[Bug analyzer/106626] Improvements to wording of -Wanalyzer-out-of-bounds

["cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106626

--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:1d86af242bc4a8e68aebf1f3b8c985f2d17fa791

commit r13-4429-g1d86af242bc4a8e68aebf1f3b8c985f2d17fa791
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Nov 30 21:26:43 2022 -0500

    diagnostics: tweak diagnostic_path::interprocedural_p [PR106626]

    The region-creation event at the start of...

    <source>: In function 'int_arr_write_element_after_end_off_by_one':
    <source>:14:11: warning: buffer overflow [CWE-787]
[-Wanalyzer-out-of-bounds]
       14 |   arr[10] = x;
          |   ~~~~~~~~^~~
      event 1
        |
        |   10 | int32_t arr[10];
        |      |         ^~~
        |      |         |
        |      |         (1) capacity is 40 bytes
        |
        +--> 'int_arr_write_element_after_end_off_by_one': events 2-3
               |
               |   12 | void int_arr_write_element_after_end_off_by_one(int32_t
x)
               |      |      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
               |      |      |
               |      |      (2) entry to
'int_arr_write_element_after_end_off_by_one'
               |   13 | {
               |   14 |   arr[10] = x;  /* { dg-line line } */
               |      |   ~~~~~~~~~~~
               |      |           |
               |      |           (3) out-of-bounds write from byte 40 till
byte 43 but 'arr' ends at byte 40
               |
    <source>:14:11: note: write of 4 bytes to beyond the end of 'arr'
       14 |   arr[10] = x;
          |   ~~~~~~~~^~~
    <source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]'

    ...makes diagnostic_manager::finish_pruning consider the path to be
    interprocedural, and so it doesn't prune the function entry event.

    This patch tweaks diagnostic_path::interprocedural_p to ignore
    leading events outside of any function, so that it considers the
    path to be intraprocedural, and thus diagnostic_manager::finish_pruning
    prunes the function entry event, leading to this simpler output:

    <source>: In function 'int_arr_write_element_after_end_off_by_one':
    <source>:14:11: warning: buffer overflow [CWE-787]
[-Wanalyzer-out-of-bounds]
       14 |   arr[10] = x;
          |   ~~~~~~~~^~~
      event 1
        |
        |   10 | int32_t arr[10];
        |      |         ^~~
        |      |         |
        |      |         (1) capacity is 40 bytes
        |
        +--> 'int_arr_write_element_after_end_off_by_one': event 2
               |
               |   14 |   arr[10] = x;
               |      |   ~~~~~~~~^~~
               |      |           |
               |      |           (2) out-of-bounds write from byte 40 till
byte 43 but 'arr' ends at byte 40
               |
    <source>:14:11: note: write of 4 bytes to beyond the end of 'arr'
    <source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]'

    gcc/ChangeLog:
            PR analyzer/106626
            * diagnostic-path.h
            (diagnostic_path::get_first_event_in_a_function): New decl.
            * diagnostic.cc (diagnostic_path::get_first_event_in_a_function):
            New.
            (diagnostic_path::interprocedural_p): Ignore leading events that
            are outside of any function.

    gcc/testsuite/ChangeLog:
            PR analyzer/106626
            * gcc.dg/analyzer/out-of-bounds-multiline-1.c: New test.

    Signed-off-by: David Malcolm <dmalcolm@redhat.com>