[Bug analyzer/100116] New: analyzer event messages for conditionals have the sense of the gimple IR rather than the source

dmalcolm at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Fri Apr 16 14:01:48 GMT 2021 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100116

            Bug ID: 100116
           Summary: analyzer event messages for conditionals have the
                    sense of the gimple IR rather than the source
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

Consider:

$ cat v.c
# define LIKELY(x)          __builtin_expect(!!(x), 1)

__attribute__ ((__noreturn__))
extern void vex_assert_fail ( const char* expr, const char* file,
                              int line, const char* fn );

#define vassert(expr)                                           \
  ((void) (LIKELY(expr) ? 0 :                                   \
           (vex_assert_fail (#expr,  __FILE__, __LINE__, __PRETTY_FUNCTION__),
0)))

void test (int nbuf)
{
   vassert(nbuf >= 32);
   __analyzer_dump_path ();
}

$ ./xgcc -B. -S -fanalyzer v.c -fdump-ipa-analyzer=stderr
v.c: In function ‘test’:
v.c:14:4: warning: implicit declaration of function ‘__analyzer_dump_path’
[-Wimplicit-function-declaration]
   14 |    __analyzer_dump_path ();
      |    ^~~~~~~~~~~~~~~~~~~~
v.c:14:4: note: path
   14 |    __analyzer_dump_path ();
      |    ^~~~~~~~~~~~~~~~~~~~~~~
  ‘test’: event 1
    |
    |    8 |   ((void) (LIKELY(expr) ? 0 :                                   \
    |      |   ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |    |
    |      |    (1) following ‘false’ branch...
    |    9 |            (vex_assert_fail (#expr,  __FILE__, __LINE__,
__PRETTY_FUNCTION__), 0)))
    |      |           
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
v.c:13:4: note: in expansion of macro ‘vassert’
    |   13 |    vassert(nbuf >= 32);
    |      |    ^~~~~~~
    |
  ‘test’: events 2-3
    |
    |   14 |    __analyzer_dump_path ();
    |      |    ^~~~~~~~~~~~~~~~~~~~~~~
    |      |    |
    |      |    (2) ...to here
    |      |    (3) here
    |
void test (int nbuf)
{
  static const char __PRETTY_FUNCTION__[5] = "test";
  _Bool _1;
  long int _2;
  long int _3;

  <bb 2> :
  _1 = nbuf_4(D) > 31;
  _2 = (long int) _1;
  _3 = __builtin_expect (_2, 1);
  if (_3 == 0)
    goto <bb 3>; [INV]
  else
    goto <bb 4>; [INV]

  <bb 3> :
  vex_assert_fail ("nbuf >= 32", "v.c", 13, &__PRETTY_FUNCTION__);

  <bb 4> :
  __analyzer_dump_path ();
  return;

}

Note how event (1) in the path reads:
  (1) following ‘false’ branch...

It is indeed following the false branch in the gimple IR (from <bb 2> to <bb
4>), skipping the vex_assert_fail, but this is confusing to the user, since
it's following the *true* path from the perspective of the user's source code:

  (LIKELY(expr) ? 0 :                                   \
           (vex_assert_fail (#expr,  __FILE__, __LINE__, __PRETTY_FUNCTION__),
0)))

i.e. where LIKELY(expr) is true.

Such messages should refer to the user's source code, not to our IR.

More information about the Gcc-bugs mailing list