The test case below was reduced from https://bugzilla.redhat.com/show_bug.cgi?id=2043195 (it's been greatly simplified). It shows a false positive caused by the warning's overly simplistic PHI handling: the warning warns on any PHI use with an operand that's been passed to free in a block that dominates the use. $ cat rhbz2043195.c && gcc -O2 -S -Wall -fdump-tree-waccess3=/dev/stdout rhbz2043195.c static inline void freep (void *p) { __builtin_free (*(void**)p); } char *f (void); int g (void) { __attribute__ ((__cleanup__ (freep))) char *s = 0, *t = 0; t = f (); if (!t) return 0; s = f (); return 1; } ;; Function g (g, funcdef_no=1, decl_uid=1984, cgraph_uid=2, symbol_order=1) In function ‘freep’, inlined from ‘g’ at rhbz2043195.c:10:47: rhbz2043195.c:3:3: warning: pointer ‘s’ used after ‘__builtin_free’ [-Wuse-after-free] 3 | __builtin_free (*(void**)p); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘freep’, inlined from ‘g’ at rhbz2043195.c:10:55: rhbz2043195.c:3:3: note: call to ‘__builtin_free’ here 3 | __builtin_free (*(void**)p); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ pointer_query counters: index cache size: 21 index entries: 3 access cache size: 6 access entries: 3 hits: 1 misses: 3 failures: 0 max_depth: 3 int g () { char * s; char * _1; char * _2; int _3; <bb 2> [local count: 1073741824]: _1 = f (); if (_1 == 0B) goto <bb 4>; [30.95%] else goto <bb 3>; [69.05%] <bb 3> [local count: 741418729]: _2 = f (); <bb 4> [local count: 1073741824]: # _3 = PHI <0(2), 1(3)> # s_10 = PHI <_1(2), _2(3)> __builtin_free (_1); __builtin_free (s_10); return _3; }
The correct URL is https://bugzilla.redhat.com/show_bug.cgi?id=2043915
Patch: https://gcc.gnu.org/pipermail/gcc-patches/2022-January/
*** Bug 104269 has been marked as a duplicate of this bug. ***
The full link to the patch: https://gcc.gnu.org/pipermail/gcc-patches/2022-January/589366.html
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>: https://gcc.gnu.org/g:48d3191e7bd6245bd2df625731f1ad9207a26655 commit r12-6947-g48d3191e7bd6245bd2df625731f1ad9207a26655 Author: Martin Sebor <msebor@redhat.com> Date: Mon Jan 31 12:04:55 2022 -0700 Constrain PHI handling in -Wuse-after-free [PR104232]. Resolves: PR middle-end/104232 - spurious -Wuse-after-free after conditional free gcc/ChangeLog: PR middle-end/104232 * gimple-ssa-warn-access.cc (pointers_related_p): Add argument. Handle PHIs. Add a synonymous overload. (pass_waccess::check_pointer_uses): Call pointers_related_p. gcc/testsuite/ChangeLog: PR middle-end/104232 * g++.dg/warn/Wuse-after-free4.C: New test. * gcc.dg/Wuse-after-free-2.c: New test. * gcc.dg/Wuse-after-free-3.c: New test.
Fixed in r12-6947.