This patch fixes an ICE seen in various ada source files within the
analyzer when attempting to bootstrap with
--with-build-config=bootstrap-analyzer
where:
$ cat config/bootstrap-analyzer.mk
STAGE2_CFLAGS += -fanalyzer
STAGE3_CFLAGS += -fanalyzer
With this patch, the bootstrap succeeded
PR analyzer/97394 reports issues with analyzer setjmp results
when testing against MUSL. This patch fixes up gcc.dg/analyzer
so that it doesn't use .
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3894-g974e3975c5bd14ee8817f892532d1e55492227df.
The analyzer's initial worklist was only populated with non-static
functions in the TU (along with those that look promising for call
summaries). Hence some static functions that were never explicitly
called but could be called via function pointers were not being
analyzed.
This patch remedies
This patch adds two new warnings:
-Wanalyzer-write-to-const
-Wanalyzer-write-to-string-literal
for code paths where the analyzer detects a write to a constant region.
As noted in the documentation part of the patch, the analyzer doesn't
prioritize detection of such writes, in that the
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3701-g2f7c50b7091c09d665aaf27173aacf34c9904e4c.
gcc/analyzer/ChangeLog:
PR analyzer/97116
* sm-malloc.cc (method_p): New.
(describe_argument_index): New.
The path-printing default of -fdiagnostics-path-format=inline-events
interacted poorly with -fdiagnostics-plain-output, so it makes most
sense to add -fdiagnostics-path-format=separate-events to
-fdiagnostics-plain-output.
Seen when adding an experimental analyzer plugin to gcc.dg/plugin.exp.
This summarizes GCC 11's change in build requirements from C++98 to
C++11, for the release notes. I've put it in the Caveats immediately
below the "The default mode for C++ is..." change hence the wording.
I've based it on the change to gcc/doc/install.texi in the
GCC source tree, which was
I've taken the liberty of pushing this website patch, having checked
that it validates.
It covers the changes by Lewis in 004bb936d6d5f177af26ad4905595e843d5665a5
(PR 49973 and PR 86904).
---
htdocs/gcc-11/changes.html | 39 ++
1 file changed, 39
This work-in-progress patch generalizes the malloc/free problem-checking
in -fanalyzer so that it can work on arbitrary acquire/release API pairs.
It adds a new __attribute__((deallocated_by(FOO))) that could be used
like this in a library header:
struct foo;
extern void foo_release (struct
On Mon, 2020-10-05 at 11:51 +0200, Aldy Hernandez via Gcc-patches
wrote:
> The walloca pass is a mess. It has all sorts of heuristics to
> divine
> problematic ranges fed into alloca, none of them very good, and all
> of
> them unreadable. The mess therein was actually one of the original
>
On Fri, 2020-10-02 at 16:17 -0400, David Malcolm wrote:
> On Tue, 2020-09-01 at 21:01 -0400, Antoni Boucher via Jit wrote:
> > Hello.
> > This WIP patch implements new reflection functions in the C API as
> > mentioned in bug 96889.
> > I'm looking forward for feedba
On Tue, 2020-09-01 at 21:01 -0400, Antoni Boucher via Jit wrote:
> Hello.
> This WIP patch implements new reflection functions in the C API as
> mentioned in bug 96889.
> I'm looking forward for feedbacks on this patch.
> It's WIP because I'll probably add a few more reflection functions.
>
PR analyzer/95188 reports that diagnostics from
-Wanalyzer-unsafe-call-within-signal-handler use the wrong
source location when reporting the signal-handler registration
event in the diagnostic_path. The diagnostics erroneously use the
location of the first stmt in the basic block containing the
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as 9b4b1ed50f1e0f252a86851456b58bb2e142c495.
gcc/analyzer/ChangeLog:
* constraint-manager.cc
(constraint_manager::add_constraint_internal): Whitespace fixes.
Silence -Wsign-compare warning.
I added this field (and the struct itself) in the rewrite of region and
value-handling (808f4dfeb3a95f50f15e71148e5c1067f90a126d), but the field
was never used.
