From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2209) id B7A6B385841F; Mon, 7 Mar 2022 19:21:28 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B7A6B385841F MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" From: David Malcolm To: gcc-cvs@gcc.gnu.org Subject: [gcc r12-7525] analyzer: fix leak suppression at end of 'main' [PR101983] X-Act-Checkin: gcc X-Git-Author: David Malcolm X-Git-Refname: refs/heads/master X-Git-Oldrev: e3ca3e7993696affe95a3ea24c2b133c14a056e4 X-Git-Newrev: 0af37ad4422052be4b7f779737e14c80e57d0ad9 Message-Id: <20220307192128.B7A6B385841F@sourceware.org> Date: Mon, 7 Mar 2022 19:21:28 +0000 (GMT) X-BeenThere: gcc-cvs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-cvs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2022 19:21:28 -0000 https://gcc.gnu.org/g:0af37ad4422052be4b7f779737e14c80e57d0ad9 commit r12-7525-g0af37ad4422052be4b7f779737e14c80e57d0ad9 Author: David Malcolm Date: Mon Mar 7 14:19:30 2022 -0500 analyzer: fix leak suppression at end of 'main' [PR101983] PR analyzer/101983 reports what I thought were false positives from -Wanalyzer-malloc-leak, but on closer inspection, the analyzer is correctly reporting heap-allocated buffers that are no longer reachable. However, these "leaks" occur at the end of "main". The analyzer already has some logic to avoid reporting leaks at the end of main, where the leak is detected at the end of the EXIT basic block. However, in this case, the leak is detected at the clobber in BB 2 here: : func (&res); res ={v} {CLOBBER(eol)}; _4 = 0; : : return _4; where we have a chain BB 2 -> BB 3 -> EXIT BB. This patch generalizes the "are we at the end of 'main'" detection to handle such cases, silencing -Wanalyzer-malloc-leak on them. There's a remaining issue where the analyzer unhelpfully describes one of the leaking values as '', rather than 'res.a', but I'm leaving that for a followup (covered by PR analyzer/99771). gcc/analyzer/ChangeLog: PR analyzer/101983 * engine.cc (returning_from_function_p): New. (impl_region_model_context::on_state_leak): Use it when rejecting leaks at the return from "main". gcc/testsuite/ChangeLog: PR analyzer/101983 * gcc.dg/analyzer/pr101983-main.c: New test. * gcc.dg/analyzer/pr101983-not-main.c: New test. Signed-off-by: David Malcolm Diff: --- gcc/analyzer/engine.cc | 48 ++++++++++++++++++++++- gcc/testsuite/gcc.dg/analyzer/pr101983-main.c | 38 ++++++++++++++++++ gcc/testsuite/gcc.dg/analyzer/pr101983-not-main.c | 40 +++++++++++++++++++ 3 files changed, 124 insertions(+), 2 deletions(-) diff --git a/gcc/analyzer/engine.cc b/gcc/analyzer/engine.cc index 94c13d4e1cf..8c3133e2444 100644 --- a/gcc/analyzer/engine.cc +++ b/gcc/analyzer/engine.cc @@ -740,6 +740,51 @@ readability_comparator (const void *p1, const void *p2) return 0; } +/* Return true is SNODE is the EXIT node of a function, or is one + of the final snodes within its function. + + Specifically, handle the final supernodes before the EXIT node, + for the case of clobbers that happen immediately before exiting. + We need a run of snodes leading to the return_p snode, where all edges are + intraprocedural, and every snode has just one successor. + + We use this when suppressing leak reports at the end of "main". */ + +static bool +returning_from_function_p (const supernode *snode) +{ + if (!snode) + return false; + + unsigned count = 0; + const supernode *iter = snode; + while (true) + { + if (iter->return_p ()) + return true; + if (iter->m_succs.length () != 1) + return false; + const superedge *sedge = iter->m_succs[0]; + if (sedge->get_kind () != SUPEREDGE_CFG_EDGE) + return false; + iter = sedge->m_dest; + + /* Impose a limit to ensure we terminate for pathological cases. + + We only care about the final 3 nodes, due to cases like: + BB: + (clobber causing leak) + + BB: +