public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc r13-8758] analyzer: fix ICE and false positive with -Wanalyzer-deref-before-check [PR114408]
@ 2024-05-09 17:12 David Malcolm
0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2024-05-09 17:12 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:96f7a3694c3e4c72af6258cc9b38bce30e609bee
commit r13-8758-g96f7a3694c3e4c72af6258cc9b38bce30e609bee
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu May 9 13:09:32 2024 -0400
analyzer: fix ICE and false positive with -Wanalyzer-deref-before-check [PR114408]
Backported from commit r14-9646-g80a0cb37456c49 (moving testcase to gcc.dg
and handling conflict in kf.cc)
gcc/analyzer/ChangeLog:
PR analyzer/114408
* engine.cc (impl_run_checkers): Free up any dominance info that
we may have created.
* kf.cc (class kf_ubsan_handler): New.
(register_sanitizer_builtins): New.
(register_known_functions): Call register_sanitizer_builtins.
gcc/testsuite/ChangeLog:
PR analyzer/114408
* gcc.dg/analyzer/deref-before-check-pr114408.c: New test.
* c-c++-common/ubsan/analyzer-ice-pr114408.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diff:
---
gcc/analyzer/engine.cc | 7 +++++++
gcc/analyzer/kf.cc | 22 ++++++++++++++++++++++
.../c-c++-common/ubsan/analyzer-ice-pr114408.c | 9 +++++++++
.../gcc.dg/analyzer/deref-before-check-pr114408.c | 22 ++++++++++++++++++++++
4 files changed, 60 insertions(+)
diff --git a/gcc/analyzer/engine.cc b/gcc/analyzer/engine.cc
index a5965c2b8ff0..c5aadc41d114 100644
--- a/gcc/analyzer/engine.cc
+++ b/gcc/analyzer/engine.cc
@@ -6163,6 +6163,13 @@ impl_run_checkers (logger *logger)
eng.get_model_manager ()->dump_untracked_regions ();
delete purge_map;
+
+ /* Free up any dominance info that we may have created. */
+ FOR_EACH_FUNCTION_WITH_GIMPLE_BODY (node)
+ {
+ function *fun = node->get_fun ();
+ free_dominance_info (fun, CDI_DOMINATORS);
+ }
}
/* Handle -fdump-analyzer and -fdump-analyzer-stderr. */
diff --git a/gcc/analyzer/kf.cc b/gcc/analyzer/kf.cc
index 93c46630f361..4389ff917b8f 100644
--- a/gcc/analyzer/kf.cc
+++ b/gcc/analyzer/kf.cc
@@ -987,6 +987,27 @@ region_model::impl_deallocation_call (const call_details &cd)
kf.impl_call_post (cd);
}
+/* Handle calls to the various __builtin___ubsan_handle_*.
+ These can return, but continuing after such a return
+ isn't likely to be interesting to the user of the analyzer.
+ Hence we terminate the analysis path at one of these calls. */
+
+class kf_ubsan_handler : public internal_known_function
+{
+ void impl_call_post (const call_details &cd) const final override
+ {
+ if (cd.get_ctxt ())
+ cd.get_ctxt ()->terminate_path ();
+ }
+};
+
+static void
+register_sanitizer_builtins (known_function_manager &kfm)
+{
+ kfm.add (BUILT_IN_UBSAN_HANDLE_NONNULL_ARG,
+ make_unique<kf_ubsan_handler> ());
+}
+
/* Populate KFM with instances of known functions supported by the core of the
analyzer (as opposed to plugins). */
@@ -1028,6 +1049,7 @@ register_known_functions (known_function_manager &kfm)
kfm.add (BUILT_IN_STRNDUP, make_unique<kf_strndup> ());
kfm.add (BUILT_IN_STRLEN, make_unique<kf_strlen> ());
+ register_sanitizer_builtins (kfm);
register_varargs_builtins (kfm);
}
diff --git a/gcc/testsuite/c-c++-common/ubsan/analyzer-ice-pr114408.c b/gcc/testsuite/c-c++-common/ubsan/analyzer-ice-pr114408.c
new file mode 100644
index 000000000000..55f918726eed
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/ubsan/analyzer-ice-pr114408.c
@@ -0,0 +1,9 @@
+/* { dg-do run } */
+/* { dg-require-effective-target analyzer } */
+/* { dg-options "-fanalyzer -fsanitize=undefined" } */
+
+int main(){}
+
+int HMAP_unset_copy(const char *key) {
+ return __builtin_strcmp("a", key) + __builtin_strcmp("a", key);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr114408.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr114408.c
new file mode 100644
index 000000000000..d55720271d0f
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr114408.c
@@ -0,0 +1,22 @@
+extern void unknown_returns (const char *p);
+extern void unknown_noreturn (const char *p) __attribute__((__noreturn__));
+
+void test_1 (const char *p)
+{
+ if (p)
+ unknown_returns (p);
+ __builtin_strcmp ("a", p); /* { dg-message "pointer 'p' is dereferenced here" "" { target c } } */
+ if (p) /* { dg-warning "check of 'p' for NULL after already dereferencing it" "" { target c } } */
+ unknown_returns (p);
+ __builtin_strcmp ("a", p);
+}
+
+void test_2 (const char *p)
+{
+ if (p)
+ unknown_noreturn (p);
+ __builtin_strcmp ("a", p);
+ if (p) /* { dg-bogus "check of 'p' for NULL after already dereferencing it" } */
+ unknown_noreturn (p);
+ __builtin_strcmp ("a", p);
+}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-05-09 17:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-09 17:12 [gcc r13-8758] analyzer: fix ICE and false positive with -Wanalyzer-deref-before-check [PR114408] David Malcolm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).