Found by cppcheck.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as
Spotted by cppcheck.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as c0ed6afef7897f32dc199da9a5430664fcbb61bb.
gcc/analyzer/ChangeLog:
* region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
redundant "virtual". Add FINAL OVERRIDE.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3512-g01eabbeadb645959d5dcb0f00f41c3565a8f54f1.
gcc/analyzer/ChangeLog:
PR analyzer/97233
* analyzer.cc (is_longjmp_call_p): Require the initial argument
to be a pointer.
*
In 10fc42a8396072912e9d9d940fba25950b3fdfc5 I converted state_t from
unsigned to const state *, but missed this comparison against 0.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as 53d28fd4e16f163a9bd0c323f432914804f1348a.
gcc/analyzer/ChangeLog:
*
Successfully regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3472-gd4a906e7b51f3fc31f3328810f45ae4cf2e7bbc3.
gcc/testsuite/ChangeLog:
PR analyzer/94355
* g++.dg/analyzer/placement-new.C: New test.
---
gcc/testsuite/g++.dg/analyzer/placement-new.C | 26
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3471-g29f5db8ef81fac4db8e66e5f06fdf1d469e8161c.
gcc/analyzer/ChangeLog:
PR analyzer/96646
PR analyzer/96841
* region-model.cc (region_model::get_representative_path_var):
When
On Thu, 2020-09-24 at 08:30 +0200, Jan Hubicka wrote:
> Hi,
> This patch makes ggc_delete to be paired with ggc_alloc_no_dtor.
> I copy same scheme as used by Martin in ipa-fnsummary, that is
> creating a
> static member function create_ggc hidding the ugly bits and using it
> in
> ipa-modref.c.
>
PR analyzer/93355 reports a missing diagnostic about a FILE leak in
intl/localealias.c. This appears to be due to a issue in the
feasibility-checking code, though there is also a state explosion.
This patch adds test cases that I've been using when investigating this,
two of them currently
This patch provides a new option "-fno-analyzer-feasibility" as a way
to disable feasibility-checking of the constraints along the control
flow paths for -fanalyzer diagnostics. I'm adding this in the hope of
making it easier to debug issues involving the feasibility-checking
logic.
The patch
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3403-gf65ebb5210e2fded0f7b339219685f4480124f0c.
gcc/analyzer/ChangeLog:
PR analyzer/97178
* engine.cc (impl_run_checkers): Update for change to ext_state
ctor.
* program-state.cc
This patch replaces a sequence of dyn_cast to different gimple stmt
types in exploded_node::on_stmt with a switch on the gimple_code. This
makes clearer which kinds of stmt are currently treated as no-ops, as a
precursor to handling them properly.
No functional change intended.
Successfully
On Tue, 2020-09-22 at 17:47 -0400, David Malcolm wrote:
> On Tue, 2020-09-22 at 22:55 +0200, Tobias Burnus wrote:
> > This patch breaks the cross build here:
> > ...gcc/analyzer/engine.cc:65:10: fatal error: zlib.h: No such file
> > or
> > directory
> >
>
On Tue, 2020-09-22 at 22:55 +0200, Tobias Burnus wrote:
> This patch breaks the cross build here:
> ...gcc/analyzer/engine.cc:65:10: fatal error: zlib.h: No such file or
> directory
>
> I think you need to do something similar in Makefile.in as lto-
> compress has:
>
> # lto-compress.o needs
On Tue, 2020-09-22 at 22:23 +0200, Jan Hubicka wrote:
> > On Tue, 2020-09-22 at 20:39 +0200, Jan Hubicka wrote:
> > > David,
> > > with jit I get the following:
> > > /usr/local/x86_64-pc-linux-gnu/bin/ld: final link failed:
> > > nonrepresentable section on output
> > > collect2: error: ld
On Tue, 2020-09-22 at 22:24 +0200, Jan Hubicka wrote:
> > On Tue, 2020-09-22 at 16:13 -0400, David Malcolm wrote:
> > > On Tue, 2020-09-22 at 20:39 +0200, Jan Hubicka wrote:
> > > > David,
> > > > with jit I get the following:
> > > > /usr/
On Tue, 2020-09-22 at 16:13 -0400, David Malcolm wrote:
> On Tue, 2020-09-22 at 20:39 +0200, Jan Hubicka wrote:
> > David,
> > with jit I get the following:
> > /usr/local/x86_64-pc-linux-gnu/bin/ld: final link failed:
> > nonrepresentable section on output
> > co
On Tue, 2020-09-22 at 20:39 +0200, Jan Hubicka wrote:
> David,
> with jit I get the following:
> /usr/local/x86_64-pc-linux-gnu/bin/ld: final link failed:
> nonrepresentable section on output
> collect2: error: ld returned 1 exit status
> make[3]: *** [../../gcc/jit/Make-lang.in:121:
I've found this useful for debugging state explosions in the analyzer.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as 809192e77e6e112a0fe32dee7fada7a49fbf25cd.
