* [committed] analyzer: fix issue with symbolic reads with concrete bindings
@ 2021-06-18 17:30 David Malcolm
0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2021-06-18 17:30 UTC (permalink / raw)
To: gcc-patches
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as 3bb85b868722e69aef0d37858c0dc3c88d92a0eb.
gcc/analyzer/ChangeLog:
* store.cc (binding_cluster::get_any_binding): Make symbolic reads
from a cluster with concrete bindings return unknown.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/symbolic-7.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
gcc/analyzer/store.cc | 10 +++++
gcc/testsuite/gcc.dg/analyzer/symbolic-7.c | 44 ++++++++++++++++++++++
2 files changed, 54 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-7.c
diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc
index b643b631863..320370326bd 100644
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@@ -1177,6 +1177,16 @@ binding_cluster::get_any_binding (store_manager *mgr,
return rmm_mgr->get_or_create_unknown_svalue (reg->get_type ());
}
+ /* Alternatively, if this is a symbolic read and the cluster has any bindings,
+ then we don't know if we're reading those values or not, so the result
+ is also "UNKNOWN". */
+ if (reg->get_offset ().symbolic_p ()
+ && m_map.elements () > 0)
+ {
+ region_model_manager *rmm_mgr = mgr->get_svalue_manager ();
+ return rmm_mgr->get_or_create_unknown_svalue (reg->get_type ());
+ }
+
if (const svalue *compound_sval = maybe_get_compound_binding (mgr, reg))
return compound_sval;
diff --git a/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c b/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c
new file mode 100644
index 00000000000..4f013677f86
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c
@@ -0,0 +1,44 @@
+#include "analyzer-decls.h"
+
+extern void maybe_write (int *);
+
+void test_1 (int i)
+{
+ /* An array with purely concrete bindings. */
+ int arr[2];
+ arr[0] = 1066;
+ arr[1] = 1776;
+
+ /* Concrete reads. */
+ __analyzer_eval (arr[0] == 1066); /* { dg-warning "TRUE" } */
+ __analyzer_eval (arr[1] == 1776); /* { dg-warning "TRUE" } */
+
+ /* Symbolic read. */
+ __analyzer_describe (0, arr[i]); /* { dg-warning "svalue: 'UNKNOWN\\(int\\)'" } */
+ __analyzer_eval (arr[i] == 1776); /* { dg-warning "UNKNOWN" } */
+}
+
+void test_2 (int i)
+{
+ /* An array that could have been touched. */
+ int arr[2];
+ maybe_write (arr);
+
+ /* Concrete reads. */
+ __analyzer_eval (arr[0] == 42); /* { dg-warning "UNKNOWN" } */
+
+ /* Symbolic read. */
+ __analyzer_eval (arr[i] == 42); /* { dg-warning "UNKNOWN" } */
+}
+
+void test_3 (int i)
+{
+ /* An array that can't have been touched. */
+ int arr[2];
+
+ /* Concrete reads. */
+ __analyzer_eval (arr[0] == 42); /* { dg-warning "UNKNOWN" } */
+
+ /* Symbolic read. */
+ __analyzer_eval (arr[i] == 42); /* { dg-warning "UNKNOWN" } */
+}
--
2.26.3
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-06-18 17:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-18 17:30 [committed] analyzer: fix issue with symbolic reads with concrete bindings David Malcolm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).