https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105252
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|ASSIGNED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104308
David Malcolm changed:
What|Removed |Added
Status|ASSIGNED|WAITING
URL|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105287
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285
--- Comment #3 from David Malcolm ---
Thanks for filing this bug; I can reproduce it with the initial attachment;
it's unclear to me yet what's going on.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105264
--- Comment #8 from David Malcolm ---
The above patch hopefully fixes the false positive you're seeing, but as noted,
there are some deeper issues that it doesn't fix; keeping this bug open.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105264
--- Comment #6 from David Malcolm ---
There are some fiddly issues where the analyzer fails to figure out that ptr +
i and [i] refer to the same memory, for certain symbolic values of i.
I'm testing a partial fix for GCC 12, which at least
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105273
--- Comment #4 from David Malcolm ---
Thanks for filing this bug.
IIRC in the initial GCC 10 release of the analyzer, it didn't directly explore
within static functions, and instead only explored them via callsites. I
tweaked the policy for
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105252
David Malcolm changed:
What|Removed |Added
Status|NEW |ASSIGNED
--- Comment #2 from David
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105264
--- Comment #1 from David Malcolm ---
Thanks for filing this bug. I suspect the analyzer is getting confused about
the loop index on successive iterations (and state relating to this).
Please can you:
(a) specify exactly which compilation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110529
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |NEW
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213
David Malcolm changed:
What|Removed |Added
Summary|-Wanalyzer-out-of-bounds|-Wanalyzer-out-of-bounds
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111312
David Malcolm changed:
What|Removed |Added
CC||rguenth at gcc dot gnu.org
--- Comment
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111312
--- Comment #3 from David Malcolm ---
Another example can be seen here:
https://gcc.gnu.org/pipermail/gcc-patches/2023-August/628759.html
in:
gcc/testsuite/c-c++-common/analyzer/overlapping-buffers.c
where -Wanalyzer-overlapping-buffers
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111396
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110529
David Malcolm changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111329
--- Comment #2 from David Malcolm ---
Possibly another duplicate of bug 110483.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |NEW
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111312
Bug ID: 111312
Summary: Should the analyzer run earlier?
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111095
--- Comment #2 from David Malcolm ---
(In reply to David Malcolm from comment #1)
[...]
> I'll open a bug about that.
Filed as bug 111312; made this one block that one.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |NEW
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110520
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Status|UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
--- Comment #6 from David Malcolm ---
Oops; the above got truncated; the string_cst prints as follows in gdb
(gdb) pt string_cst
unit-size
align:8 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
--- Comment #4 from David Malcolm ---
(In reply to David Malcolm from comment #3)
> Thanks; that reproducer works for me.
...or rather, demonstrates the ICE in a way that I can see in the debugger.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-10-11
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
--- Comment #5 from David Malcolm ---
It's complaining about the read from the string literal.
If I change the string in the reproducer from "hello world" to "foo", I see:
(gdb) pt string_cst
unit-size
align:8
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112317
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112425
Bug ID: 112425
Summary: Invalid SARIF output when column number is zero
Product: gcc
Version: unknown
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104940
--- Comment #5 from David Malcolm ---
See also:
https://kristerw.github.io/2022/11/01/verifying-optimizations/
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111567
--- Comment #1 from David Malcolm ---
This PR tracks adding support for the attribute to -fanalyzer (which I can take
a look at).
Adding the attribute itself is tracked by PR 108896.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104940
--- Comment #6 from David Malcolm ---
https://github.com/kristerw/pysmtgcc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111567
Bug ID: 111567
Summary: RFE: support counted_by in analyzer
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111700
--- Comment #3 from David Malcolm ---
Should be fixed on trunk by the above patch.
Keeping open to track backporting the fix to gcc 13.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111537
--- Comment #1 from David Malcolm ---
Am trying to reproduce locally, but when I run this in my BUILDDIR/gcc:
./gdc -B. -S -fanalyzer oob.d
I get:
d21: error: cannot find source code for runtime library file 'object.d'
Possibly a silly
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111700
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-10-06
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2023-08-17
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #4 from David Malcolm ---
Some ideas of projects we could analyze:
- minimal Cython-generated C file
- https://pypi.org/project/psycopg2/
- https://pypi.org/project/numpy
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #8 from David Malcolm ---
(In reply to David Malcolm from comment #4)
> Some ideas of projects we could analyze:
* https://pypi.org/project/mercurial/ ; see:
https://repo.mercurial-scm.org/hg-stable/file/tip/mercurial/cext
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #5 from David Malcolm ---
How precisely to track behavior of API entrypoints? We can’t implement
known_functions that precisely model every entrypoint.