gcc/analyzer/ChangeLog:
* analysis-plan.cc: Include "json.h".
* analyzer.opt
On Tue, 2020-09-22 at 09:07 +0200, Jan Hubicka wrote:
> > > (gdb) p summaries
> > > $3 = (fast_function_summary *) 0x0
> > >
> > > I'm still investigating (but may have to call halt for the
> > > night), but
> > > this could be an underlying issue with the new passes; the jit
> > > testsuite runs
On Sun, 2020-09-20 at 19:30 +0200, Jan Hubicka wrote:
> > On Sun, 2020-09-20 at 00:32 +0200, Jan Hubicka wrote:
> > > Hi,
> > > this is cleaned up version of the patch. I removed unfinished
> > > bits,
> > > fixed
> > > propagation, cleaned it up and fixed fallout.
> >
> > [...]
> >
> > > While
Verify that arguments are pointers before calling handling code
that calls deref_rvalue on them.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3341-g1e19ecd79b45af6df87a6869d1936b857c9f71fc.
gcc/analyzer/ChangeLog:
PR analyzer/97130
*
Whilst debugging the remaining state explosion in PR analyzer/93355
I noticed that half of the states at an exploding program point had:
'malloc': {'': 'non-heap'}
whereas the other half didn't, presumably depending on whether the path
to each enode had used this local buffer:
char buf[400];
On Sun, 2020-09-20 at 19:30 +0200, Jan Hubicka wrote:
> >
[...]
> > Should new C++ source files have a .cc suffix, rather than .c?
> >
> > [...]
> >
> > > + $(srcdir)/ipa-modref.h $(srcdir)/ipa-modref.c \
> >
> > ...which would affect this^
>
> I was wondering about
On Sun, 2020-09-20 at 00:32 +0200, Jan Hubicka wrote:
> Hi,
> this is cleaned up version of the patch. I removed unfinished bits,
> fixed
> propagation, cleaned it up and fixed fallout.
[...]
> While there are several areas for improvements but I think it is not
> in shape
> for mainline and
When experimenting the a new state_machine with global state I noticed
that the fallback handling in warning_event::get_desc assumes we have
per-value states, and ICEs on global states. Fixed thusly.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as c89956cba9d1a5fbf059f7880ff49418718a2965.
gcc/analyzer/ChangeLog:
* sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
strndup as being malloc-like allocators.
gcc/testsuite/ChangeLog:
On Fri, 2020-09-18 at 07:49 +0200, Aldy Hernandez wrote:
>
> On 9/18/20 3:43 AM, David Malcolm wrote:
> > On Thu, 2020-09-17 at 12:36 +0200, Aldy Hernandez via Gcc-patches
> > wrote:
> > > This is the irange storage class. It is used to allocate the
> > > mi
On Thu, 2020-09-17 at 12:36 +0200, Aldy Hernandez via Gcc-patches
wrote:
> This is the irange storage class. It is used to allocate the
> minimum
> amount of storage needed for a given irange. Storage is
> automatically
> freed at destruction.
