[Bug analyzer/97090] gcc.dg/analyzer/malloc-vs-local-1b.c fails on arm and powerpc64*-linux-gnu

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97090 --- Comment #17 from David Malcolm --- Thanks for the confirmations.

[Bug analyzer/103526] -fanalyzer considers memcpy()ed and returned pointer to malloc()ed memory a memory leak

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103526 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed|

[Bug analyzer/103533] New: Enable "taint" state machine with -fanalyzer without requiring -fanalyzer-checker=taint

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103533 Bug ID: 103533 Summary: Enable "taint" state machine with -fanalyzer without requiring -fanalyzer-checker=taint Product: gcc Version: 12.0 Status: UNCONFIRMED

[Bug analyzer/103526] -fanalyzer considers memcpy()ed and returned pointer to malloc()ed memory a memory leak

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103526 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug jit/103562] Jitted code produces incorrect result when returning 3-member struct from internal function

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103562 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #5 from David Malc

[Bug jit/103562] Jitted code produces incorrect result when returning 3-member struct from internal function

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103562 --- Comment #7 from David Malcolm --- Should be fixed by the above commit on trunk for gcc 12. Probably should backport this; keeping this open until that's done.

[Bug analyzer/101962] Analyzer NULL false positive with pointer manipulation

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101962 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/103685] false positive error: dereference of NULL ‘params’ [CWE-476]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103685 --- Comment #1 from David Malcolm --- Thanks for filing this bug. Please can you provide a preprocessed reproducer (using -E), and state the compilation flags and GCC version that you see this with.

[Bug analyzer/99260] analyzer does not track outcomes of realloc

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99260 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/102233] LTO with -fanalyzer on a smallish binary causes very very long compile times

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102233 --- Comment #3 from David Malcolm --- Thanks for filing this. As we discussed on IRC, I recommend avoiding the combination of -fanalyzer and LTO for now. It works for simple examples, but has scaling issues on anything bigger, which I hope to

[Bug analyzer/102233] LTO with -fanalyzer on a smallish binary causes very very long compile times

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102233 --- Comment #4 from David Malcolm --- (In reply to Richard W.M. Jones from comment #2) > I think since this seems to be LTO-related, you probably do need > to use LTO CFLAGS in the initial ./configure step. My actual CFLAGS > were: > > export

[Bug analyzer/102225] [12 Regression] ICE in get_or_create_int_cst, at analyzer/region-model-manager.cc:227 since r12-3237-geafa9d969237fd8f

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102225 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|NEW

[Bug bootstrap/102242] [12 regression] analyzer/engine.cc built with clang: /usr/include/c++/v1/typeinfo:346:5: error: no member named 'fancy_abort'

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102242 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org --- Comment

[Bug c++/77565] `typdef int Int;` --> did you mean `typeof`?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77565 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org --- Comment

[Bug analyzer/102328] Obsolete version of GCC analyzer on Compiler Explorer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102328 David Malcolm changed: What|Removed |Added Status|WAITING |ASSIGNED Summary|ICE when co

[Bug analyzer/102328] Obsolete version of GCC analyzer on Compiler Explorer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102328 --- Comment #3 from David Malcolm --- I've filed: https://github.com/compiler-explorer/compiler-explorer/issues/2937

[Bug jit/64196] No automated test coverage for debugging of JIT-generated code

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64196 --- Comment #5 from David Malcolm --- This is partially implemented by commit g:332a9f7636ca2a49be3a6ee9c610c5dba9e7e2da.

[Bug analyzer/102328] Obsolete version of GCC analyzer on Compiler Explorer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102328 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug bootstrap/102242] [12 regression] analyzer/engine.cc built with clang: /usr/include/c++/v1/typeinfo:346:5: error: no member named 'fancy_abort'

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102242 --- Comment #7 from David Malcolm --- Thanks for taking care of this.