Consider:
https://docs.python.org/3/c-api/dict.html#c.PyDict_SetItem
which
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #6 from David Malcolm ---
(In reply to David Malcolm from comment #5)
> How precisely to track behavior of API entrypoints? We can’t implement
> known_functions that precisely model every entrypoint.
>
> Consider:
>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #7 from David Malcolm ---
(In reply to David Malcolm from comment #6)
> (In reply to David Malcolm from comment #5)
> Some attribute ideas:
>
> extern int PyDict_SetItem(PyObject *p, PyObject *key, PyObject *val)
>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107646
--- Comment #9 from David Malcolm ---
(In reply to David Malcolm from comment #4)
> Some ideas of projects we could analyze:
https://github.com/fedora-python/python-ethtool
(Although deprecated, it's relatively small and has been ported to
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111099
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Status|UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111099
--- Comment #2 from David Malcolm ---
Infinite recursion within ana::constraint_manager::eval_condition; possible
duplicate of bug 109027
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109027
--- Comment #6 from David Malcolm ---
Bug 111099 is possibly a duplicate of this.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44
--- Comment #1 from David Malcolm ---
See e.g.:
https://wiki.sei.cmu.edu/confluence/display/c/PRE31-C.+Avoid+side+effects+in+arguments+to+unsafe+macros
https://stackoverflow.com/questions/10593492/catching-assert-with-side-effects
cppcheck:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44
Bug ID: 44
Summary: RFE: could -fanalyzer warn about assertions that have
side effects?
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44
--- Comment #2 from David Malcolm ---
See also bug 6906 and bug 57612
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55
Bug ID: 55
Summary: RFE: better diagrams for string operations
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105382
--- Comment #1 from David Malcolm ---
Looks like the analyzer is assuming that all of the different
_Coro_resume_index values are possible at each entry to f(f()::_Z1fv.Frame*),
but AIUI that value is expressing which basic block the coroutine
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105287
--- Comment #5 from David Malcolm ---
Thanks. FWIW I've filed PR 105382 to track the various other issues I'm seeing
with -fanalyzer with coroutines (though given that we don't properly support
C++ yet, that's relatively low priority for me).
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105382
Bug ID: 105382
Summary: Support for coroutines in -fanalyzer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105365
David Malcolm changed:
What|Removed |Added
Status|NEW |ASSIGNED
--- Comment #2 from David
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105366
David Malcolm changed:
What|Removed |Added
Status|NEW |ASSIGNED
--- Comment #2 from David
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105366
David Malcolm changed:
What|Removed |Added
Summary|[11/12 Regression] ICE: in |[11 Regression] ICE: in
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105365
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|ASSIGNED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104308
David Malcolm changed:
What|Removed |Added
Resolution|--- |FIXED
Status|WAITING
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105190
Bug ID: 105190
Summary: False positive from -Wanalyzer-malloc-leak with
symbolic writes to structs
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102308
David Malcolm changed:
What|Removed |Added
Ever confirmed|0 |1
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102471
--- Comment #5 from David Malcolm ---
Another source of possible benchmarks:
https://gitlab.com/sosy-lab/benchmarking/sv-benchmarks
>From SV-COMP: https://sv-comp.sosy-lab.org/
This embeds the Juliet testsuite, but also many other tests.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105190
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2022-05-17
Ever confirmed|0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105103
David Malcolm changed:
What|Removed |Added
Status|ASSIGNED|RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |NEW
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066
--- Comment #4 from David Malcolm ---
(In reply to David Malcolm from comment #2)
> Thanks for filing this bug.
>
> I can reproduce both crashes with trunk.