>
> It is meant for long term storage, as opposed
Debugging the state explosion of the very large switch statement in
gcc.dg/analyzer/pr96653.c showed that the worklist was failing to
order the exploded nodes correctly; the in-edges at the join point
after the switch were not getting processed together, but were instead
being rocessed in smaller
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as d2c4d5199cf277becc1f377536973815d1c9519c.
gcc/analyzer/ChangeLog:
* engine.cc (supernode_cluster::dump_dot): Show the SCC id
in the per-supernode clusters in FILENAME.eg.dot output.
Prior to this patch the analyzer worklist considered only one node or
two nodes at a time, processing and/or merging state individually or
pairwise.
This could lead to explosions of merger nodes at CFG join points,
especially after switch statements, which could have large numbers
of in-edges,
Avoid some future copy-and-paste by introducing a function.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as b9b5fc0c2175b34131d9fd0805b1b307f754f4f0.
gcc/analyzer/ChangeLog:
* engine.cc
(exploded_graph::process_node) :
Simplify by using
I found this useful when debugging.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as 6dd96e24ea3cb9919fedd4da35fbfd36ed98b0ea.
gcc/analyzer/ChangeLog:
* engine.cc (exploded_graph::get_or_create_node): Show the
program point when issuing
Seen whilst debugging another issue, where the analyzer was assuming
conservatively that a call to getchar could clobber a global.
This is handled for most of the other stdio functions by the list
in sm-file.cc
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as
On Wed, 2020-09-16 at 11:16 -0400, Marek Polacek wrote:
> Here we ICE in char_span::subspan because the offset it gets is -1.
> It's -1 because get_substring_ranges_for_loc gets a location whose
> column was 0. That only happens in testcases like the attached where
> we're dealing with extremely
PR analyzer/96650 reports an assertion failure when merging the
intersection of two sets of constraints, due to the resulting
constraints being infeasible.
It turns out that the two input sets were each infeasible if
transitivity were considered, but -fanalyzer-transitivity was off.
However for
On attempting to run the full test suite with -fanalyzer via
make check RUNTESTFLAGS="-v -v --target_board=unix/-fanalyzer"
I saw it get stuck on:
gcc.c-torture/compile/20001226-1.c
It turns out this was on a debug build, rather than a release build;
but a release build with -fanalyzer took:
PR analyzer/96653 reports a CPU-time and memory explosion in -fanalyzer
seen in Linux 5.9-rc1:drivers/media/v4l2-core/v4l2-ctrls.c on a switch
statement with many cases.
The issue is some old code in constraint_manager::get_or_add_equiv_class
for ensuring that comparisons between equivalence
Downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1878600
describes a false positive from -Wanalyzer-file-leak seen with
gcc 10.2, but which has been fixed in gcc 11.
This patch adds the reproducer as a regression test.
Successfully tested on x86_64-pc-linux-gnu.
Pushed to
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3188-g35e3f0829d8e9cdc7ea19917c9f3a7add3f14847.
gcc/analyzer/ChangeLog:
PR analyzer/97029
* analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
pointer.
*
On Fri, 2020-09-11 at 12:31 +0200, Andrea Corallo wrote:
> Hi Dave,
>
> thanks for the review!
>
> David Malcolm writes:
>
> [...]
>
> > Was there a reason for using reinterpret_cast here, rather than
> > static_cast?
>
> Yes the reason i
Amongst other things PR analyzer/96798 notes that
region_model::on_call_pre treats any builtin that hasn't been coded
yet as a no-op (albeit with an unknown return value), which is wrong
for non-pure builtins.
This patch updates that function's handling of such builtins so that it
instead
On Wed, 2020-08-19 at 09:17 +0200, Andrea Corallo wrote:
> David Malcolm writes:
>
> > Thanks for the updated patch. Comments inline below.
>
> Hi Dave,
>
> sorry for the late reply.
Likewise, sorry.
[...]
