public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
From: David Malcolm <dmalcolm@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r14-8670] analyzer: fix skipping of debug stmts [PR113253]
Date: Wed, 31 Jan 2024 23:28:23 +0000 (GMT) [thread overview]
Message-ID: <20240131232823.DA7493858D37@sourceware.org> (raw)
https://gcc.gnu.org/g:cc7aebff74d8967563fd9af5cb958dfcc8c111e8
commit r14-8670-gcc7aebff74d8967563fd9af5cb958dfcc8c111e8
Author: David Malcolm <dmalcolm@redhat.com>
Date: Wed Jan 31 18:26:26 2024 -0500
analyzer: fix skipping of debug stmts [PR113253]
PR analyzer/113253 reports a case where the analyzer output varied
with and without -g enabled.
The root cause was that debug stmts were in the
FOR_EACH_IMM_USE_FAST list for SSA names, leading to the analyzer's
state purging logic differing between the -g and non-debugging cases,
and thus leading to differences in the exploration of the user's code.
Fix by skipping such stmts in the state-purging logic, and removing
debug stmts when constructing the supergraph.
gcc/analyzer/ChangeLog:
PR analyzer/113253
* region-model.cc (region_model::on_stmt_pre): Add gcc_unreachable
for debug statements.
* state-purge.cc
(state_purge_per_ssa_name::state_purge_per_ssa_name): Skip any
debug stmts in the FOR_EACH_IMM_USE_FAST list.
* supergraph.cc (supergraph::supergraph): Don't add debug stmts
to the supernodes.
gcc/testsuite/ChangeLog:
PR analyzer/113253
* gcc.dg/analyzer/deref-before-check-pr113253.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diff:
---
gcc/analyzer/region-model.cc | 5 +
gcc/analyzer/state-purge.cc | 9 ++
gcc/analyzer/supergraph.cc | 4 +
.../gcc.dg/analyzer/deref-before-check-pr113253.c | 154 +++++++++++++++++++++
4 files changed, 172 insertions(+)
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 082972f9d294..a26be7075997 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1307,6 +1307,11 @@ region_model::on_stmt_pre (const gimple *stmt,
/* No-op for now. */
break;
+ case GIMPLE_DEBUG:
+ /* We should have stripped these out when building the supergraph. */
+ gcc_unreachable ();
+ break;
+
case GIMPLE_ASSIGN:
{
const gassign *assign = as_a <const gassign *> (stmt);
diff --git a/gcc/analyzer/state-purge.cc b/gcc/analyzer/state-purge.cc
index 284a03f712c3..93959fb08ea3 100644
--- a/gcc/analyzer/state-purge.cc
+++ b/gcc/analyzer/state-purge.cc
@@ -329,6 +329,15 @@ state_purge_per_ssa_name::state_purge_per_ssa_name (const state_purge_map &map,
map.log ("used by stmt: %s", pp_formatted_text (&pp));
}
+ if (is_gimple_debug (use_stmt))
+ {
+ /* We skipped debug stmts when building the supergraph,
+ so ignore them now. */
+ if (map.get_logger ())
+ map.log ("skipping debug stmt");
+ continue;
+ }
+
const supernode *snode
= map.get_sg ().get_supernode_for_stmt (use_stmt);
diff --git a/gcc/analyzer/supergraph.cc b/gcc/analyzer/supergraph.cc
index d41a7e607f86..b82275256b72 100644
--- a/gcc/analyzer/supergraph.cc
+++ b/gcc/analyzer/supergraph.cc
@@ -182,6 +182,10 @@ supergraph::supergraph (logger *logger)
for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi); gsi_next (&gsi))
{
gimple *stmt = gsi_stmt (gsi);
+ /* Discard debug stmts here, so we don't have to check for
+ them anywhere within the analyzer. */
+ if (is_gimple_debug (stmt))
+ continue;
node_for_stmts->m_stmts.safe_push (stmt);
m_stmt_to_node_t.put (stmt, node_for_stmts);
m_stmt_uids.make_uid_unique (stmt);
diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr113253.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr113253.c
new file mode 100644
index 000000000000..d9015accd6ab
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr113253.c
@@ -0,0 +1,154 @@
+/* Regression test for PR analyzer/113253 which was showing analyzer
+ differences with and without -g.
