public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
From: David Malcolm <dmalcolm@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r13-3168] analyzer: extract bits from integer constants [PR105783]
Date: Fri, 7 Oct 2022 16:43:29 +0000 (GMT) [thread overview]
Message-ID: <20221007164329.4040F3858D28@sourceware.org> (raw)
https://gcc.gnu.org/g:f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd
commit r13-3168-gf09b99550a3c6cd16f5e9150ebd4b1d87033dcbd
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Oct 7 12:41:59 2022 -0400
analyzer: extract bits from integer constants [PR105783]
Fix a false positive from -Wanalyzer-null-dereference due to -fanalyzer
failing to grok the value of a particular boolean field initialized to a
constant.
gcc/analyzer/ChangeLog:
PR analyzer/105783
* region-model.cc (selftest::get_bit): New function.
(selftest::test_bits_within_svalue_folding): New.
(selfftest::analyzer_region_model_cc_tests): Call it.
* svalue.cc (constant_svalue::maybe_fold_bits_within): Handle the
case of extracting a single bit.
gcc/testsuite/ChangeLog:
PR analyzer/105783
* gcc.dg/analyzer/pr105783.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diff:
---
gcc/analyzer/region-model.cc | 52 ++++++++++++++++++++++++++++++++
gcc/analyzer/svalue.cc | 17 ++++++++++-
gcc/testsuite/gcc.dg/analyzer/pr105783.c | 26 ++++++++++++++++
3 files changed, 94 insertions(+), 1 deletion(-)
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index c50f5c6fb96..81ef41edee4 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -7132,6 +7132,57 @@ test_sub_svalue_folding ()
ASSERT_EQ (sub->get_type (), TREE_TYPE (ct.m_x_field));
}
+/* Get BIT within VAL as a symbolic value within MGR. */
+
+static const svalue *
+get_bit (region_model_manager *mgr,
+ bit_offset_t bit,
+ unsigned HOST_WIDE_INT val)
+{
+ const svalue *inner_svalue
+ = mgr->get_or_create_int_cst (unsigned_type_node, val);
+ return mgr->get_or_create_bits_within (boolean_type_node,
+ bit_range (bit, 1),
+ inner_svalue);
+}
+
+/* Verify that bits_within_svalues are folded as expected. */
+
+static void
+test_bits_within_svalue_folding ()
+{
+ region_model_manager mgr;
+
+ const svalue *zero = mgr.get_or_create_int_cst (boolean_type_node, 0);
+ const svalue *one = mgr.get_or_create_int_cst (boolean_type_node, 1);
+
+ {
+ const unsigned val = 0x0000;
+ for (unsigned bit = 0; bit < 16; bit++)
+ ASSERT_EQ (get_bit (&mgr, bit, val), zero);
+ }
+
+ {
+ const unsigned val = 0x0001;
+ ASSERT_EQ (get_bit (&mgr, 0, val), one);
+ for (unsigned bit = 1; bit < 16; bit++)
+ ASSERT_EQ (get_bit (&mgr, bit, val), zero);
+ }
+
+ {
+ const unsigned val = 0x8000;
+ for (unsigned bit = 0; bit < 15; bit++)
+ ASSERT_EQ (get_bit (&mgr, bit, val), zero);
+ ASSERT_EQ (get_bit (&mgr, 15, val), one);
+ }
+
+ {
+ const unsigned val = 0xFFFF;
+ for (unsigned bit = 0; bit < 16; bit++)
+ ASSERT_EQ (get_bit (&mgr, bit, val), one);
+ }
+}
+
/* Test that region::descendent_of_p works as expected. */
static void
@@ -8488,6 +8539,7 @@ analyzer_region_model_cc_tests ()
test_unaryop_svalue_folding ();
test_binop_svalue_folding ();
test_sub_svalue_folding ();
+ test_bits_within_svalue_folding ();
test_descendent_of_p ();
test_bit_range_regions ();
test_assignment ();
diff --git a/gcc/analyzer/svalue.cc b/gcc/analyzer/svalue.cc
index 9ec46d626da..a0838c0f588 100644
--- a/gcc/analyzer/svalue.cc
+++ b/gcc/analyzer/svalue.cc
@@ -868,7 +868,7 @@ constant_svalue::eval_condition (const constant_svalue *lhs,
const svalue *
constant_svalue::maybe_fold_bits_within (tree type,
- const bit_range &,
+ const bit_range &bits,
region_model_manager *mgr) const
{
/* Bits within an all-zero value are also all zero. */
@@ -879,6 +879,21 @@ constant_svalue::maybe_fold_bits_within (tree type,
else
return this;
}
+
+ /* Handle the case of extracting a single bit. */
+ if (bits.m_size_in_bits == 1
+ && TREE_CODE (m_cst_expr) == INTEGER_CST
+ && type
+ && INTEGRAL_TYPE_P (type))
+ {
+ unsigned HOST_WIDE_INT bit = bits.m_start_bit_offset.to_uhwi ();
+ unsigned HOST_WIDE_INT mask = (1 << bit);
+ unsigned HOST_WIDE_INT val_as_hwi = tree_to_uhwi (m_cst_expr);
+ unsigned HOST_WIDE_INT masked_val = val_as_hwi & mask;
+ int result = masked_val ? 1 : 0;
+ return mgr->get_or_create_int_cst (type, result);
+ }
+
/* Otherwise, don't fold. */
return NULL;
}
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr105783.c b/gcc/testsuite/gcc.dg/analyzer/pr105783.c
new file mode 100644
index 00000000000..00f44d04b64
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr105783.c
@@ -0,0 +1,26 @@
+/* { dg-additional-options "-O" } */
+
+struct ss_s {
+ union out_or_counting_u {
+ char *newstr;
+ unsigned long long cnt;
+ } uu;
+ _Bool counting;
+};
+
+struct ss_s ss_init(void) {
+ struct ss_s rr = { .counting = 1 };
+ return rr;
+}
+
+void ss_out(struct ss_s *t, char cc) {
+ if (!t->counting) {
+ *t->uu.newstr++ = cc;
+ }
+}
+
+int main() {
+ struct ss_s ss = ss_init();
+ ss_out(&ss, 'a');
+}
+
reply other threads:[~2022-10-07 16:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221007164329.4040F3858D28@sourceware.org \
--to=dmalcolm@gcc.gnu.org \
--cc=gcc-cvs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).