> > Why the non-void return type? Looking a
On Tue, 2020-07-28 at 20:22 -0400, Patrick Palka wrote:
> On Tue, 28 Jul 2020, David Malcolm wrote:
>
> > On Tue, 2020-07-28 at 15:50 -0400, Patrick Palka wrote:
> > > Currently the -Wmisleading-indentation warning doesn't do any
> > > analysis
> > > when
On Wed, 2020-09-09 at 17:13 -0400, Jason Merrill wrote:
> On 8/13/20 12:34 PM, Sandra Loosemore wrote:
> > This is a revised version of the patch set originally posted
> > last November:
> >
> > https://gcc.gnu.org/pipermail/gcc-patches/2019-November/534142.html
> >
> > In addition to generally
This patch generalizes the state machine in sm-malloc.cc to support
multiple allocator APIs, and adds just enough support for C++ new and
delete to demonstrate the feature, allowing for detection of code
paths where the result of new in C++ can leak - for some crude examples,
at least (bearing in
This patch is preliminary work towards generalizing sm-malloc.cc so that
it can check APIs other than just malloc/free (and e.g. detect
mismatching alloc/dealloc pairs).
Generalize states in state machines so that, rather than state_t being
just an "unsigned", it becomes a "const state *", where
This patch is yet more preliminary work towards generalizing sm-malloc.cc
beyond just malloc/free.
It eliminates sm_context::warn_for_state in terms of a new sm_context::warn
vfunc, guarded by sm_context::get_state calls.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to
This patch is further preliminary work towards generalizing sm-malloc.cc
beyond just malloc/free.
Reimplement sm_context's on_transition vfunc in terms of new get_state
and set_next_state vfuncs, so that in followup patches we can implement
richer transitions (e.g. where the states are
PR analyzer/96949 reports an ICE within -fanalyzer on a Fortran test
case with --param analyzer-max-svalue-depth=0, where that param value
leads to INTEGER_CST values in a RANGE_EXPR being treated as unknown
symbolic values.
This patch replaces implicit assumptions that these values are
concrete
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3051-gaf656c401e97f9de2a8478f18278e8efb2a6cf23.
gcc/analyzer/ChangeLog:
PR analyzer/96950
* store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
where min_index == max_index.
In g:ee7bfbe5eb70a23bbf3a2cedfdcbd2ea1a20c3f2 I added a
switch (DECL_UNCHECKED_FUNCTION_CODE (callee_fndecl))
to region_model::on_call_pre guarded by
fndecl_built_in_p (callee_fndecl).
I meant to handle only normal built-ins, whereas this
single-argument overload of fndecl_built_in_p returns
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2968-g49bfbf18c0bb9d83934f0ce765dc031ebfbda38e.
gcc/analyzer/ChangeLog:
PR analyzer/96792
* region-model.cc (region_model::deref_rvalue): Add the constraint
that PTR_SVAL is non-NULL.
On Tue, 2020-09-01 at 13:47 +0200, Martin Liška wrote:
> Hello.
>
> There's a new version of the patch attempt. I mentioned couple of
> issues with the v1 here:
> https://gcc.gnu.org/pipermail/gcc-patches/2020-March/542821.html
>
> The patch addresses the biggest blocker which fact that the
>
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2957-gbc62bfb0f43eeada02cb924e3cb5457a399b01c0.
gcc/analyzer/ChangeLog:
PR analyzer/96798
* region-model.cc (region_model::on_call_pre): Handle
BUILT_IN_MEMSET_CHK.
Clean up this code in preparation for fixing PR analyzer/96798.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2956-gee7bfbe5eb70a23bbf3a2cedfdcbd2ea1a20c3f2.
gcc/analyzer/ChangeLog:
* region-model.cc (region_model::on_call_pre): Gather handling of
PR analyzer/96860 reports an ICE inside CONSTRUCTOR-handling with
--param analyzer-max-svalue-depth=0 when attempting to build a
binding_map for the CONSTRUCTOR's values.