[Bug analyzer/102471] New: RFE: add support to analyzer testsuite for running SAMATE/SARD tests (e.g. Juliet Test Suite)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102471 Bug ID: 102471 Summary: RFE: add support to analyzer testsuite for running SAMATE/SARD tests (e.g. Juliet Test Suite) Product: gcc Version: 12.0 Status: UNCONFIRMED

[Bug jit/103016] libgccjit on OpenBSD-7.0 fails with bootstrap-emacs:/usr/local/lib/libgccjit.so.0.0.1: undefined symbol '_Z15fname_as_stringi'

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103016 --- Comment #4 from David Malcolm --- I'm not sure how best to debug this. $ echo _Z15fname_as_stringi | c++filt fname_as_string(int) and indeed, that seems to be just for the C/C++ frontends, not for libgccjit. Some ideas: Given: bootstrap

[Bug jit/103016] libgccjit on OpenBSD-7.0 fails with bootstrap-emacs:/usr/local/lib/libgccjit.so.0.0.1: undefined symbol '_Z15fname_as_stringi'

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103016 --- Comment #5 from David Malcolm --- (In reply to David Malcolm from comment #4) > Hopefully that will give a hint as to where that symbol is coming from. ...or, rather, where the *usage* of that symbol is coming from.

[Bug preprocessor/103027] New: Implement warning for homoglyphs in identifiers [CVE-2021-42694]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103027 Bug ID: 103027 Summary: Implement warning for homoglyphs in identifiers [CVE-2021-42694] Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug preprocessor/103027] Implement warning for homoglyphs in identifiers [CVE-2021-42694]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103027 --- Comment #1 from David Malcolm --- I have a work-in-progress patch for this, though it has some issues that need discussion; I hope to post it soon.

[Bug preprocessor/103027] Implement warning for homoglyphs in identifiers [CVE-2021-42694]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103027 --- Comment #2 from David Malcolm --- Initial version of patch posted for discussion to: https://gcc.gnu.org/pipermail/gcc-patches/2021-November/583039.html

[Bug analyzer/107345] - -Wanayzer-null-dereference false positive with giving weird path infomation

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107345 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/107366] ICE with -fanalyzer with -fdiagnostics-format=sarif-file or sarif-stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107366 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #4 from David Malc

[Bug analyzer/107349] [13 Regression] ICE in get_va_copy_arg, at analyzer/varargs.cc:175

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107349 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/106003] RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 Bug 106003 depends on bug 106300, which changed state. Bug 106300 Summary: RFE: analyzer support for more ways of obtaining an open file descriptor https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106300 What|Removed

[Bug analyzer/106300] RFE: analyzer support for more ways of obtaining an open file descriptor

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106300 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/107345] - -Wanayzer-null-dereference false positive with giving weird path infomation

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107345 --- Comment #3 from David Malcolm --- Fixed on trunk for GCC 13 by the above patch. Keeping open for backporting to GCC 12.

[Bug analyzer/107366] ICE with -fanalyzer with -fdiagnostics-format=sarif-file or sarif-stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107366 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/107349] [13 Regression] ICE in get_va_copy_arg, at analyzer/varargs.cc:175

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107349 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/106703] during IPA pass: analyzer ICE: error reporting routines re-entered. with -fanalyzer -fsanitize-address-use-after-scope -fsanitize=kernel-address -fdiagnostics-format=sarif-stderr

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106703 --- Comment #2 from David Malcolm --- Looks like a dup of 107366; possibly fixed by r13-3469-g2e8a0553918adc919f98ac5c0224fc6ce1fef68d.

[Bug analyzer/107472] New: Support for the Linux kernel's memory-management APIs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107472 Bug ID: 107472 Summary: Support for the Linux kernel's memory-management APIs Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Compo

[Bug analyzer/106140] RFE: analyzer could complain about misuses of socket APIs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106140 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Depends on|

[Bug analyzer/107472] Support for the Linux kernel's memory-management APIs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107472 --- Comment #1 from David Malcolm --- (In reply to David Malcolm from comment #0) > In particular, note the GPF flags GFP, even

[Bug analyzer/106302] RFE: provide a way for -fanalyzer to use target flags

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106302 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/107486] [13 Regression] ICE when pipe's argument is not a pointer type

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107486 David Malcolm changed: What|Removed |Added Summary|[13 Regression] ICE in |[13 Regression] ICE when

[Bug analyzer/106003] RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 Bug 106003 depends on bug 107486, which changed state. Bug 107486 Summary: [13 Regression] ICE when pipe's argument is not a pointer type https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107486 What|Removed |Added

[Bug analyzer/107486] [13 Regression] ICE when pipe's argument is not a pointer type

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107486 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/94355] support for C++ new expression

