[gcc r13-3626] analyzer: fix ICE when pipe's arg isn't a pointer [PR107486]

public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed

* [gcc r13-3626] analyzer: fix ICE when pipe's arg isn't a pointer [PR107486]
@ 2022-11-03 14:22 David Malcolm
  0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2022-11-03 14:22 UTC (permalink / raw)
  To: gcc-cvs

https://gcc.gnu.org/g:5acc10a9ea66411e1712fabc94f9f29892b0d607

commit r13-3626-g5acc10a9ea66411e1712fabc94f9f29892b0d607
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Thu Nov 3 10:21:00 2022 -0400

    analyzer: fix ICE when pipe's arg isn't a pointer [PR107486]
    
    gcc/analyzer/ChangeLog:
            PR analyzer/107486
            * analyzer.cc (is_pipe_call_p): New.
            * analyzer.h (is_pipe_call_p): New decl.
            * region-model.cc (region_model::on_call_pre): Use it.
            (region_model::on_call_post): Likewise.
    
    gcc/testsuite/ChangeLog:
            PR analyzer/107486
            * gcc.dg/analyzer/pipe-pr107486.c: New test.
            * gcc.dg/analyzer/pipe-void-return.c: New test.
    
    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

Diff:
---
 gcc/analyzer/analyzer.cc                         | 16 ++++++++++++++++
 gcc/analyzer/analyzer.h                          |  2 ++
 gcc/analyzer/region-model.cc                     |  8 ++++----
 gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c    |  5 +++++
 gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c | 11 +++++++++++
 5 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc
index 8a2a7734f24..6c7c969538c 100644
--- a/gcc/analyzer/analyzer.cc
+++ b/gcc/analyzer/analyzer.cc
@@ -379,6 +379,22 @@ is_longjmp_call_p (const gcall *call)
   return false;
 }
 
+/* Return true if this is a "pipe" call.  */
+
+bool
+is_pipe_call_p (const_tree fndecl, const char *funcname,
+		const gcall *call, unsigned int num_args)
+{
+  if (!is_named_call_p (fndecl, funcname, call, num_args))
+    return false;
+
+  /* We require a pointer for the initial argument.  */
+  if (!POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (call, 0))))
+    return false;
+
+  return true;
+}
+
 /* For a CALL that matched is_special_named_call_p or is_named_call_p for
    some name, return a name for the called function suitable for use in
    diagnostics (stripping the leading underscores).  */
diff --git a/gcc/analyzer/analyzer.h b/gcc/analyzer/analyzer.h
index a2d79e4a59f..c41cfb01656 100644
--- a/gcc/analyzer/analyzer.h
+++ b/gcc/analyzer/analyzer.h
@@ -324,6 +324,8 @@ extern bool is_std_named_call_p (const_tree fndecl, const char *funcname,
 				 const gcall *call, unsigned int num_args);
 extern bool is_setjmp_call_p (const gcall *call);
 extern bool is_longjmp_call_p (const gcall *call);
+extern bool is_pipe_call_p (const_tree fndecl, const char *funcname,
+			    const gcall *call, unsigned int num_args);
 
 extern const char *get_user_facing_name (const gcall *call);
 
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 7c44fc9e253..4713f0d2519 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -2315,8 +2315,8 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt,
 	  impl_call_memset (cd);
 	  return false;
 	}
-      else if (is_named_call_p (callee_fndecl, "pipe", call, 1)
-	       || is_named_call_p (callee_fndecl, "pipe2", call, 2))
+      else if (is_pipe_call_p (callee_fndecl, "pipe", call, 1)
+	       || is_pipe_call_p (callee_fndecl, "pipe2", call, 2))
 	{
 	  /* Handle in "on_call_post"; bail now so that fd array
 	     is left untouched so that we can detect use-of-uninit
@@ -2403,8 +2403,8 @@ region_model::on_call_post (const gcall *call,
 	  impl_call_operator_delete (cd);
 	  return;
 	}
-      else if (is_named_call_p (callee_fndecl, "pipe", call, 1)
-	       || is_named_call_p (callee_fndecl, "pipe2", call, 2))
+      else if (is_pipe_call_p (callee_fndecl, "pipe", call, 1)
+	       || is_pipe_call_p (callee_fndecl, "pipe2", call, 2))
 	{
 	  impl_call_pipe (cd);
 	  return;
diff --git a/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c b/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c
new file mode 100644
index 00000000000..e9fc7fb4943
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c
@@ -0,0 +1,5 @@
+void pipe(int);
+
+void f1(void) {
+  pipe(1);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c b/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c
new file mode 100644
index 00000000000..0de676305f6
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c
@@ -0,0 +1,11 @@
+extern void pipe(int pipefd[2]);
+extern int close(int fd);
+
+void
+test_unchecked (void)
+{
+  int fds[2];
+  pipe (fds); /* { dg-message "when 'pipe' fails" } */
+  close (fds[0]); /* { dg-warning "use of uninitialized value 'fds\\\[0\\\]'" } */
+  close (fds[1]); /* { dg-warning "use of uninitialized value 'fds\\\[1\\\]'" } */
+}

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-11-03 14:22 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-03 14:22 [gcc r13-3626] analyzer: fix ICE when pipe's arg isn't a pointer [PR107486] David Malcolm

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).