-
Notifications
You must be signed in to change notification settings - Fork 781
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gcc12 static analyzer (-fanalyzer) report #1745
Comments
The first one is wrong but the compiler cannot know it, we ought to use __objt_conn() instead. The second is valid, the loop ought to be rolled back first. The third looks wrong. We're at the function entry and this function cannot be called with a NULL. I suspect the analyzer believes this because before that point we call a generic function that performs a null test, but if it relies on this, it's plain stupid and will constantly report tons of false positives. |
well, I'll try to dig on third |
in after that we invoke
|
can we address first and second finding ? |
after I masked out 3rd detection, another detection revealed
|
Ilya, in order for me not to waste an hour trying to reproduce, could you please share your build options so that it's easier to try here ? It's indeed extremely difficult to shut absurd warnings when you cannot reproduce them because they're usually everything but rational. |
I use gcc from master branch. However, static analyzer did not change a lot from gcc-12.X
|
Thank you. I'll see if I find a working compiler. |
I reported 3 issues because I first invoked |
I can see the first one using the same flags and gcc-11.3. It's completely bogus as usual. It considers that because you call a general-purpose function on one of your pointers and that this function performs safety checks so that it can be used in other places, then it necessarily means that where you call it those safety checks may always be violated. It's as if it reported that a string might be NULL everywhere you call printf("%p") just because printf() does an explicit test to print "(nil)" instead of "0x0". In my opinion such warnings only ought to be emitted if the test is explicit in the function and not if it comes from another function (or macro), inlined or not, since the main purpose of writing a function is to reuse it. Such absurdities are causing great damage to the C language because they make it more and more complicated to use safely, and discourage users from reusing valid code and instead for them to reimplement copies of it everywhere. Several times already we introduced bugs while trying to shut the bogus null-deref checks up :-( And that's sad because when they're done properly (i.e. local function only) they sometimes report valid issues. I can shut it down using DISGUISE() when calling the function. That's ugly... For the other ones I don't know, I'll have to check. |
I'm not sure that we can report to gcc "please ignore some checks, and honor other". Looks like those "null deref" checks are totally useless. we can try to enable gcc static analyzer with null deref muted for example (at least for the first time) |
I got another one which is not even possible in
The two lines before the "if" explicitly make sure that a NULL Worse, even if I add an explicit test in the
It explicitly says that conn is not NULL, just to say a few lines below that it was NULL. At this point it's clear that this analyzer is broken beyond imagination. It might be extremely experimental, which is fine if that's the case. But we can't sabottage all the code with invalid "if" just to try to shut it up. If it says garbage, we should just shut it up or stop using it. Because I'm not going to purposely add bugs in the code to hide the analyzer's bugs. |
Found it, you can disable it with: |
It seems that the double-free check isn't any better:
When you look at the code, it's a free() of a single element that's inside a loop that iterates over a tree. So you can happily add |
I recall we reported some false positives for gcc11, I'll check with gcc master |
Oh and the cherry on the cake:
How to explain... by definition if it's stored where it ought to be used, it's not leaked. I think this analyzer has serious issues with data lifecycle and is totally unusable. Most likely it's still in its infancy and will start to be usable in 10 years from now on hello world-like programs but here we must not waste our time and energy on this one. At the very least you can also add |
Here it's not just some false positives, it's a totally bogus analysis. The concepts themselves are totally flawed. Maybe try with clang, to see if it does something less ridiculous ? |
The |
clang is in my queue as well
…On Thu, Dec 29, 2022, 4:08 PM Willy Tarreau ***@***.***> wrote:
Here it's not just some false positives, it's a totally bogus analysis.
The concepts themselves are totally flawed. Maybe try with clang, to see if
it does something less ridiculous ?
—
Reply to this email directly, view it on GitHub
<#1745 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQ5KUDH5LHKOKU6J5X4UVTWPVPIXANCNFSM5YP33FDQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
And this very long one is wrong as well:
The value is used when type==TCPCHK_EXPECT_HTTP_STATUS which is only set when pattern is assigned a non-null value. In short it's 100% wrong for now, with reports that are extremely difficult to handle because we start from the assumption that this thing knows C and can follow loops and conditions, which is not true. |
I'm giving up now. I've wasted two hours on this garbage, that's not productive use of our time :-( It seems that the only one that seldom reports true problems is |
Thank you for the review, I'll check on master branch and report them to
GCC.
Hopefully, if we will contact them once an year, it will be working in 10
years))
…On Thu, Dec 29, 2022, 4:42 PM Willy Tarreau ***@***.***> wrote:
And this very long one is wrong as well:
include/import/ist.h: In function 'parse_tcpcheck_expect':
src/tcpcheck.c:3336:59: warning: use of NULL 'pattern' where non-null expected [CWE-476] [-Wanalyzer-null-argument]
3336 | c1 = c2 = read_uint(&p, pattern + strlen(pattern));
| ^~~~~~~~~~~~~~~
The value is used when type==TCPCHK_EXPECT_HTTP_STATUS which is only set
when pattern is assigned a non-null value. In short it's 100% wrong for
now, with reports that are extremely difficult to handle because we start
from the assumption that this thing knows C and can follow loops and
conditions, which is not true.
—
Reply to this email directly, view it on GitHub
<#1745 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQ5KUDY3HT4E6FLQJDVGELWPVTJ3ANCNFSM5YP33FDQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
I don't think it's worth annoying them with that. I suspect the analyzer might be a side project for them (probably for students since it does involve some language theory, control flow integrity etc) and it's very likely that the paint is not dry yet. I'd rather make sure they spend their time addressing regular annoying warnings than this monster. Such tools are not always accurate and we just need to use what appears to provide value. We already have Coverity that reports real concerns (thanks to your filtering). Maybe clang will do as well. Do we need yet another one ? Probably not, especially if it starts on such unstable grounds. |
this one is fixed in gcc master |
couple of issues reported to gcc https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108251 closing this issue |
OK well done! Just make sure to try to file issues in a reproducible enough way so that they don't spend too much time trying to isolate them. This time it looks like it worked well though. |
both false positive get attention from RedHat, I beleive that RedHat is interested in adding |
Tool Name and Version
gcc12
Code Report
The text was updated successfully, but these errors were encountered: