! { dg-warning "dereference of possibly-NULL" }
|
Warning: dereference of possibly-NULL ‘_6’ [CWE-690]
[-Wanalyzer-possible-null-dereference]
which appears to be a pre-existing bug affecting any allocate call in
Fortran, which I will fix in a followup.
gcc/analyzer/ChangeLog:
PR analyzer/93993
* checker-path.h (state_change_event::get_lvalue): Add ctxt param
and pass it to region_model::get_value call.
* diagnostic-manager.cc (get_any_origin): Pass a
tentative_region_model_context to the calls to get_lvalue and reject
the comparison if errors occur.
(can_be_expr_of_interest_p): New function.
(diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
Pass a tentative_region_model_context to the calls to
state_change_event::get_lvalue and reject the comparison if errors
occur.
(diagnostic_manager::update_for_unsuitable_sm_exprs): New.
* diagnostic-manager.h
(diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
* region-model.h (class tentative_region_model_context): New class.
gcc/testsuite/ChangeLog:
PR analyzer/93993
* gfortran.dg/analyzer/pr93993.f90: New test.
[Bug analyzer/93993] ICE in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93993 Martin Liška changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2020-03-02 CC||marxin at gcc dot gnu.org Ever confirmed|0 |1
