public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc r13-5762] analyzer: fix further overzealous state purging [PR108733]
@ 2023-02-09 22:11 David Malcolm
0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2023-02-09 22:11 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:125b57aa67400388a496c2c0c40d9c8c55e0c94a
commit r13-5762-g125b57aa67400388a496c2c0c40d9c8c55e0c94a
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Feb 9 17:09:51 2023 -0500
analyzer: fix further overzealous state purging [PR108733]
PR analyzer/108733 reports various false positives in qemu from
-Wanalyzer-use-of-uninitialized-value with __attribute__((cleanup))
at -O1 and above.
Root cause is that the state-purging code was failing to treat:
_25 = MEM[(void * *)&val];
as a usage of "val", leading to it erroneously purging the
initialization of "val" along an execution path that didn't otherwise
use "val", apart from the __attribute__((cleanup)).
Fixed thusly.
Integration testing on the patch show this change in the number of
diagnostics:
-Wanalyzer-use-of-uninitialized-value
coreutils-9.1: 18 -> 16 (-2)
qemu-7.2.0: 87 -> 80 (-7)
where all that I investigated appear to have been false positives, hence
an improvement.
gcc/analyzer/ChangeLog:
PR analyzer/108733
* state-purge.cc (get_candidate_for_purging): Add ADDR_EXPR
and MEM_REF.
gcc/testsuite/ChangeLog:
PR analyzer/108733
* gcc.dg/analyzer/torture/uninit-pr108733.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diff:
---
gcc/analyzer/state-purge.cc | 2 +
.../gcc.dg/analyzer/torture/uninit-pr108733.c | 65 ++++++++++++++++++++++
2 files changed, 67 insertions(+)
diff --git a/gcc/analyzer/state-purge.cc b/gcc/analyzer/state-purge.cc
index 5f2d1f7fefa..3a73146d928 100644
--- a/gcc/analyzer/state-purge.cc
+++ b/gcc/analyzer/state-purge.cc
@@ -63,6 +63,8 @@ get_candidate_for_purging (tree node)
default:
return NULL_TREE;
+ case ADDR_EXPR:
+ case MEM_REF:
case COMPONENT_REF:
iter = TREE_OPERAND (iter, 0);
continue;
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/uninit-pr108733.c b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-pr108733.c
new file mode 100644
index 00000000000..9e684bf4f09
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-pr108733.c
@@ -0,0 +1,65 @@
+#define NULL ((void*)0)
+
+typedef unsigned char __uint8_t;
+typedef __uint8_t uint8_t;
+typedef char gchar;
+typedef void* gpointer;
+
+extern void g_free(gpointer mem);
+extern gchar* g_strdup(const gchar* str) __attribute__((__malloc__));
+
+static inline void
+g_autoptr_cleanup_generic_gfree(void* p)
+{
+ void** pp = (void**)p;
+ g_free(*pp); /* { dg-bogus "use of uninitialized value" } */
+}
+
+typedef struct Object Object;
+
+void
+error_setg_internal(const char* fmt,
+ ...) __attribute__((__format__(gnu_printf, 1, 2)));
+void
+visit_type_str(const char* name, char** obj);
+typedef struct SpaprMachineState SpaprMachineState;
+
+extern uint8_t
+spapr_get_cap(SpaprMachineState* spapr, int cap);
+
+typedef struct SpaprCapPossible
+{
+ int num;
+ /* [...snip...] */
+ const char* vals[];
+} SpaprCapPossible;
+
+typedef struct SpaprCapabilityInfo
+{
+ const char* name;
+ /* [...snip...] */
+ int index;
+ /* [...snip...] */
+ SpaprCapPossible* possible;
+ /* [...snip...] */
+} SpaprCapabilityInfo;
+
+void
+spapr_cap_get_string(SpaprMachineState* spapr,
+ const char* name,
+ SpaprCapabilityInfo* cap)
+{
+ __attribute__((cleanup(g_autoptr_cleanup_generic_gfree))) char* val = NULL;
+ uint8_t value = spapr_get_cap(spapr, cap->index);
+
+ if (value >= cap->possible->num) {
+ error_setg_internal("Invalid value (%d) for cap-%s",
+ value,
+ cap->name);
+ return;
+ }
+
+ val = g_strdup(cap->possible->vals[value]);
+
+ visit_type_str(name, &val);
+}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-02-09 22:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-09 22:11 [gcc r13-5762] analyzer: fix further overzealous state purging [PR108733] David Malcolm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).