Correction: for src/ssl_crtlist.c I'm seeing the same crash as in comment #0
(in
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066
--- Comment #3 from David Malcolm ---
Minimal reproducer for crash in comment #0 (crash in dump_mem_ref seen with
_do_poll:
struct s {
unsigned int f;
};
int use(unsigned int);
static struct s *arr;
void test(int n) {
int i;
for (i = 0;
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105890
--- Comment #2 from David Malcolm ---
https://pubs.opengroup.org/onlinepubs/009604499/functions/mkstemp.html says:
"The string in template should look like a filename with six trailing 'X's"
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225
David Malcolm changed:
What|Removed |Added
Last reconfirmed||2022-07-07
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106204
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |NEW
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106204
David Malcolm changed:
What|Removed |Added
Status|NEW |ASSIGNED
--- Comment #2 from David
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106204
Bug ID: 106204
Summary: False positive from
-Wanalyzer-use-of-uninitialized-value with
-ftrivial-auto-var-init=zero
Product: gcc
Version: 12.0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225
Bug ID: 106225
Summary: False positives from -Wanalyzer-tainted-divisor
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106229
Bug ID: 106229
Summary: False positives from -Wanalyzer-tainted-array-index
with unsigned char index
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225
--- Comment #3 from David Malcolm ---
Fixed on trunk for gcc 13 by the above commit. Keeping this open to backport
to gcc 12.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106235
Bug ID: 106235
Summary: RFE: -fanalyzer could complain about tainted data
triggering assertion failure
Product: gcc
Version: 12.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106235
--- Comment #1 from David Malcolm ---
Juliet 1.3 has various testcases for this in
C/testcases/CWE617_Reachable_Assertion/
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106000
--- Comment #5 from David Malcolm ---
Consider also:
write (fd, "hello world", 200);
where the write call is definitely going to access beyond the string literal.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106000
David Malcolm changed:
What|Removed |Added
Summary|RFE: -fanalyzer should |RFE: -fanalyzer should
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96032
--- Comment #4 from David Malcolm ---
I posted a prototype implementation of this here:
"[PATCH 00/12] RFC: Replay of serialized diagnostics"
https://gcc.gnu.org/pipermail/gcc-patches/2022-June/597051.html
(doesn't fully work; see the
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91733
David Malcolm changed:
What|Removed |Added
CC||dmalcolm at gcc dot gnu.org
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106147
Bug ID: 106147
Summary: RFE: -fanalyzer could complain about some cases of
infinite loops and infinite recursion
Product: gcc
Version: 12.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106147
--- Comment #1 from David Malcolm ---
Possible implementation idea: look at state merging when building the exploded
graph: if we're merging an identical state in a loop, with no variants, then
complain.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106140
Bug ID: 106140
Summary: RFE: analyzer could complain about misuses of socket
APIs
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106148
Bug ID: 106148
Summary: RFE: warn about =- typos
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
Priority: P3
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106006
David Malcolm changed:
What|Removed |Added
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106204
--- Comment #4 from David Malcolm ---
Should be fixed on trunk (for gcc 13) by the above commit.
Keeping open to backport to gcc 12.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106218
Bug ID: 106218
Summary: Analyzer false positives with Linux kernel's err.h
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106000
--- Comment #4 from David Malcolm ---
For example, the "classic test" referred to in section 1.2 of
https://open-std.org/JTC1/SC22/WG14/www/docs/n3005.pdf
has:
#include
#include
int y=2, x=1;
int main() {
int *p = + 1;
int *q =
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887
Bug ID: 105887
Summary: RFE: clang analyzer warnings that GCC's -fanalyzer
could implement
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Keywords: meta-bug
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105891
Bug ID: 105891
Summary: RFE: -fanalyzer could complain about pointer
arithmetic on non-arrays
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105892
Bug ID: 105892
Summary: RFE: -fanalyzer could complain about pointer
subtraction of pointers to different memory chunks
Product: gcc
Version: 12.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105894
Bug ID: 105894
Summary: RFE: -fanalyzer could complain about misuse of
functions that return pointers to a static buffer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99669
David Malcolm changed:
What|Removed |Added
Blocks||105887
--- Comment #2 from David
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105897
Bug ID: 105897
Summary: RFE: -fanalyzer could complain about misuses of
pthread API
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105895
Bug ID: 105895
Summary: RFE: -fanalyzer could check constraints on calls to C
standard library
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105896
Bug ID: 105896
Summary: RFE: -fanalyzer could complain about improper uses of
"chroot"
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105888
Bug ID: 105888
Summary: RFE: -fanalyzer should complain when an on-stack
address escapes/outlives the function
Product: gcc
Version: 12.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105898
Bug ID: 105898
Summary: RFE: -fanalyzer should complain about overlapping args
to memcpy and mempcpy
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
Bug ID: 105899
Summary: RFE: -fanalyzer could complain about misuses of
standard C string APIs
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105890
Bug ID: 105890
Summary: RFE: -fanalyzer should complain about mkstemp with not
enough "X"s in format string
Product: gcc
Version: 12.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105889
Bug ID: 105889
Summary: RFE: -fanalyzer should complain about uses of
inherently unsafe functions
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893
Bug ID: 105893
Summary: RFE: -fanalyzer could check putenv calls
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component:
501 - 600 of 1359 matches
Mail list logo
