From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mail@tim-lange.me>
Received: from www523.your-server.de (www523.your-server.de [159.69.224.22])
 by sourceware.org (Postfix) with ESMTPS id 12FF23858401
 for <gcc-patches@gcc.gnu.org>; Tue,  9 Aug 2022 21:20:01 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 12FF23858401
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=tim-lange.me
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tim-lange.me
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=tim-lange.me; s=default2108; h=Content-Transfer-Encoding:MIME-Version:
 Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References;
 bh=KMb2Kkj//FV43Cb+IP1CyZUlvj6sQrh0iJnvVj7nmhQ=; b=w8Vl3Faa56eGRBciF3V/dW67nA
 gWEoTg8bc6+bk5Hn/vAQgOlJ2nGrcOePa6Y52sXdzCmzRzsnqrzHfNNeIc2AyAWmXTTxK8AR+DH9c
 YXmAw+bxP+kUoZo0AgEtJyVY+LYCsYSBShD/aF7Fk3DSFuwPTkqXcUzsIhy+Tq+4CFlqYkSF5203K
 0OtYBS+4vN8xbf85GDLr29NrX941tF8qWblW715ciFuVw56aP+NkL0PcM1qgbB3ojq+uCUXK1cELm
 3HRytyIk860Fl8F6odP7/VVBxwlM5m+d/dNhMINhNSWpkGEArZdQO2e7e5gKHS62X366P+Xw4lK1u
 JSYIvhDQ==;
Received: from sslproxy02.your-server.de ([78.47.166.47])
 by www523.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
 (Exim 4.92.3) (envelope-from <mail@tim-lange.me>)
 id 1oLWdr-000EjX-9D; Tue, 09 Aug 2022 23:19:59 +0200
Received: from [2a02:908:1861:d6a0::6b5] (helo=fedora..)
 by sslproxy02.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <mail@tim-lange.me>)
 id 1oLWdr-000CU7-2f; Tue, 09 Aug 2022 23:19:59 +0200
From: Tim Lange <mail@tim-lange.me>
To: gcc-patches@gcc.gnu.org
Cc: dmalcolm@redhat.com,
	Tim Lange <mail@tim-lange.me>
Subject: [PATCH 1/2] analyzer: consider that realloc could shrink the buffer
 [PR106539]
Date: Tue,  9 Aug 2022 23:19:42 +0200
Message-Id: <20220809211943.82098-1-mail@tim-lange.me>
X-Mailer: git-send-email 2.37.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Authenticated-Sender: mail@tim-lange.me
X-Virus-Scanned: Clear (ClamAV 0.103.6/26622/Tue Aug  9 09:53:52 2022)
X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_INFOUSMEBIZ,
 SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2022 21:20:02 -0000

This patch adds the "shrinks buffer" case to the success_with_move
modelling of realloc.

2022-08-09  Tim Lange  <mail@tim-lange.me>

gcc/analyzer/ChangeLog:

	PR analyzer/106539
	* region-model-impl-calls.cc (region_model::impl_call_realloc):
	Add get_copied_size function and pass the result as the size of the
	new sized_region.

---
 gcc/analyzer/region-model-impl-calls.cc | 37 ++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/gcc/analyzer/region-model-impl-calls.cc b/gcc/analyzer/region-model-impl-calls.cc
index 8c38e9206fa..50a19a52a21 100644
--- a/gcc/analyzer/region-model-impl-calls.cc
+++ b/gcc/analyzer/region-model-impl-calls.cc
@@ -737,9 +737,11 @@ region_model::impl_call_realloc (const call_details &cd)
 						  old_size_sval);
 	      const svalue *buffer_content_sval
 		= model->get_store_value (sized_old_reg, cd.get_ctxt ());
+	      const svalue *copied_size_sval
+		= get_copied_size (old_size_sval, new_size_sval);
 	      const region *sized_new_reg
 		= model->m_mgr->get_sized_region (new_reg, NULL,
-						  old_size_sval);
+						  copied_size_sval);
 	      model->set_value (sized_new_reg, buffer_content_sval,
 				cd.get_ctxt ());
 	    }
@@ -774,6 +776,39 @@ region_model::impl_call_realloc (const call_details &cd)
       else
 	return true;
     }
+
+  private:
+    /* Return the size svalue for the new region allocated by realloc.  */
+    const svalue *get_copied_size (const svalue *old_size_sval,
+				   const svalue *new_size_sval) const
+    {
+      tree old_size_cst = old_size_sval->maybe_get_constant ();
+      tree new_size_cst = new_size_sval->maybe_get_constant ();
+
+      if (old_size_cst && new_size_cst)
+	{
+	  /* Both are constants and comparable.  */
+	  tree cmp = fold_binary (LT_EXPR, boolean_type_node,
+				  old_size_cst, new_size_cst);
+
+	  if (cmp == boolean_true_node)
+	    return old_size_sval;
+	  else
+	    return new_size_sval;
+	}
+      else if (new_size_cst)
+	{
+	  /* OLD_SIZE_SVAL is symbolic, so return that.  */
+	  return old_size_sval;
+	}
+      else
+	{
+	  /* NEW_SIZE_SVAL is symbolic or both are symbolic.
+	     Return NEW_SIZE_SVAL, because implementations of realloc
+	     probably only moves the buffer if the new size is larger.  */
+	  return new_size_sval;
+	}
+    }
   };
 
   /* Body of region_model::impl_call_realloc.  */
-- 
2.37.1