The issue is that when handling (index, value) pairs for initializing
an array, the index values for the elements exceeds the
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2953-g0d1b4edc5fff834e8f924b20dd021ded7a21d2d2.
gcc/analyzer/ChangeLog:
PR analyzer/96763
* store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
by calling a new
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2952-gecdb93224c56189a129e97c556fe6b78e1b15a63.
gcc/analyzer/ChangeLog:
PR analyzer/96764
* region-model-manager.cc
(region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
On Wed, 2020-08-26 at 09:37 -0400, Nathan Sidwell wrote:
> Hi,
> I had a need to add a new type of informative message on the modules
> branch, with an option to enable it. The message is not a warning or
> an
> error, but just 'hey, you asked if X happens. It happens just
> here'.
> This is
PR analyzer/94858 reports a false diagnostic from
-Wanalyzer-malloc-leak, where the allocated pointer is pointed to by a
field of a struct, and a loop writes to a buffer, writing through an
iterating pointer value.
There were several underlying problems, relating to clobbering of the
struct
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2854-gd88c8df70342fcd6817e23f243ff38d0fe42fc6b.
gcc/analyzer/ChangeLog:
PR analyzer/96777
* region-model.h (class compound_svalue): Document that all keys
must be concrete.
PR analyzer/94851 reports various false "NULL dereference" diagnostics.
The first case (comment #1) affects GCC 10.2 but no longer affects
trunk; I believe it was fixed by the state rewrite of
r11-2694-g808f4dfeb3a95f50f15e71148e5c1067f90a126d.
The patch adds a regression test for this case.
The
I have followup patches that add new conditions to store::eval_alias.
Rather than duplicate all conditions for symmetry, split it up and
call it on both (A, B) and (B, A).
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as c199723d7ed0032db095abc75b82a9710eaa5e56.
region_model::push_frame was binding arguments for both the default SSA
name for each parameter, and the underlying parameter.
Simplify the generated states by only binding the default SSA name if
it exists, or the parameter if there is no default SSA name.
Successfully bootstrapped & regrtested
On Wed, 2020-08-19 at 09:24 +0200, Andrea Corallo wrote:
> Hi all,
>
> just a small patch updating some comments that apparently went out of
> sync a while ago adding gcc_jit_context_new_rvalue_from_long.
> Okay for trunk?
Yes
Thanks for fixing these
Dave
PR analyzer/95152 reports various ICEs in
region_model::get_or_create_mem_ref.
I removed this function as part of the state rewrite in
r11-2694-g808f4dfeb3a95f50f15e71148e5c1067f90a126d.
I've verified that these two test cases reproduce the issue with 10.2
and don't ICE with trunk; adding them as
Attempts to store sm-state into a union in C++ triggered an infinite
recursion when trying to generate a representative tree, due to
erroneously trying to use the dtor of the union as a field.
Fix it by filtering out non-FIELD_DECLs when walking TYPE_FIELDs
in region::get_subregions_for_binding.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2776-g2f5951bd95e334d611f4be7bbe1a136c580f9c20.
gcc/analyzer/ChangeLog:
PR analyzer/96713
* region-model.cc (region_model::get_gassign_result): For
comparisons, only use eval_condition
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2770-g366bd1ac01a5249a463e64234674ad2d174faa9a.
gcc/analyzer/ChangeLog:
PR analyzer/96699
* region-model-manager.cc
(region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2772-g23ebfda0e352fa0a92c6b012458ecb65505a135f.
gcc/analyzer/ChangeLog:
PR analyzer/96643
* region-model.cc (region_model::deref_rvalue): Rather than
attempting to handle all svalue
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2771-gfc02b568e2cd3f6a28d4b7c1063bbf8842c89aad.
gcc/analyzer/ChangeLog:
* region-model-manager.cc
PR analyzer/96705
(region_model_manager::maybe_fold_binop): Check that we have an
PR analyzer/96651 reports a false positive in which a global
that can't have been touched yet is checked in "main". The analyzer
fails to reject code paths in which the initial value of the global
makes the path condition impossible.
