[cfe-dev] scan-build possible false positive
Jordan Rose
jordan_rose at apple.com
Wed Dec 11 09:21:44 PST 2013
We've pretty consistently had issues with the TAILQ macros; there's some code in there to try to suppress issues dealing with them, but apparently we've missed your test case. Please file a bug at http://llvm.org/bugs/.
Jordan
On Dec 11, 2013, at 7:35 , Victor Julien <lists at inliniac.net> wrote:
> Hi all,
>
> I hope this is the correct place to report an issue scan-build. The code
> below (also attached) compiles cleanly with:
> clang -ggdb -O0 -Werror -Wall -Wextra main.c
>
> I use what I believe to be the latest stable, as shipped by Ubuntu 13.10:
> $ /usr/bin/clang --version
> Ubuntu clang version 3.3-5ubuntu4 (branches/release_33) (based on LLVM 3.3)
> Target: x86_64-pc-linux-gnu
> Thread model: posix
>
> The code uses the sys/queue.h implementations that come with Linux and
> perhaps other OS' as well.
>
>
> When I run this through scan-build, it reports a use after free case:
>
> $ scan-build -v clang -ggdb -O0 -Werror -Wall -Wextra main.c && ./a.out
> scan-build: Using '/usr/bin/clang' for static analysis
> scan-build: Emitting reports for this run to
> '/tmp/scan-build-2013-12-11-37'.
> main.c:29:9: warning: Use of memory after it is freed
> printf("module %p\n", module);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1 warning generated.
> scan-build: 1 bugs found.
> scan-build: Run 'scan-view /tmp/scan-build-2013-12-11-37' to examine bug
> reports.
> module 0x9a4010
>
> However, if I enable the HWBARRIER define (see code below), the warning
> goes away:
>
> $ scan-build -v clang -ggdb -O0 -Werror -Wall -Wextra main.c
> -DHWBARRIER=1 && ./a.out
> scan-build: Using '/usr/bin/clang' for static analysis
> scan-build: Emitting reports for this run to
> '/tmp/scan-build-2013-12-11-38'.
> scan-build: Removing directory '/tmp/scan-build-2013-12-11-38' because
> it contains no reports.
> scan-build: No bugs found.
> module 0x1be1010
>
> The compiler barrier (SWBARRIER) doesn't do the trick though.
>
> Is this a bug in clang and/or scan-build or am I missing an issue with
> this code? In all cases valgrind is happy with it.
>
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
>
> #include <sys/queue.h>
>
> typedef struct OutputModule_ {
> TAILQ_ENTRY(OutputModule_) entries;
> } OutputModule;
>
> static TAILQ_HEAD(, OutputModule_) output_modules =
> TAILQ_HEAD_INITIALIZER(output_modules);
>
> void add_to_tailq(void) {
> OutputModule *module = calloc(1, sizeof(*module));
> TAILQ_INSERT_TAIL(&output_modules, module, entries);
> }
>
> int main () {
> add_to_tailq();
>
> OutputModule *module;
> while ((module = TAILQ_FIRST(&output_modules))) {
> #if HWBARRIER
> __sync_synchronize();
> #elif SWBARRIER
> asm volatile("" ::: "memory");
> #endif
> printf("module %p\n", module);
>
> TAILQ_REMOVE(&output_modules, TAILQ_FIRST(&output_modules),
> entries);
> free(module);
> }
> exit(EXIT_SUCCESS);
> }
>
>
> Thanks,
> Victor
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: main.c
Type: text/x-csrc
Size: 827 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20131211/b5e1c512/attachment.c>
-------------- next part --------------
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list