https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108381
Bug ID: 108381
Summary: GCC Static Analyzer evaluates ( ((c)<=(b)) &&
((c)!=(b)) ) == false to be FALSE with the fact c >= b
Product: gcc
Version: 13.0
Status: UNCONFIRM
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108428
Bug ID: 108428
Summary: - -Wanayzer-null-dereference false negative with *f =
1
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Prio
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108428
--- Comment #1 from Geoffrey ---
In addition, CSA can correctly report the NPD warning :
https://godbolt.org/z/54n5so49P
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108739
Bug ID: 108739
Summary: GCC Static Analyzer evaluates `a > b `to be TRUE but
evaluates `b < a` to be UNKNOWN
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Sev
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108767
Bug ID: 108767
Summary: O2 optimization has side effects on static analysis.
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Compon
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108403
Geoffrey changed:
What|Removed |Added
CC||geoffreydgr at icloud dot com
--- Comment #1
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109063
Bug ID: 109063
Summary: GCC Static Analyzer evaluates `e == &d + 1` to be
UNKNOWN with the fact that `e == &d`
Product: gcc
Version: 13.0
Status: UNCONFIRMED
S
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109106
Bug ID: 109106
Summary: GCC Static Analyzer doesn't model printf
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyze
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107289
Bug ID: 107289
Summary: - -Wanayzer-null-dereference false positive with f =
*b
Product: gcc
Version: 12.1.0
Status: UNCONFIRMED
Severity: normal
Pr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107289
Geoffrey changed:
What|Removed |Added
CC||geoffreydgr at icloud dot com
--- Comment #3
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107345
Bug ID: 107345
Summary: - -Wanayzer-null-dereference false positive with
giving weird path infomation
Product: gcc
Version: 12.1.0
Status: UNCONFIRMED
Severity
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107345
--- Comment #4 from Geoffrey ---
(In reply to David Malcolm from comment #3)
> Fixed on trunk for GCC 13 by the above patch.
>
> Keeping open for backporting to GCC 12.
That is really great! Thanks a lot!
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107345
--- Comment #5 from Geoffrey ---
(In reply to David Malcolm from comment #3)
> Fixed on trunk for GCC 13 by the above patch.
>
> Keeping open for backporting to GCC 12.
That is really great! Thanks a lot!
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107526
Bug ID: 107526
Summary: - -Wanayzer-null-dereference false positive with
different behaviors when delete unrelated statement
“int *e = 0;”
Product: gcc
Version:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107526
--- Comment #1 from Geoffrey ---
And if i compile this case with gcc 11.3, it does not report NPD warning.
https://godbolt.org/z/v88PWvs3s
seems like a regression problem.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107733
Bug ID: 107733
Summary: GCC - -Wanayzer-null-dereference false positive with
wrong path note "(3) 'e' is NULL" and inconsistent
behaviors
Product: gcc
Version: 1
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107733
--- Comment #3 from Geoffrey ---
(In reply to David Malcolm from comment #2)
Thanks for your explanation. It helps a lot.
> _It's analyzing "a" twice: as called by main, and as a standalone function._
I am wondering if is there any option f
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107948
Bug ID: 107948
Summary: GCC Static Analyzer doesn't realize `0 - width <= 0`
is always true when `width > 0` and `width is int`
type,
Product: gcc
Version: 13.0
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107948
--- Comment #3 from Geoffrey ---
(In reply to CVS Commits from comment #1)
> The master branch has been updated by David Malcolm :
>
> https://gcc.gnu.org/g:0b737090a69624dea5318c380620283f0321a92e
>
> commit r13-4456-g0b737090a69624dea5318c38
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108100
Bug ID: 108100
Summary: GCC Static Analyzer does not know "(a || b) == true"
in the true branch of "if (a || b) "
Product: gcc
Version: 13.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108301
Bug ID: 108301
Summary: GCC Static Analyzer evaluates "__analyzer_eval((!(((0
!= b[0]) == p_9) && p_9)))" to be TRUE in the true
branch of "if 0 != b[0]) == p_9) && p_9))"
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110928
Bug ID: 110928
Summary: ICE with -fanalyzer on -Wanalyzer-out-of-bounds
checker
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Prior
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111305
Bug ID: 111305
Summary: GCC Static Analyzer -Wanalyzer-out-of-bounds FP and
ICE problem
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109190
Bug ID: 109190
Summary: GCC Static Analyzer cannot handle the initialization
of an array with a for loop
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severit
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109191
Bug ID: 109191
Summary: GCC static analyzer does not warning `*b = 1` where
`b` is 1.
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109193
Bug ID: 109193
Summary: GCC Static Analyzer does not know 1-a > 0-b" in the
true branch of "if (a < b && 0 < a) "
Product: gcc
Version: 13.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109193
--- Comment #1 from Geoffrey ---
It does not know "b > 0" under the if condition that "a>0 && b > a" either.
See it live: https://godbolt.org/z/1aGds8aTq
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109194
Bug ID: 109194
Summary: GCC Static Analyzer does not know "a+3 > b+1" in the
true branch of "if (a > b) ", but it knows "a+2 > b+1"
Product: gcc
Version: 13.0
Status: U
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109195
Bug ID: 109195
Summary: GCC Static Analyzer does not know "a+0 <= b+1" in the
true branch of if (a <= b), but knows "a+0 < b+1".
Product: gcc
Version: 13.0
Status: UNCON
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109196
Bug ID: 109196
Summary: GSA evaluates
`__analyzer_eval(((a())<(0))||((a())==(0)));` to be
TRUE, but function `a()` is a unknown function
Product: gcc
Version: 13
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109197
Bug ID: 109197
Summary: GCC Static Analyzer does not kown `c || b.d` is false
with the fact that `c=0` and `b.d=0`
Product: gcc
Version: 13.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109199
Bug ID: 109199
Summary: GCC Static Analyzer evaluates `__analyzer_evalc) +
1) == ((&b[0]) + 1)))` to be FLASE with the fact `c ==
&b[0]`
Product: gcc
Version
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109200
Bug ID: 109200
Summary: GCC Static Analyzer does not generate a div-by-zero
warning for the `0 <= (f = 0) % e.b` where `e.b == 0`
Product: gcc
Version: 13.0
Status: UNCO
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109201
Bug ID: 109201
Summary: GCC Static Analyzer does not generate a div-by-zero
warning for the `if ((d.b = 1) / f)` where `f` is 0
Product: gcc
Version: 13.0
Status: UNCONF
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109292
Bug ID: 109292
Summary: GCC Static Analyzer NPD false negative because it does
not know a simple iterator of `for` loop
Product: gcc
Version: 13.0
Status: UNCONFIRMED
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107733
--- Comment #4 from Geoffrey ---
(In reply to David Malcolm from comment #2)
> ...and also, as you note:
> * deleting the unrelated code ` int *d = 0;` should not affect the result
> (but does)
>
>
> > the path note `(3) 'e' is NULL` is wron
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108428
--- Comment #2 from Geoffrey ---
Hi, David! Could you spare a little time to explain this case for me? Please
^v^
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109190
--- Comment #1 from Geoffrey ---
Hi, David! Could you spare a little time to explain this case to me? Thanks a
lt!
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108100
--- Comment #1 from Geoffrey ---
Hi, David. Could you spare some time to explain why GSA cannot handle `||`?
Will you fix this? I'd like to contribute. Thanks a lot!
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108767
--- Comment #1 from Geoffrey ---
Hi, David, do you have any idea about why -O2 can lead to a FP?
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109190
--- Comment #3 from Geoffrey ---
(In reply to Xi Ruoyao from comment #2)
> With -O0 GCC does not attempt to analyze any loops. I doubt if "-O0
> -fanalyzer" really makes sense. Maybe we should just emit a warning when
> -fanalyzer is used with
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109063
Geoffrey changed:
What|Removed |Added
Status|UNCONFIRMED |RESOLVED
Resolution|---
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109736
Bug ID: 109736
Summary: GCC Static Analyzer evaluates `e == d + 1` to be
UNKNOWN with the fact that `e == d`, e is a pointer,
and d is an array
Product: gcc
Vers
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110700
Bug ID: 110700
Summary: gcc -fanalyzer --analyzer-checker=taint encouters an
error
Product: gcc
Version: 13.1.1
Status: UNCONFIRMED
Severity: normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109106
--- Comment #5 from Geoffrey ---
(In reply to David Malcolm from comment #4)
> Thanks for filing this, and for the comments; marking it as a dup of PR
> 107017
>
> *** This bug has been marked as a duplicate of bug 107017 ***
Hi, David. I want
45 matches
Mail list logo
