[gcc(refs/users/arsenic/heads/analyzer_extension)] analyzer: detect and analyze virtual function calls

public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed

From: Ankur saini <arsenic@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc(refs/users/arsenic/heads/analyzer_extension)] analyzer: detect and analyze virtual function calls
Date: Mon, 16 Aug 2021 13:23:13 +0000 (GMT)	[thread overview]
Message-ID: <20210816132313.A94AB3947C38@sourceware.org> (raw)

https://gcc.gnu.org/g:10df498d47bc941e507647e165671a8b8d199129

commit 10df498d47bc941e507647e165671a8b8d199129
Author: Ankur Saini <arsenic@sourceware.org>
Date:   Sun Aug 15 19:19:07 2021 +0530

    analyzer: detect and analyze virtual function calls
    
    2021-08-15  Ankur Saini  <arsenic@sourceware.org>
    
    gcc/analyzer/ChangeLog:
            * analyzer/region-model.cc (region_model::get_rvalue_1): Add case for
            OBJ_TYPE_REF.
    
    gcc/testsuite/ChangeLog:
            *g++.dg/analyzer/vfunc-2.C: New test.
            *g++.dg/analyzer/vfunc-3.C: New test.

Diff:
---
 gcc/analyzer/region-model.cc            |  5 ++++
 gcc/testsuite/g++.dg/analyzer/vfunc-2.C | 44 +++++++++++++++++++++++++++++++++
 gcc/testsuite/g++.dg/analyzer/vfunc-3.C | 36 +++++++++++++++++++++++++++
 gcc/testsuite/g++.dg/analyzer/vfunc-4.C | 28 +++++++++++++++++++++
 4 files changed, 113 insertions(+)

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 2316fbe5041..822e893e899 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1841,6 +1841,11 @@ region_model::get_rvalue_1 (path_var pv, region_model_context *ctxt) const
 	const region *ref_reg = get_lvalue (pv, ctxt);
 	return get_store_value (ref_reg, ctxt);
       }
+    case OBJ_TYPE_REF:
+      {
+        tree expr = OBJ_TYPE_REF_EXPR (pv.m_tree);
+        return get_rvalue (expr, ctxt);
+      }
     }
 }
 
diff --git a/gcc/testsuite/g++.dg/analyzer/vfunc-2.C b/gcc/testsuite/g++.dg/analyzer/vfunc-2.C
new file mode 100644
index 00000000000..46b68e529e6
--- /dev/null
+++ b/gcc/testsuite/g++.dg/analyzer/vfunc-2.C
@@ -0,0 +1,44 @@
+#include <cstdio>
+#include <cstdlib>
+
+struct A
+{
+    int m_data;
+    A() {m_data = 0;}
+    virtual int deallocate (void) 
+    {
+        return 42;
+    }
+};
+
+struct B: public A
+{
+    int *ptr;
+    int m_data_b;
+    B() {m_data_b = 0;}
+    void allocate ()
+    {
+        ptr = (int*)malloc(sizeof(int));
+    }
+    int deallocate (void) 
+    { 
+        free(ptr);
+        return 0;
+    }
+};
+
+void foo(A *a_ptr)
+{
+    printf("%d\n",a_ptr->deallocate());
+}
+
+void test()
+{
+    B b;
+    A a, *aptr;
+    aptr = &b;
+    b.allocate();
+    foo(aptr);
+    aptr = &a;
+    foo(aptr);
+}
diff --git a/gcc/testsuite/g++.dg/analyzer/vfunc-3.C b/gcc/testsuite/g++.dg/analyzer/vfunc-3.C
new file mode 100644
index 00000000000..bd00bb436c8
--- /dev/null
+++ b/gcc/testsuite/g++.dg/analyzer/vfunc-3.C
@@ -0,0 +1,36 @@
+#include <cstdlib>
+
+struct A
+{
+    virtual int foo (void) 
+    {
+        return 42;
+    }
+};
+
+struct B: public A
+{
+    int *ptr;
+    void alloc ()
+    {
+        ptr = (int*)malloc(sizeof(int));
+    }
+    int foo (void) 
+    { 
+        free(ptr); /* { dg-warning "double-'free' of 'b.B::ptr'" } */
+        return 0;
+    }
+};
+
+int test()
+{
+    struct B b, *bptr=&b;
+    b.alloc();
+    bptr->foo(); /* { dg-message "calling 'B::foo' from 'test'" } */
+    return bptr->foo();
+}
+
+int main()
+{
+    test();
+}
diff --git a/gcc/testsuite/g++.dg/analyzer/vfunc-4.C b/gcc/testsuite/g++.dg/analyzer/vfunc-4.C
new file mode 100644
index 00000000000..975108400b1
--- /dev/null
+++ b/gcc/testsuite/g++.dg/analyzer/vfunc-4.C
@@ -0,0 +1,28 @@
+#include "../../gcc.dg/analyzer/analyzer-decls.h"
+
+struct A
+{
+  int m_data;
+  virtual char foo ()
+  {
+    return 'A';
+  }
+};
+
+struct B: public A
+{
+  int m_data_b;
+  char foo ()
+  {
+    return 'B';
+  }
+};
+
+void test()
+{
+  A a, *a_ptr = &a;
+  B b;
+  __analyzer_eval (a_ptr->foo () == 'A'); /* { dg-warning "TRUE" } */
+  a_ptr = &b;
+  __analyzer_eval (a_ptr->foo () == 'B'); /* { dg-warning "TRUE" } */
+}

next             reply	other threads:[~2021-08-16 13:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-16 13:23 Ankur saini [this message]
  -- strict thread matches above, loose matches on Subject: below --
2021-08-20  4:27 Ankur saini
2021-08-17  1:52 Ankur saini
2021-08-16 16:37 Ankur saini
2021-08-16 11:42 Ankur saini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210816132313.A94AB3947C38@sourceware.org \
    --to=arsenic@gcc.gnu.org \
    --cc=gcc-cvs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).