This patch detects cases where the code path begins at the
PR analyzer/96648 reports an ICE within get_field_at_bit_offset due
to a negative bit offset, arising due to pointer arithmetic.
This patch replaces an assertion with handling for this case, fixing the
ICE.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as da7c2773e56c889f4f131b80d4b91f1adbae80a2.
gcc/analyzer/ChangeLog:
* region-model.cc (region_model::get_rvalue_1): Fix name of local.
---
gcc/analyzer/region-model.cc | 4 ++--
1 file changed, 2
The old implementation of region_model::get_rvalue_1 gracefully handled
tree codes it didn't understand, returning "UNKNOWN", whereas the new
implementation (r11-2694-g808f4dfeb3a95f50f15e71148e5c1067f90a126d) had
an assertion left over from development, leading to ICEs.
This patch restores the
PR analyzer/96640 reports a ICE within region_model::on_assignment when
failing to handle a WIDEN_MULT_EVEN_EXPR, and various other tree codes.
The old implementation of region_model::on_assignment gracefully handled
tree codes it didn't understand, returning "UNKNOWN", whereas the new
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2725-gb00a83047574eb6f8d1e670ad439609125873506.
gcc/analyzer/ChangeLog:
PR analyzer/96644
* region-model-manager.cc (get_region_for_unexpected_tree_code):
Handle ctxt being NULL.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2724-g42c5ae5d7f0ad89b75d93c497fe44b6c66da7e76.
gcc/analyzer/ChangeLog:
PR analyzer/96639
* region.cc (region::get_subregions_for_binding): Check for "type"
being NULL.
In r11-2708-g2867118ddda9b56d991c16022f7d3d634ed08313 I added support to
the analyzer for initialization from var_decls in the global constant
pool. However, that commit didn't support initialization from
ADDR_EXPR of a STRING_CST leading to an ICE seen in data-model-1.c and
pr94639.c on arm and
PR testsuite/96609 and PR analyzer/96616 report various testsuite
failures seen on powerpc64, aarch64, and arm in new tests added by
r11-2694-g808f4dfeb3a95f50f15e71148e5c1067f90a126d.
Some of these failures (in gcc.dg/analyzer/init.c, and on arm
in gcc.dg/analyzer/casts-1.c) relate to
PR analyzer/96611 reports an ICE within the handling for unknown
functions, when passing a pointer to something accessed via a
global pointer, after an unknown function has already been called.
The first unknown function leads to the store being flagged, so
the access to the global pointer leads
gcc/ChangeLog:
* doc/analyzer.texi (Overview): Add tip about how to get a
gimple dump if the analyzer ICEs.
---
gcc/doc/analyzer.texi | 5 +
1 file changed, 5 insertions(+)
diff --git a/gcc/doc/analyzer.texi b/gcc/doc/analyzer.texi
index b5d6d0f393e..92c12e19401 100644
---
On Fri, 2020-08-14 at 10:49 +0200, Christophe Lyon wrote:
> Hi David,
>
>
> On Thu, 13 Aug 2020 at 22:58, David Malcolm via Gcc-patches
> wrote:
> > This large patch reimplements how the analyzer tracks regions and
> > values.
On Fri, 2020-08-14 at 10:01 -0400, Lewis Hyatt wrote:
> On Wed, Aug 12, 2020 at 12:54 PM Richard Sandiford
> wrote:
[...]
> > OK with those changes in 24 hrs if noone objects or asks for a
> > delay.
> >
> > Thanks,
> > Richard
>
> Thanks for the review, and sorry about the formatting
On Fri, 2020-08-14 at 09:26 +0200, Martin Liška wrote:
> On 8/14/20 9:22 AM, Martin Liška wrote:
> > On 8/13/20 10:58 PM, David Malcolm via Gcc-patches wrote:
> > > PR analyzer/93032 (missing leak diagnostic for
> > > zlib/contrib/minizip/mztools.c)
> > >
1301 - 1400 of 5048 matches
Mail list logo