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94355 --- Comment #13 from David Malcolm --- (In reply to Jonathan Wakely from comment #10) [...snip...] > As already noted above, new can't return null here, and there is no > dereference anyway. And the pointer isn't leaked, but it seems maybe the

[Bug analyzer/106140] RFE: analyzer could complain about misuses of socket APIs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106140 David Malcolm changed: What|Removed |Added Status|ASSIGNED|WAITING --- Comment #3 from David Malco

[Bug target/107565] [12/13 Regression] -Wanalyzer-use-of-uninitialized-value false positive with rdrand

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107565 --- Comment #2 from David Malcolm --- (In reply to Andrew Pinski from comment #1) > Confirmed. > else if (!fndecl_has_gimple_body_p (callee_fndecl) >&& (!(callee_fndecl_flags & (ECF_CONST | ECF_PURE))) >&& !

[Bug analyzer/107566] array out of bounds not detected

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107566 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed|

[Bug analyzer/107573] New: RFE: analyzer handling of strtok

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107573 Bug ID: 107573 Summary: RFE: analyzer handling of strtok Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer

[Bug analyzer/99671] RFE: analyzer could complain about ptr derefs that occur before the ptr is checked

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99671 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug middle-end/77432] warn about null check after pointer dereference

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77432 David Malcolm changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org --- Comment

[Bug analyzer/99671] RFE: analyzer could complain about ptr derefs that occur before the ptr is checked

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99671 --- Comment #2 from David Malcolm --- Created attachment 53863 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53863&action=edit Implementation of this (not yet ported to Sphinx) This patch implements the new warning; still uses texinfo rat

[Bug analyzer/99671] RFE: analyzer could complain about ptr derefs that occur before the ptr is checked

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99671 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug middle-end/77432] warn about null check after pointer dereference

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77432 --- Comment #7 from David Malcolm --- (In reply to David Malcolm from comment #5) > I hadn't seen this, and I filed PR analyzer/99671 last year to track adding > a -fanalyzer warning for this. I now have a mostly-working implementation > of the

[Bug analyzer/106147] RFE: -fanalyzer could complain about some cases of infinite loops and infinite recursion

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106147 David Malcolm changed: What|Removed |Added See Also||https://gcc.gnu.org/bugzill

[Bug analyzer/107625] New: RFE: analyzer support for dlopen etc

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107625 Bug ID: 107625 Summary: RFE: analyzer support for dlopen etc Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer

[Bug other/107634] New: Very long filenames and URLs for sphinx-based docs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107634 Bug ID: 107634 Summary: Very long filenames and URLs for sphinx-based docs Product: gcc Version: 13.0 Status: UNCONFIRMED Keywords: documentation Severity: normal

[Bug analyzer/107646] New: RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 Bug ID: 107646 Summary: RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin? Product: gcc Version: 13.0 Status: UNCONFIRMED Severity:

[Bug analyzer/107646] RFE: can we reimplement gcc-python-plugin's cpychecker as a -fanalyzer plugin?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646 --- Comment #1 from David Malcolm --- In particular, reference-count checking would probably be the most interesting aspect of the project.

[Bug analyzer/107648] New: RFE: add an attribute for indicating security-sensitive data

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107648 Bug ID: 107648 Summary: RFE: add an attribute for indicating security-sensitive data Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106147] RFE: -fanalyzer could complain about some cases of infinite loops and infinite recursion

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106147 --- Comment #6 from David Malcolm --- The above patch implements -Wanalyzer-infinite-recursion for GCC 13. I also have the beginnings of an implementation of -Wanalyzer-infinite-loop, but it won't be ready for the close of GCC 13 stage 1. Keep

[Bug other/107655] New: [meta-bug] tracker bug for issues encountered in the texinfo-to-sphinx migration

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107655 Bug ID: 107655 Summary: [meta-bug] tracker bug for issues encountered in the texinfo-to-sphinx migration Product: gcc Version: 13.0 Status: UNCONFIRMED Keyword

[Bug analyzer/106235] RFE: -fanalyzer could complain about tainted data triggering assertion failure

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106235 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed|

[Bug analyzer/106235] RFE: -fanalyzer could complain about tainted data triggering assertion failure

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106235 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106302] RFE: provide a way for -fanalyzer to use target flags

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106302 David Malcolm changed: What|Removed |Added Status|WAITING |RESOLVED Resolution|---

[Bug analyzer/106140] RFE: analyzer could complain about misuses of socket APIs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106140 Bug 106140 depends on bug 106302, which changed state. Bug 106302 Summary: RFE: provide a way for -fanalyzer to use target flags https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106302 What|Removed |Added -

[Bug analyzer/106301] RFE: analyzer support of mmap

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106301 Bug 106301 depends on bug 106302, which changed state. Bug 106302 Summary: RFE: provide a way for -fanalyzer to use target flags https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106302 What|Removed |Added -

[Bug analyzer/106003] RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 Bug 106003 depends on bug 106302, which changed state. Bug 106302 Summary: RFE: provide a way for -fanalyzer to use target flags https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106302 What|Removed |Added -

[Bug analyzer/107472] Support for the Linux kernel's memory-management APIs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107472 Bug 107472 depends on bug 106302, which changed state. Bug 106302 Summary: RFE: provide a way for -fanalyzer to use target flags https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106302 What|Removed |Added -

[Bug analyzer/106140] RFE: analyzer could complain about misuses of socket APIs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106140 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|WAITING

[Bug analyzer/106003] RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 Bug 106003 depends on bug 106140, which changed state. Bug 106140 Summary: RFE: analyzer could complain about misuses of socket APIs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106140 What|Removed |Added -

[Bug analyzer/107711] internal compiler error: Segmentation fault

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107711 --- Comment #1 from David Malcolm --- Thanks for filing this bug report. Unfortunately I can't reproduce the ICE with the attachment. I have a suspicion that this relates to commits r13-4073-gd8aba860b34203 and/or r13-4074-g86a90006864840 and

[Bug analyzer/107711] internal compiler error: Segmentation fault

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107711 --- Comment #3 from David Malcolm --- Created attachment 53911 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53911&action=edit Work-in-progress patch to add logging to ana::on_finish_translation_unit

[Bug analyzer/107711] internal compiler error: Segmentation fault

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107711 --- Comment #4 from David Malcolm --- (In reply to urs from comment #2) > On Wed, Nov 16, 2022 at 02:41:40PM +, dmalcolm at gcc dot gnu.org wrote: > > Unfortunately I can't reproduce the ICE with the attachment. > > Yes, attachment was crea

[Bug analyzer/107725] Spurious warning: use of uninitialized value with std::any

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107725 David Malcolm changed: What|Removed |Added Blocks||97110 --- Comment #2 from David Malcolm

[Bug analyzer/107725] Spurious warning: use of uninitialized value with std::any

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107725 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed|

[Bug analyzer/107711] ICE with -fanalyzer with -Wunused-macros since r13-4073-gd8aba860b34203

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107711 David Malcolm changed: What|Removed |Added Summary|internal compiler error:|ICE with -fanalyzer with

[Bug analyzer/107725] Spurious warning: use of uninitialized value with std::any

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107725 --- Comment #4 from David Malcolm --- Aha thanks: presumably "Ep 350 - The Right Way to Write C++ Code in 2022"? I'm watching it now.

[Bug analyzer/107711] [13 Regression] ICE with "-fanalyzer -Wunused-macros" since r13-4073-gd8aba860b34203

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107711 --- Comment #9 from David Malcolm --- It's a use-after-free of the ident_hash hash_table. Testing a fix...

[Bug analyzer/107711] [13 Regression] ICE with "-fanalyzer -Wunused-macros" since r13-4073-gd8aba860b34203

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107711 David Malcolm changed: What|Removed |Added Keywords||patch Status|ASSIGNED

[Bug analyzer/107711] [13 Regression] ICE with "-fanalyzer -Wunused-macros" since r13-4073-gd8aba860b34203

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107711 David Malcolm changed: What|Removed |Added Status|WAITING |RESOLVED Resolution|---

[Bug analyzer/107733] GCC - -Wanayzer-null-dereference false positive with wrong path note "(3) 'e' is NULL" and inconsistent behaviors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107733 --- Comment #1 from David Malcolm --- Thanks for filing this bug. It's analyzing "a" twice: as called by main, and as a standalone function. The warning comes from the analysis of "a" as a standalone function; if I delete "main" from the repro

