[Bug analyzer/105783] -Wanalyzer-null-dereference false positive with union and functions

2022-10-07 Thread dmalcolm at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105783

David Malcolm  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #3 from David Malcolm  ---
Should be fixed on trunk for GCC 13 by the above patch.

[Bug analyzer/105783] -Wanalyzer-null-dereference false positive with union and functions

2022-10-07 Thread cvs-commit at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105783

--- Comment #2 from CVS Commits  ---
The master branch has been updated by David Malcolm :

https://gcc.gnu.org/g:f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd

commit r13-3168-gf09b99550a3c6cd16f5e9150ebd4b1d87033dcbd
Author: David Malcolm 
Date:   Fri Oct 7 12:41:59 2022 -0400

analyzer: extract bits from integer constants [PR105783]

Fix a false positive from -Wanalyzer-null-dereference due to -fanalyzer
failing to grok the value of a particular boolean field initialized to a
constant.

gcc/analyzer/ChangeLog:
PR analyzer/105783
* region-model.cc (selftest::get_bit): New function.
(selftest::test_bits_within_svalue_folding): New.
(selfftest::analyzer_region_model_cc_tests): Call it.
* svalue.cc (constant_svalue::maybe_fold_bits_within): Handle the
case of extracting a single bit.

gcc/testsuite/ChangeLog:
PR analyzer/105783
* gcc.dg/analyzer/pr105783.c: New test.

Signed-off-by: David Malcolm

[Bug analyzer/105783] -Wanalyzer-null-dereference false positive with union and functions

2022-10-06 Thread dmalcolm at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105783

David Malcolm  changed:

   What|Removed |Added

 Status|UNCONFIRMED |ASSIGNED
 Ever confirmed|0   |1
   Last reconfirmed||2022-10-06

--- Comment #1 from David Malcolm  ---
Thanks for filing this bug.

Confirmed with trunk.

Adding:
__analyzer_describe (0, t->counting);
immediately before the conditional shows we have:
:16:5: warning: svalue: 'CAST(int, BITS_WITHIN('_Bool', start: 0, size:
1, next: 1, inner_val: (unsigned char)1))'
   16 | __analyzer_describe (0, t->counting);
  | ^~~~

so presumably the analyzer isn't smart enough to determine that that's nonzero.

Note to self: MCVE is Stack Overflow's acronym for a "minimal, complete and
verifiable example"
(https://stackoverflow.com/help/minimal-reproducible-example)