public inbox for gcc-cvs@sourceware.org help / color / mirror / Atom feed
From: David Malcolm <dmalcolm@gcc.gnu.org> To: gcc-cvs@gcc.gnu.org Subject: [gcc r12-7000] analyzer: fix missing check for uninit of return values Date: Wed, 2 Feb 2022 14:56:43 +0000 (GMT) [thread overview] Message-ID: <20220202145643.E95273857C45@sourceware.org> (raw) https://gcc.gnu.org/g:13ad6d9f50e3f197246b460c4d9a9e80ba2559cf commit r12-7000-g13ad6d9f50e3f197246b460c4d9a9e80ba2559cf Author: David Malcolm <dmalcolm@redhat.com> Date: Fri Jan 28 13:37:51 2022 -0500 analyzer: fix missing check for uninit of return values When moving the -fanalyzer tests for -ftrivial-auto-var-init to the "torture" subdirectory of gcc.dg/analyzer I noticed that -fanalyzer wasn't always properly checking for initialization of return values. The issue was that some "return" handling was using region_model::copy_region to copy to the RESULT_DECL, and copy_region wasn't checking for poisoned svalues. This patch eliminates region_model::copy_region in favor of simply doing a get_ravlue/set_value pair, fixing the issue. gcc/analyzer/ChangeLog: * region-model.cc (region_model::on_return): Replace usage of copy_region with get_rvalue/set_value pair. (region_model::pop_frame): Likewise. (selftest::test_compound_assignment): Likewise. * region-model.h (region_model::copy_region): Delete decl. * region.cc (region_model::copy_region): Delete. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/torture/ubsan-1.c: Add missing return stmts. * gcc.dg/analyzer/uninit-trivial-auto-var-init-pattern.c: Move to... * gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-pattern.c: ...here. * gcc.dg/analyzer/uninit-trivial-auto-var-init-uninitialized.c: Move to... * gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-uninitialized.c: ...here. * gcc.dg/analyzer/uninit-trivial-auto-var-init-zero.c: Move to... * gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-zero.c: ...here. Signed-off-by: David Malcolm <dmalcolm@redhat.com> Diff: --- gcc/analyzer/region-model.cc | 21 +++++++++++---------- gcc/analyzer/region-model.h | 2 -- gcc/analyzer/region.cc | 15 --------------- gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c | 2 ++ .../torture/uninit-trivial-auto-var-init-pattern.c | 10 ++++++++++ .../uninit-trivial-auto-var-init-uninitialized.c | 10 ++++++++++ .../torture/uninit-trivial-auto-var-init-zero.c | 10 ++++++++++ .../analyzer/uninit-trivial-auto-var-init-pattern.c | 7 ------- .../uninit-trivial-auto-var-init-uninitialized.c | 7 ------- .../analyzer/uninit-trivial-auto-var-init-zero.c | 7 ------- 10 files changed, 43 insertions(+), 48 deletions(-) diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 58c7028fc9c..6e7a21d0f9c 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -1559,7 +1559,11 @@ region_model::on_return (const greturn *return_stmt, region_model_context *ctxt) tree rhs = gimple_return_retval (return_stmt); if (lhs && rhs) - copy_region (get_lvalue (lhs, ctxt), get_lvalue (rhs, ctxt), ctxt); + { + const svalue *sval = get_rvalue (rhs, ctxt); + const region *ret_reg = get_lvalue (lhs, ctxt); + set_value (ret_reg, sval, ctxt); + } } /* Update this model for a call and return of setjmp/sigsetjmp at CALL within @@ -3618,15 +3622,11 @@ region_model::pop_frame (const region *result_dst_reg, tree result = DECL_RESULT (fndecl); if (result && TREE_TYPE (result) != void_type_node) { + const svalue *retval = get_rvalue (result, ctxt); if (result_dst_reg) - { - /* Copy the result to RESULT_DST_REG. */ - copy_region (result_dst_reg, - get_lvalue (result, ctxt), - ctxt); - } + set_value (result_dst_reg, retval, ctxt); if (out_result) - *out_result = get_rvalue (result, ctxt); + *out_result = retval; } /* Pop the frame. */ @@ -4758,8 +4758,9 @@ test_compound_assignment () model.set_value (c_y, int_m3, NULL); /* Copy c to d. */ - model.copy_region (model.get_lvalue (d, NULL), model.get_lvalue (c, NULL), - NULL); + const svalue *sval = model.get_rvalue (c, NULL); + model.set_value (model.get_lvalue (d, NULL), sval, NULL); + /* Check that the fields have the same svalues. */ ASSERT_EQ (model.get_rvalue (c_x, NULL), model.get_rvalue (d_x, NULL)); ASSERT_EQ (model.get_rvalue (c_y, NULL), model.get_rvalue (d_y, NULL)); diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h index 3fa090d771e..46cf37e6b26 100644 --- a/gcc/analyzer/region-model.h +++ b/gcc/analyzer/region-model.h @@ -676,8 +676,6 @@ class region_model void zero_fill_region (const region *reg); void mark_region_as_unknown (const region *reg, uncertainty_t *uncertainty); - void copy_region (const region *dst_reg, const region *src_reg, - region_model_context *ctxt); tristate eval_condition (const svalue *lhs, enum tree_code op, const svalue *rhs) const; diff --git a/gcc/analyzer/region.cc b/gcc/analyzer/region.cc index 77554b86143..0adc75e577d 100644 --- a/gcc/analyzer/region.cc +++ b/gcc/analyzer/region.cc @@ -539,21 +539,6 @@ region::get_relative_concrete_offset (bit_offset_t *) const return false; } -/* Copy from SRC_REG to DST_REG, using CTXT for any issues that occur. */ - -void -region_model::copy_region (const region *dst_reg, const region *src_reg, - region_model_context *ctxt) -{ - gcc_assert (dst_reg); - gcc_assert (src_reg); - if (dst_reg == src_reg) - return; - - const svalue *sval = get_store_value (src_reg, ctxt); - set_value (dst_reg, sval, ctxt); -} - /* Dump a description of this region to stderr. */ DEBUG_FUNCTION void diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c b/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c index b9f34f166ba..2e1e6a09fea 100644 --- a/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c @@ -19,6 +19,7 @@ int test_2 (int *arr, int i, int n) __analyzer_eval (arr[i]); /* { dg-warning "TRUE" } */ else __analyzer_eval (arr[i]); /* { dg-warning "FALSE" } */ + return 1; } int test_3 (int arr[], int i, int n) @@ -29,6 +30,7 @@ int test_3 (int arr[], int i, int n) __analyzer_eval (arr[i]); /* { dg-warning "TRUE" } */ else __analyzer_eval (arr[i]); /* { dg-warning "FALSE" } */ + return 1; } void test_4 (int i, int n) diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-pattern.c b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-pattern.c new file mode 100644 index 00000000000..2445ee509df --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-pattern.c @@ -0,0 +1,10 @@ +/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */ +/* { dg-additional-options "-ftrivial-auto-var-init=pattern" } */ + +int test_1 (void) +{ + int i; /* { dg-message "region created on stack here" } */ + return i; /* { dg-warning "use of uninitialized value 'i.*'" } */ + /* FIXME: the LTO build sometimes shows SSA names here + (PR analyzer/94976). */ +} diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-uninitialized.c b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-uninitialized.c new file mode 100644 index 00000000000..7c4dd27adec --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-uninitialized.c @@ -0,0 +1,10 @@ +/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */ +/* { dg-additional-options "-ftrivial-auto-var-init=uninitialized" } */ + +int test_1 (void) +{ + int i; /* { dg-message "region created on stack here" } */ + return i; /* { dg-warning "use of uninitialized value 'i.*'" } */ + /* FIXME: the LTO build sometimes shows SSA names here + (PR analyzer/94976). */ +} diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-zero.c b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-zero.c new file mode 100644 index 00000000000..6486d25a72a --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-zero.c @@ -0,0 +1,10 @@ +/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */ +/* { dg-additional-options "-ftrivial-auto-var-init=zero" } */ + +int test_1 (void) +{ + int i; /* { dg-message "region created on stack here" } */ + return i; /* { dg-warning "use of uninitialized value 'i.*'" } */ + /* FIXME: the LTO build sometimes shows SSA names here + (PR analyzer/94976). */ +} diff --git a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-pattern.c b/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-pattern.c deleted file mode 100644 index 0b78dc65267..00000000000 --- a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-pattern.c +++ /dev/null @@ -1,7 +0,0 @@ -/* { dg-additional-options "-ftrivial-auto-var-init=pattern" } */ - -int test_1 (void) -{ - int i; /* { dg-message "region created on stack here" } */ - return i; /* { dg-warning "use of uninitialized value 'i'" } */ -} diff --git a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-uninitialized.c b/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-uninitialized.c deleted file mode 100644 index 124d3a327b8..00000000000 --- a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-uninitialized.c +++ /dev/null @@ -1,7 +0,0 @@ -/* { dg-additional-options "-ftrivial-auto-var-init=uninitialized" } */ - -int test_1 (void) -{ - int i; /* { dg-message "region created on stack here" } */ - return i; /* { dg-warning "use of uninitialized value 'i'" } */ -} diff --git a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-zero.c b/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-zero.c deleted file mode 100644 index ef7dc674867..00000000000 --- a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-zero.c +++ /dev/null @@ -1,7 +0,0 @@ -/* { dg-additional-options "-ftrivial-auto-var-init=zero" } */ - -int test_1 (void) -{ - int i; /* { dg-message "region created on stack here" } */ - return i; /* { dg-warning "use of uninitialized value 'i'" } */ -}
reply other threads:[~2022-02-02 14:56 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220202145643.E95273857C45@sourceware.org \ --to=dmalcolm@gcc.gnu.org \ --cc=gcc-cvs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).