[cfe-dev] scan-build possible false positive
Victor Julien
lists at inliniac.net
Thu Dec 12 00:28:42 PST 2013
On 12/11/2013 06:21 PM, Jordan Rose wrote:
> We've pretty consistently had issues with the TAILQ macros; there's some code in there to try to suppress issues dealing with them, but apparently we've missed your test case. Please file a bug at http://llvm.org/bugs/.
Opened http://llvm.org/bugs/show_bug.cgi?id=18222, hope it's helpful.
Thanks,
Victor
>
> Jordan
>
>
> On Dec 11, 2013, at 7:35 , Victor Julien <lists at inliniac.net> wrote:
>
>> Hi all,
>>
>> I hope this is the correct place to report an issue scan-build. The code
>> below (also attached) compiles cleanly with:
>> clang -ggdb -O0 -Werror -Wall -Wextra main.c
>>
>> I use what I believe to be the latest stable, as shipped by Ubuntu 13.10:
>> $ /usr/bin/clang --version
>> Ubuntu clang version 3.3-5ubuntu4 (branches/release_33) (based on LLVM 3.3)
>> Target: x86_64-pc-linux-gnu
>> Thread model: posix
>>
>> The code uses the sys/queue.h implementations that come with Linux and
>> perhaps other OS' as well.
>>
>>
>> When I run this through scan-build, it reports a use after free case:
>>
>> $ scan-build -v clang -ggdb -O0 -Werror -Wall -Wextra main.c && ./a.out
>> scan-build: Using '/usr/bin/clang' for static analysis
>> scan-build: Emitting reports for this run to
>> '/tmp/scan-build-2013-12-11-37'.
>> main.c:29:9: warning: Use of memory after it is freed
>> printf("module %p\n", module);
>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> 1 warning generated.
>> scan-build: 1 bugs found.
>> scan-build: Run 'scan-view /tmp/scan-build-2013-12-11-37' to examine bug
>> reports.
>> module 0x9a4010
>>
>> However, if I enable the HWBARRIER define (see code below), the warning
>> goes away:
>>
>> $ scan-build -v clang -ggdb -O0 -Werror -Wall -Wextra main.c
>> -DHWBARRIER=1 && ./a.out
>> scan-build: Using '/usr/bin/clang' for static analysis
>> scan-build: Emitting reports for this run to
>> '/tmp/scan-build-2013-12-11-38'.
>> scan-build: Removing directory '/tmp/scan-build-2013-12-11-38' because
>> it contains no reports.
>> scan-build: No bugs found.
>> module 0x1be1010
>>
>> The compiler barrier (SWBARRIER) doesn't do the trick though.
>>
>> Is this a bug in clang and/or scan-build or am I missing an issue with
>> this code? In all cases valgrind is happy with it.
>>
>>
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <string.h>
>>
>> #include <sys/queue.h>
>>
>> typedef struct OutputModule_ {
>> TAILQ_ENTRY(OutputModule_) entries;
>> } OutputModule;
>>
>> static TAILQ_HEAD(, OutputModule_) output_modules =
>> TAILQ_HEAD_INITIALIZER(output_modules);
>>
>> void add_to_tailq(void) {
>> OutputModule *module = calloc(1, sizeof(*module));
>> TAILQ_INSERT_TAIL(&output_modules, module, entries);
>> }
>>
>> int main () {
>> add_to_tailq();
>>
>> OutputModule *module;
>> while ((module = TAILQ_FIRST(&output_modules))) {
>> #if HWBARRIER
>> __sync_synchronize();
>> #elif SWBARRIER
>> asm volatile("" ::: "memory");
>> #endif
>> printf("module %p\n", module);
>>
>> TAILQ_REMOVE(&output_modules, TAILQ_FIRST(&output_modules),
>> entries);
>> free(module);
>> }
>> exit(EXIT_SUCCESS);
>> }
>>
>>
>> Thanks,
>> Victor
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>>
>>
>>> _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the cfe-dev
mailing list