From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arsenic@sourceware.org>
Received: by sourceware.org (Postfix, from userid 7853)
 id A94AB3947C38; Mon, 16 Aug 2021 13:23:13 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A94AB3947C38
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ankur saini <arsenic@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc(refs/users/arsenic/heads/analyzer_extension)] analyzer: detect
 and analyze virtual function calls
X-Act-Checkin: gcc
X-Git-Author: Ankur Saini <arsenic@sourceware.org>
X-Git-Refname: refs/users/arsenic/heads/analyzer_extension
X-Git-Oldrev: e7bb9c5e5652cf97cd217ad39b0429bf9c21b799
X-Git-Newrev: 10df498d47bc941e507647e165671a8b8d199129
Message-Id: <20210816132313.A94AB3947C38@sourceware.org>
Date: Mon, 16 Aug 2021 13:23:13 +0000 (GMT)
X-BeenThere: gcc-cvs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-cvs mailing list <gcc-cvs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-cvs/>
List-Help: <mailto:gcc-cvs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 13:23:13 -0000

https://gcc.gnu.org/g:10df498d47bc941e507647e165671a8b8d199129

commit 10df498d47bc941e507647e165671a8b8d199129
Author: Ankur Saini <arsenic@sourceware.org>
Date:   Sun Aug 15 19:19:07 2021 +0530

    analyzer: detect and analyze virtual function calls
    
    2021-08-15  Ankur Saini  <arsenic@sourceware.org>
    
    gcc/analyzer/ChangeLog:
            * analyzer/region-model.cc (region_model::get_rvalue_1): Add case for
            OBJ_TYPE_REF.
    
    gcc/testsuite/ChangeLog:
            *g++.dg/analyzer/vfunc-2.C: New test.
            *g++.dg/analyzer/vfunc-3.C: New test.

Diff:
---
 gcc/analyzer/region-model.cc            |  5 ++++
 gcc/testsuite/g++.dg/analyzer/vfunc-2.C | 44 +++++++++++++++++++++++++++++++++
 gcc/testsuite/g++.dg/analyzer/vfunc-3.C | 36 +++++++++++++++++++++++++++
 gcc/testsuite/g++.dg/analyzer/vfunc-4.C | 28 +++++++++++++++++++++
 4 files changed, 113 insertions(+)

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 2316fbe5041..822e893e899 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1841,6 +1841,11 @@ region_model::get_rvalue_1 (path_var pv, region_model_context *ctxt) const
 	const region *ref_reg = get_lvalue (pv, ctxt);
 	return get_store_value (ref_reg, ctxt);
       }
+    case OBJ_TYPE_REF:
+      {
+        tree expr = OBJ_TYPE_REF_EXPR (pv.m_tree);
+        return get_rvalue (expr, ctxt);
+      }
     }
 }
 
diff --git a/gcc/testsuite/g++.dg/analyzer/vfunc-2.C b/gcc/testsuite/g++.dg/analyzer/vfunc-2.C
new file mode 100644
index 00000000000..46b68e529e6
--- /dev/null
+++ b/gcc/testsuite/g++.dg/analyzer/vfunc-2.C
@@ -0,0 +1,44 @@
+#include <cstdio>
+#include <cstdlib>
+
+struct A
+{
+    int m_data;
+    A() {m_data = 0;}
+    virtual int deallocate (void) 
+    {
+        return 42;
+    }
+};
+
+struct B: public A
+{
+    int *ptr;
+    int m_data_b;
+    B() {m_data_b = 0;}
+    void allocate ()
+    {
+        ptr = (int*)malloc(sizeof(int));
+    }
+    int deallocate (void) 
+    { 
+        free(ptr);
+        return 0;
+    }
+};
+
+void foo(A *a_ptr)
+{
+    printf("%d\n",a_ptr->deallocate());
+}
+
+void test()
+{
+    B b;
+    A a, *aptr;
+    aptr = &b;
+    b.allocate();
+    foo(aptr);
+    aptr = &a;
+    foo(aptr);
+}
diff --git a/gcc/testsuite/g++.dg/analyzer/vfunc-3.C b/gcc/testsuite/g++.dg/analyzer/vfunc-3.C
new file mode 100644
index 00000000000..bd00bb436c8
--- /dev/null
+++ b/gcc/testsuite/g++.dg/analyzer/vfunc-3.C
@@ -0,0 +1,36 @@
+#include <cstdlib>
+
+struct A
+{
+    virtual int foo (void) 
+    {
+        return 42;
+    }
+};
+
+struct B: public A
+{
+    int *ptr;
+    void alloc ()
+    {
+        ptr = (int*)malloc(sizeof(int));
+    }
+    int foo (void) 
+    { 
+        free(ptr); /* { dg-warning "double-'free' of 'b.B::ptr'" } */
+        return 0;
+    }
+};
+
+int test()
+{
+    struct B b, *bptr=&b;
+    b.alloc();
+    bptr->foo(); /* { dg-message "calling 'B::foo' from 'test'" } */
+    return bptr->foo();
+}
+
+int main()
+{
+    test();
+}
diff --git a/gcc/testsuite/g++.dg/analyzer/vfunc-4.C b/gcc/testsuite/g++.dg/analyzer/vfunc-4.C
new file mode 100644
index 00000000000..975108400b1
--- /dev/null
+++ b/gcc/testsuite/g++.dg/analyzer/vfunc-4.C
@@ -0,0 +1,28 @@
+#include "../../gcc.dg/analyzer/analyzer-decls.h"
+
+struct A
+{
+  int m_data;
+  virtual char foo ()
+  {
+    return 'A';
+  }
+};
+
+struct B: public A
+{
+  int m_data_b;
+  char foo ()
+  {
+    return 'B';
+  }
+};
+
+void test()
+{
+  A a, *a_ptr = &a;
+  B b;
+  __analyzer_eval (a_ptr->foo () == 'A'); /* { dg-warning "TRUE" } */
+  a_ptr = &b;
+  __analyzer_eval (a_ptr->foo () == 'B'); /* { dg-warning "TRUE" } */
+}