[committed] analyzer: play better with -fsanitize=bounds

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

* [committed] analyzer: play better with -fsanitize=bounds
@ 2021-07-28 18:51 David Malcolm
  0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2021-07-28 18:51 UTC (permalink / raw)
  To: gcc-patches

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as 37eb3ef48c9840475646528751b5f8ffb7eb34ce.

gcc/analyzer/ChangeLog:
	* region-model.cc (region_model::on_call_pre): Treat
	IFN_UBSAN_BOUNDS, BUILT_IN_STACK_SAVE, and BUILT_IN_STACK_RESTORE
	as no-ops, rather than handling them as unknown functions.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/torture/ubsan-1.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/region-model.cc                  |  6 ++
 .../gcc.dg/analyzer/torture/ubsan-1.c         | 60 +++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 92fa917d14d..1bc411b2ed6 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1082,6 +1082,8 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt,
        case IFN_BUILTIN_EXPECT:
 	 impl_call_builtin_expect (cd);
 	 return false;
+       case IFN_UBSAN_BOUNDS:
+	 return false;
        }
     }
 
@@ -1137,6 +1139,10 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt,
 	    impl_call_strlen (cd);
 	    return false;
 
+	  case BUILT_IN_STACK_SAVE:
+	  case BUILT_IN_STACK_RESTORE:
+	    return false;
+
 	  /* Stdio builtins.  */
 	  case BUILT_IN_FPRINTF:
 	  case BUILT_IN_FPRINTF_UNLOCKED:
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c b/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c
new file mode 100644
index 00000000000..b9f34f166ba
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c
@@ -0,0 +1,60 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+/* { dg-additional-options "-fsanitize=bounds" } */
+
+#include <stdlib.h>
+#include "../analyzer-decls.h"
+
+int test_1 (int *arr, int i, int n)
+{
+  if (i >= n)
+    return 0;
+  return arr[i];
+}
+
+int test_2 (int *arr, int i, int n)
+{
+  if (i >= n)
+    return 0;
+  if (arr[i])
+    __analyzer_eval (arr[i]); /* { dg-warning "TRUE" } */
+  else
+    __analyzer_eval (arr[i]); /* { dg-warning "FALSE" } */
+}
+
+int test_3 (int arr[], int i, int n)
+{
+  if (i >= n)
+    return 0;
+  if (arr[i])
+    __analyzer_eval (arr[i]); /* { dg-warning "TRUE" } */
+  else
+    __analyzer_eval (arr[i]); /* { dg-warning "FALSE" } */
+}
+
+void test_4 (int i, int n)
+{
+  int arr[n];
+  arr[i] = 42;
+  __analyzer_eval (arr[i] == 42); /* { dg-warning "TRUE" } */
+}
+
+void test_5 (int i, int n)
+{
+  int *arr = malloc (sizeof(int) * n);
+  if (arr)
+    {
+      arr[i] = 42;
+      __analyzer_eval (arr[i] == 42); /* { dg-warning "TRUE" } */
+    }
+  free (arr);
+}
+
+int global;
+
+void test_6 (int i, int n)
+{
+  int arr[n];
+  int saved = global;
+  arr[i] = 42;
+  __analyzer_eval (saved == global); /* { dg-warning "TRUE" } */
+}
-- 
2.26.3


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-07-28 18:51 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-28 18:51 [committed] analyzer: play better with -fsanitize=bounds David Malcolm

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).