[Bug analyzer/107733] GCC - -Wanayzer-null-dereference false positive with wrong path note "(3) 'e' is NULL" and inconsistent behaviors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107733 --- Comment #2 from David Malcolm --- ...and also, as you note: * deleting the unrelated code ` int *d = 0;` should not affect the result (but does) > the path note `(3) 'e' is NULL` is wrong, this may suggest some problems. Note (3) seems

[Bug analyzer/107750] Many gcc.dg/analyzer/fd-*.c tests FAIL

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107750 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/107582] - -Wanalyzer-use-of-uninitialized-value false positive with while loop in pthread_cleanup_push

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107582 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/107582] - -Wanalyzer-use-of-uninitialized-value false positive with while loop in pthread_cleanup_push

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107582 --- Comment #5 from David Malcolm --- It's a bug in feasibility-checking when jumping through a function pointer: dynamic_call_info_t::update_model blindly copies over the state from the exploded_node's state, overwriting the precise knowledge o

[Bug analyzer/107582] - -Wanalyzer-use-of-uninitialized-value false positive with while loop in pthread_cleanup_push

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107582 --- Comment #7 from David Malcolm --- Fixed on trunk for GCC 13 by the above commit. I hope to backport this to GCC 12; keeping this open to track that.

[Bug analyzer/107582] - -Wanalyzer-use-of-uninitialized-value false positive with while loop in pthread_cleanup_push

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107582 --- Comment #8 from David Malcolm --- (In reply to David Malcolm from comment #7) > I hope to backport this to GCC 12; keeping this open to track that. I believe the buggy implementation of dynamic_call_info_t::update_model was introduced in r1

[Bug analyzer/107582] - -Wanalyzer-use-of-uninitialized-value false positive with while loop in pthread_cleanup_push

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107582 --- Comment #9 from David Malcolm --- s/earlier/earliest/

[Bug analyzer/107777] [13 Regression] ICE in get_representative_path_var_1, at analyzer/region-model.cc:4750 since r13-3770-g3d2d04cda493fb55

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/107783] [13 Regression] ICE in deref_rvalue, at analyzer/region-model.cc:3238 since r13-4074-g86a90006864840c2

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107783 David Malcolm changed: What|Removed |Added Status|ASSIGNED|WAITING --- Comment #4 from David Malco

[Bug analyzer/107788] [13 Regression] ICE in wide_int_to_tree_1, at tree.cc:1757 since r13-4074-g86a90006864840c2

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107788 David Malcolm changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #4 from David Malc

[Bug analyzer/107807] gcc.dg/analyzer/errno-1.c FAILs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107807 --- Comment #1 from David Malcolm --- Thanks for filing this bug; sorry about the test failures. I've tested errno-1.c with glibc's errno.h, and with a simple "extern int errno;". What does look like on your machine? In particular, how is "e

[Bug analyzer/107807] gcc.dg/analyzer/errno-1.c FAILs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107807 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/106473] [12/13 Regression] -Wanalyzer-malloc-leak false positive regression when returning heap-allocation through nested pointers

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106473 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Summary|-Wanalyzer-malloc-

[Bug analyzer/107807] gcc.dg/analyzer/errno-1.c FAILs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107807 David Malcolm changed: What|Removed |Added Status|ASSIGNED|WAITING --- Comment #5 from David Malco

[Bug analyzer/107783] [13 Regression] ICE in deref_rvalue, at analyzer/region-model.cc:3238 since r13-4074-g86a90006864840c2

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107783 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|WAITING

[Bug analyzer/107788] [13 Regression] ICE in wide_int_to_tree_1, at tree.cc:1757 since r13-4074-g86a90006864840c2

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107788 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/100705] RFE: warn about dead store

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100705 --- Comment #3 from David Malcolm --- See also: PR 80066

[Bug analyzer/107851] New: Issues with -Wanalyzer-allocation-size messages

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107851 Bug ID: 107851 Summary: Issues with -Wanalyzer-allocation-size messages Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component:

[Bug analyzer/106473] [12/13 Regression] -Wanalyzer-malloc-leak false positive regression when returning heap-allocation through nested pointers

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106473 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/107807] gcc.dg/analyzer/errno-1.c FAILs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107807 David Malcolm changed: What|Removed |Added Status|WAITING |RESOLVED Resolution|---

[Bug analyzer/105784] -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105784 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

<    3   4   5   6   7   8   9   10   11   12   >