+
+ C only: reduced reproducer doesn't easily work with C++. */
+
+/* { dg-additional-options "-O2 -g" } */
+
+typedef long int ptrdiff_t;
+typedef unsigned long int uintptr_t;
+typedef long int EMACS_INT;
+enum
+{
+ EMACS_INT_WIDTH = 64,
+ VALBITS = EMACS_INT_WIDTH - 3,
+};
+typedef struct Lisp_X* Lisp_Word;
+enum Lisp_Type
+{
+ Lisp_Symbol = 0,
+ Lisp_Vectorlike = 5,
+};
+typedef Lisp_Word Lisp_Object;
+static inline EMACS_INT(XLI)(Lisp_Object o)
+{
+ return ((EMACS_INT)(o));
+}
+static inline void*(XLP)(Lisp_Object o)
+{
+ return ((void*)(o));
+}
+struct Lisp_Symbol
+{};
+typedef uintptr_t Lisp_Word_tag;
+extern struct Lisp_Symbol lispsym[1608];
+union vectorlike_header
+{
+ ptrdiff_t size;
+};
+enum pvec_type
+{
+ PVEC_MARKER,
+};
+enum More_Lisp_Bits
+{
+ PSEUDOVECTOR_SIZE_BITS = 12,
+ PSEUDOVECTOR_REST_BITS = 12,
+ PSEUDOVECTOR_AREA_BITS = PSEUDOVECTOR_SIZE_BITS + PSEUDOVECTOR_REST_BITS,
+ PVEC_TYPE_MASK = 0x3f << PSEUDOVECTOR_AREA_BITS
+};
+static inline _Bool
+PSEUDOVECTORP(Lisp_Object a, int code)
+{
+ return (
+ ((((union vectorlike_header*)((uintptr_t)XLP((a)) -
+ (uintptr_t)(
+ (Lisp_Word_tag)(Lisp_Vectorlike)
+ << (((0x7fffffffffffffffL >> (3 - 1)) / 2 <
+ (9223372036854775807L))
+ ? 0
+ : VALBITS))))
+ ->size &
+ (((9223372036854775807L) - (9223372036854775807L) / 2) |
+ PVEC_TYPE_MASK)) ==
+ (((9223372036854775807L) - (9223372036854775807L) / 2) |
+ ((code) << PSEUDOVECTOR_AREA_BITS))));
+}
+static inline Lisp_Object
+make_lisp_symbol(struct Lisp_Symbol* sym)
+{
+ Lisp_Object a = ((Lisp_Word)(
+ ((Lisp_Word_tag)(Lisp_Symbol)
+ << (((0x7fffffffffffffffL >> (3 - 1)) / 2 < (9223372036854775807L))
+ ? 0
+ : VALBITS))));
+ return a;
+}
+static inline Lisp_Object
+builtin_lisp_symbol(int index)
+{
+ return make_lisp_symbol(&lispsym[index]);
+}
+static inline _Bool(BASE_EQ)(Lisp_Object x, Lisp_Object y)
+{
+ return (XLI(x) == XLI(y));
+}
+static inline _Bool(NILP)(Lisp_Object x)
+{
+ return BASE_EQ(x, builtin_lisp_symbol(0));
+}
+struct thread_state
+{
+ struct buffer* m_current_buffer;
+};
+extern struct thread_state* current_thread;
+struct Lisp_Marker
+{
+ struct buffer* buffer;
+};
+static inline _Bool
+MARKERP(Lisp_Object x)
+{
+ return PSEUDOVECTORP(x, PVEC_MARKER);
+}
+static inline struct Lisp_Marker*
+XMARKER(Lisp_Object a)
+{
+ return ((
+ struct Lisp_Marker*)((uintptr_t)XLP(a) -
+ (uintptr_t)((Lisp_Word_tag)(Lisp_Vectorlike)
+ << (((0x7fffffffffffffffL >> (3 - 1)) / 2 <
+ (9223372036854775807L))
+ ? 0
+ : VALBITS))));
+}
+extern void
+unchain_marker();
+struct buffer
+{
+ Lisp_Object name_;
+};
+static inline struct buffer*
+XBUFFER(Lisp_Object a)
+{
+ return (
+ (struct buffer*)((uintptr_t)XLP(a) -
+ (uintptr_t)((Lisp_Word_tag)(Lisp_Vectorlike)
+ << (((0x7fffffffffffffffL >> (3 - 1)) / 2 <
+ (9223372036854775807L))
+ ? 0
+ : VALBITS))));
+}
+static inline _Bool
+BUFFER_LIVE_P(struct buffer* b)
+{
+ return !NILP(((b)->name_));
+}
+static inline struct buffer*
+decode_buffer(Lisp_Object b)
+{
+ return NILP(b) ? (current_thread->m_current_buffer) : (XBUFFER(b));
+}
+static struct buffer*
+live_buffer(Lisp_Object buffer)
+{
+ struct buffer* b = decode_buffer(buffer);
+ return BUFFER_LIVE_P(b) ? b : ((void*)0);
+}
+Lisp_Object
+set_marker_internal(Lisp_Object position, Lisp_Object buffer)
+{
+ struct buffer* b = live_buffer(buffer);
+ if (NILP(position) || (MARKERP(position) && !XMARKER(position)->buffer) || !b) /* { dg-bogus "Wanalyzer-deref-before-check" } */
+ unchain_marker();
+}
reply other threads:[~2024-01-31 23:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240131232823.DA7493858D37@sourceware.org \
--to=dmalcolm@gcc.gnu.org \
--cc=gcc-cvs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).