analyzer: disable the "taint" checker by default
PR analyzer/93032 tracks a false negative where we fail to report
FILE * leaks within zlib/contrib/minizip/mztools.c.
The underlying issue is a combinatorial explosion of states within the
exploded graph. In particular, the state of the "taint" checker is
exploding, leading to the analyzer bailing out.
I have a patch kit under construction that fixes the state explosion
issue enough for the "file" checker to report the leaks, but doing so
requires disabling the "taint" checker. Given that the latter is more
of a proof-of-concept, this patch disables it by default, to stop it
breaking the other checkers.
gcc/analyzer/ChangeLog:
PR analyzer/93032
* sm.cc (make_checkers): Require the "taint" checker to be
explicitly enabled.
gcc/ChangeLog:
PR analyzer/93032
* doc/invoke.texi (-Wnanalyzer-tainted-array-index): Note that
-fanalyzer-checker=taint is also required.
(-fanalyzer-checker=): Note that providing this option enables the
given checker, and doing so may be required for checkers that are
disabled by default.
gcc/testsuite/ChangeLog:
PR analyzer/93032
* gcc.dg/analyzer/pr93382.c: Add "-fanalyzer-checker=taint".
* gcc.dg/analyzer/taint-1.c: Likewise.
projects / platform / upstream / gcc.git / commit