From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id B6D36385F01F; Wed, 17 Feb 2021 15:38:35 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B6D36385F01F
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/98969] [11 Regression] ICE: Segmentation fault (in
 print_mem_ref)
Date: Wed, 17 Feb 2021 15:38:35 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 11.0
X-Bugzilla-Keywords: ice-on-valid-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 11.0
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-98969-4-4noqBMSuKB@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-98969-4@http.gcc.gnu.org/bugzilla/>
References: <bug-98969-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2021 15:38:35 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D98969

--- Comment #12 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:e0139b2a912585496f23c352f0e2c56895f78fbf

commit r11-7270-ge0139b2a912585496f23c352f0e2c56895f78fbf
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Feb 17 10:37:16 2021 -0500

    analyzer: fix false leak involving params [PR98969]

    This patch updates the svalue liveness code so that the initial value
    of parameters at top-level functions to the analysis are treated as
    live (since the values are presumably still live within the
    outside-of-the-analysis calling code).

    This fixes the false leak in PR analyzer/98969 seen on:

    void
    test (long int i)
    {
      struct foo *f =3D (struct foo *)i;
      f->expr =3D __builtin_malloc (1024);
    }

    since the calling code can presumably still access the allocated
    buffer via:
      ((struct foo *)i)->expr

    The patch also removes the expected leak warnings from
    g++.dg/analyzer/pr99064.C and gcc.dg/analyzer/pr96841.c, which now
    appear to me to be false positives.

    gcc/analyzer/ChangeLog:
            PR analyzer/98969
            * constraint-manager.cc (dead_svalue_purger::should_purge_p):
            Update for change to svalue::live_p.
            * program-state.cc (sm_state_map::on_liveness_change): Likewise.
            (program_state::detect_leaks): Likewise.
            * region-model-reachability.cc (reachable_regions::init_cluster=
):
            When dealing with a symbolic region, if the underlying pointer =
is
            implicitly live, add the region to the reachable regions.
            * region-model.cc (region_model::compare_initial_and_pointer):
            Move logic for detecting initial values of params to
            initial_svalue::initial_value_of_param_p.
            * svalue.cc (svalue::live_p): Convert "live_svalues" from a
            reference to a pointer; support it being NULL.
            (svalue::implicitly_live_p): Convert first param from a
            refererence to a pointer.
            (region_svalue::implicitly_live_p): Likewise.
            (constant_svalue::implicitly_live_p): Likewise.
            (initial_svalue::implicitly_live_p): Likewise.  Treat the initi=
al
            values of params for the top level frame as still live.
            (initial_svalue::initial_value_of_param_p): New function, taken
            from a test in region_model::compare_initial_and_pointer.
            (unaryop_svalue::implicitly_live_p): Convert first param from a
            refererence to a pointer.
            (binop_svalue::implicitly_live_p): Likewise.
            (sub_svalue::implicitly_live_p): Likewise.
            (unmergeable_svalue::implicitly_live_p): Likewise.
            * svalue.h (svalue::live_p): Likewise.
            (svalue::implicitly_live_p): Likewise.
            (region_svalue::implicitly_live_p): Likewise.
            (constant_svalue::implicitly_live_p): Likewise.
            (initial_svalue::implicitly_live_p): Likewise.
            (initial_svalue::initial_value_of_param_p): New decl.
            (unaryop_svalue::implicitly_live_p): Convert first param from a
            refererence to a pointer.
            (binop_svalue::implicitly_live_p): Likewise.
            (sub_svalue::implicitly_live_p): Likewise.
            (unmergeable_svalue::implicitly_live_p): Likewise.

    gcc/testsuite/ChangeLog:
            PR analyzer/98969
            * g++.dg/analyzer/pr99064.C: Convert dg-bogus to dg-warning.
            * gcc.dg/analyzer/pr96841.c: Add -Wno-analyzer-too-complex to
            options.  Remove false leak directive.
            * gcc.dg/analyzer/pr98969.c (test_1): Remove xfail from leak
            false positive.
            (test_3): New.=