Warnings from GCC -fanalyzer

[samth]

GCC has a relatively-new static analysis pass that can warn about various problems. I ran it (using GCC v13.2) on Chez Scheme as built by Racket. Below are the first few warnings it generated, at verbosity level 0. If it's helpful I can provide more of the control flow that the analysis thinks can lead to the problem. If these problems seem worth fixing then I'll include the rest.

../ChezScheme/c/segment.c: In function ‘contract_segment_table’:
../ChezScheme/c/segment.c:565:15: warning: dereference of NULL ‘t2i’ [CWE-476] [-Wanalyzer-null-dereference]
  565 |       if ((t2i->refcount -= 1) == 0) {
      |            ~~~^~~~~~~~~~
  ‘S_free_chunk’: event 1
    |
    |  452 |   contract_segment_table(chunk->base, chunk->base + chunk->segs);
    |      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |   |
    |      |   (1) calling ‘contract_segment_table’ from ‘S_free_chunk’
    |
    +--> ‘contract_segment_table’: events 2-4
           |
           |  553 |     t2i = S_segment_info[SEGMENT_T3_IDX(base)];
           |      |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |         |
           |      |         (3) ‘t2i’ is NULL
           |......
           |  565 |       if ((t2i->refcount -= 1) == 0) {
           |      |            ~~~~~~~~~~~~~                      
           |      |               |
           |      |               (4) dereference of NULL ‘t2i’
           |  566 |         S_freemem((void *)t2i, sizeof(t2table), 0);
           |  567 |         S_segment_info[SEGMENT_T3_IDX(base)] = NULL;
           |      |                                              ^
           |      |                                              |
           |      |                                              (2) ‘0’ is NULL

../ChezScheme/c/vfasl.c: In function ‘S_vfasl’:
../ChezScheme/c/vfasl.c:163:17: warning: use of uninitialized value ‘vspaces[s]’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
  163 |     if (!vspaces[s])
      |          ~~~~~~~^~~
  ‘S_vfasl_to’: event 1
    |
    |  465 |   return S_vfasl(bv, NULL, 0, Sbytevector_length(bv));
    |      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |          |
    |      |          (1) calling ‘S_vfasl’ from ‘S_vfasl_to’
    |
    +--> ‘S_vfasl’: events 2-3
           |
           |   94 |   ptr vspaces[vspaces_count];
           |      |       ^~~~~~~
           |      |       |
           |      |       (2) region created on stack here
           |......
           |  163 |     if (!vspaces[s])
           |      |          ~~~~~~~~~~
           |      |                 |
           |      |                 (3) use of uninitialized value ‘vspaces[s]’ here
           |

../ChezScheme/c/prim5.c: In function ‘s_process’:
../ChezScheme/c/prim5.c:899:22: warning: leak of file descriptor ‘dup(tofds[0])’ [CWE-775] [-Wanalyzer-fd-leak]
  899 |         CLOSE(0); if (dup(tofds[0]) != 0) _exit(1);
      |                      ^
  ‘s_process’: events 1-4
    |
    |  879 |     if (pipe(tofds)) S_error("process","cannot open pipes");
    |      |         ^~~~~~~~~~~
    |      |         |
    |      |         (1) when ‘pipe’ succeeds
    |  880 |     if (pipe(fromfds)) {
    |      |         ~~~~~~~~~~~~~
    |      |         |
    |      |         (2) when ‘pipe’ succeeds
    |......
    |  899 |         CLOSE(0); if (dup(tofds[0]) != 0) _exit(1);
    |      |                      ~~~~~~~~~~~~~~
    |      |                      ||
    |      |                      |(3) opened here
    |      |                      (4) ‘dup(tofds[0])’ leaks here; was opened at (3)
    |

[mnieper]

I think this is useful in any case. Either it is a bogus warning, in which case it should be reported to the GCC maintainers, or it is an actual error in Chez's source, in which case it should be fixed.