From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 4FA3C3858D1E for ; Thu, 3 Nov 2022 14:24:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4FA3C3858D1E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667485483; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rNHarY/dWYPrRZJhSsyg1zsbBTm4UEXbzfrehcxpLUM=; b=ADNLyw0DlTuux5eDt2dSZAs4VUo2E3yMoe9Zo5gOQNpP7VfO2Y6iy72qmbcYvY4u15lGIN yaYza/8iLKIIPh3/DfEsO+Hq9368aov4a3FDFAZ5tpyAiMMkvDu85SYfTb7b8tM5T6JMD8 WjU1QJobyTa1NrtjRIT88UQTSrogoTE= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-281-ZnHTTOB2MguLNvPGtMkdog-1; Thu, 03 Nov 2022 10:24:42 -0400 X-MC-Unique: ZnHTTOB2MguLNvPGtMkdog-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A5D2A3806738 for ; Thu, 3 Nov 2022 14:24:42 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.17.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7CB01C15BAB; Thu, 3 Nov 2022 14:24:42 +0000 (UTC) From: David Malcolm To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed] analyzer: fix ICE when pipe's arg isn't a pointer [PR107486] Date: Thu, 3 Nov 2022 10:24:40 -0400 Message-Id: <20221103142440.2260186-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-3626-g5acc10a9ea6641. gcc/analyzer/ChangeLog: PR analyzer/107486 * analyzer.cc (is_pipe_call_p): New. * analyzer.h (is_pipe_call_p): New decl. * region-model.cc (region_model::on_call_pre): Use it. (region_model::on_call_post): Likewise. gcc/testsuite/ChangeLog: PR analyzer/107486 * gcc.dg/analyzer/pipe-pr107486.c: New test. * gcc.dg/analyzer/pipe-void-return.c: New test. Signed-off-by: David Malcolm --- gcc/analyzer/analyzer.cc | 16 ++++++++++++++++ gcc/analyzer/analyzer.h | 2 ++ gcc/analyzer/region-model.cc | 8 ++++---- gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c | 5 +++++ gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c | 11 +++++++++++ 5 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc index 8a2a7734f24..6c7c969538c 100644 --- a/gcc/analyzer/analyzer.cc +++ b/gcc/analyzer/analyzer.cc @@ -379,6 +379,22 @@ is_longjmp_call_p (const gcall *call) return false; } +/* Return true if this is a "pipe" call. */ + +bool +is_pipe_call_p (const_tree fndecl, const char *funcname, + const gcall *call, unsigned int num_args) +{ + if (!is_named_call_p (fndecl, funcname, call, num_args)) + return false; + + /* We require a pointer for the initial argument. */ + if (!POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (call, 0)))) + return false; + + return true; +} + /* For a CALL that matched is_special_named_call_p or is_named_call_p for some name, return a name for the called function suitable for use in diagnostics (stripping the leading underscores). */ diff --git a/gcc/analyzer/analyzer.h b/gcc/analyzer/analyzer.h index a2d79e4a59f..c41cfb01656 100644 --- a/gcc/analyzer/analyzer.h +++ b/gcc/analyzer/analyzer.h @@ -324,6 +324,8 @@ extern bool is_std_named_call_p (const_tree fndecl, const char *funcname, const gcall *call, unsigned int num_args); extern bool is_setjmp_call_p (const gcall *call); extern bool is_longjmp_call_p (const gcall *call); +extern bool is_pipe_call_p (const_tree fndecl, const char *funcname, + const gcall *call, unsigned int num_args); extern const char *get_user_facing_name (const gcall *call); diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 7c44fc9e253..4713f0d2519 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -2315,8 +2315,8 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt, impl_call_memset (cd); return false; } - else if (is_named_call_p (callee_fndecl, "pipe", call, 1) - || is_named_call_p (callee_fndecl, "pipe2", call, 2)) + else if (is_pipe_call_p (callee_fndecl, "pipe", call, 1) + || is_pipe_call_p (callee_fndecl, "pipe2", call, 2)) { /* Handle in "on_call_post"; bail now so that fd array is left untouched so that we can detect use-of-uninit @@ -2403,8 +2403,8 @@ region_model::on_call_post (const gcall *call, impl_call_operator_delete (cd); return; } - else if (is_named_call_p (callee_fndecl, "pipe", call, 1) - || is_named_call_p (callee_fndecl, "pipe2", call, 2)) + else if (is_pipe_call_p (callee_fndecl, "pipe", call, 1) + || is_pipe_call_p (callee_fndecl, "pipe2", call, 2)) { impl_call_pipe (cd); return; diff --git a/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c b/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c new file mode 100644 index 00000000000..e9fc7fb4943 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c @@ -0,0 +1,5 @@ +void pipe(int); + +void f1(void) { + pipe(1); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c b/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c new file mode 100644 index 00000000000..0de676305f6 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c @@ -0,0 +1,11 @@ +extern void pipe(int pipefd[2]); +extern int close(int fd); + +void +test_unchecked (void) +{ + int fds[2]; + pipe (fds); /* { dg-message "when 'pipe' fails" } */ + close (fds[0]); /* { dg-warning "use of uninitialized value 'fds\\\[0\\\]'" } */ + close (fds[1]); /* { dg-warning "use of uninitialized value 'fds\\\[1\\\]'" } */ +} -- 2.26.3