From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=k/Rd=4O=redhat.com=dmalcolm@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by sourceware.org (Postfix) with ESMTPS id B56BD384D6DB
	for <gcc-patches@gcc.gnu.org>; Fri, 16 Dec 2022 19:54:01 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B56BD384D6DB
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1671220441;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2n36Sf1sqXlJqoDCoV16gUH9yYDEZOxCJdJ6/7r5Jo8=;
	b=SbOBLfIgTkd1m5XCoG4//jLdsOYwXiMzqnIrkXfvScvCFj30D1/NDA5oNWFAIuPKlJsCsx
	SGsG8QTI+ScnJMmqlJGALl0aWhlMBH3fBFn9YA8ISzUrplZT5tsxP+XM/1brWsi4c+U7Kh
	zxfYzocfCnLb0613tpUamwBDtFdUHTg=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-36-l5Ks9REoOOKujmwAg2-7YA-1; Fri, 16 Dec 2022 14:53:59 -0500
X-MC-Unique: l5Ks9REoOOKujmwAg2-7YA-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 530A085CCE0
	for <gcc-patches@gcc.gnu.org>; Fri, 16 Dec 2022 19:53:59 +0000 (UTC)
Received: from t14s.localdomain.com (unknown [10.2.17.99])
	by smtp.corp.redhat.com (Postfix) with ESMTP id C459F40C2064;
	Fri, 16 Dec 2022 19:53:58 +0000 (UTC)
From: David Malcolm <dmalcolm@redhat.com>
To: gcc-patches@gcc.gnu.org
Cc: David Malcolm <dmalcolm@redhat.com>
Subject: [committed] analyzer: add src_region param to region_model::check_for_poison [PR106479]
Date: Fri, 16 Dec 2022 14:53:55 -0500
Message-Id: <20221216195355.465351-1-dmalcolm@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

PR analyzer/106479 notes that we don't always show the region-creation
event for a memmove from an uninitialized stack region.  This occurs
when using kf_memcpy_memmove.  Fix by passing a src_region hint to
region_model::check_for_poison.

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r13-4750-g2fdc8546b5c6cb.

gcc/analyzer/ChangeLog:
	PR analyzer/106479
	* kf.cc (kf_memcpy_memmove::impl_call_pre): Pass in source region
	to region_model::check_for_poison.
	* region-model-asm.cc (region_model::on_asm_stmt): Pass NULL
	region to region_model::check_for_poison.
	* region-model.cc (region_model::check_for_poison): Add
	"src_region" param, and pass it to poisoned_value_diagnostic.
	(region_model::on_assignment): Pass NULL region to
	region_model::check_for_poison.
	(region_model::get_rvalue): Likewise.
	* region-model.h (region_model::check_for_poison): Add
	"src_region" param.
	* sm-fd.cc (fd_state_machine::on_accept): Pass in source region
	to region_model::check_for_poison.
	* varargs.cc (kf_va_copy::impl_call_pre): Pass NULL region to
	region_model::check_for_poison.
	(kf_va_arg::impl_call_pre): Pass in source region to
	region_model::check_for_poison.

gcc/testsuite/ChangeLog:
	PR analyzer/106479
	* gcc.dg/analyzer/pr104308.c (test_memmove_within_uninit): Remove
	xfail on region creation event.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/kf.cc                       |  2 +-
 gcc/analyzer/region-model-asm.cc         |  2 +-
 gcc/analyzer/region-model.cc             | 11 ++++++-----
 gcc/analyzer/region-model.h              |  1 +
 gcc/analyzer/sm-fd.cc                    |  1 +
 gcc/analyzer/varargs.cc                  |  3 ++-
 gcc/testsuite/gcc.dg/analyzer/pr104308.c |  2 +-
 7 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/gcc/analyzer/kf.cc b/gcc/analyzer/kf.cc
index ff2f1b1ef9c..6088bfc72c0 100644
--- a/gcc/analyzer/kf.cc
+++ b/gcc/analyzer/kf.cc
@@ -288,7 +288,7 @@ kf_memcpy_memmove::impl_call_pre (const call_details &cd) const
   const svalue *src_contents_sval
     = model->get_store_value (sized_src_reg, cd.get_ctxt ());
   model->check_for_poison (src_contents_sval, cd.get_arg_tree (1),
-			   cd.get_ctxt ());
+			   sized_src_reg, cd.get_ctxt ());
   model->set_value (sized_dest_reg, src_contents_sval, cd.get_ctxt ());
 }
 
diff --git a/gcc/analyzer/region-model-asm.cc b/gcc/analyzer/region-model-asm.cc
index 171b2496f58..ac32c6f06f7 100644
--- a/gcc/analyzer/region-model-asm.cc
+++ b/gcc/analyzer/region-model-asm.cc
@@ -226,7 +226,7 @@ region_model::on_asm_stmt (const gasm *stmt, region_model_context *ctxt)
 
       tree src_expr = input_tvec[i];
       const svalue *src_sval = get_rvalue (src_expr, ctxt);
-      check_for_poison (src_sval, src_expr, ctxt);
+      check_for_poison (src_sval, src_expr, NULL, ctxt);
       input_svals.quick_push (src_sval);
       reachable_regs.handle_sval (src_sval);
 
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index f6cd34f4c22..55064400a08 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1004,11 +1004,13 @@ due_to_ifn_deferred_init_p (const gassign *assign_stmt)
 
 /* Check for SVAL being poisoned, adding a warning to CTXT.
    Return SVAL, or, if a warning is added, another value, to avoid
-   repeatedly complaining about the same poisoned value in followup code.  */
+   repeatedly complaining about the same poisoned value in followup code.
+   SRC_REGION is a hint about where SVAL came from, and can be NULL.  */
 
 const svalue *
 region_model::check_for_poison (const svalue *sval,
 				tree expr,
+				const region *src_region,
 				region_model_context *ctxt) const
 {
   if (!ctxt)
@@ -1046,8 +1048,7 @@ region_model::check_for_poison (const svalue *sval,
 	 the tree other than via the def stmts, using
 	 fixup_tree_for_diagnostic.  */
       tree diag_arg = fixup_tree_for_diagnostic (expr);
-      const region *src_region = NULL;
-      if (pkind == POISON_KIND_UNINIT)
+      if (src_region == NULL && pkind == POISON_KIND_UNINIT)
 	src_region = get_region_for_poisoned_expr (expr);
       if (ctxt->warn (make_unique<poisoned_value_diagnostic> (diag_arg,
 							      pkind,
@@ -1100,7 +1101,7 @@ region_model::on_assignment (const gassign *assign, region_model_context *ctxt)
   if (const svalue *sval = get_gassign_result (assign, ctxt))
     {
       tree expr = get_diagnostic_tree_for_gassign (assign);
-      check_for_poison (sval, expr, ctxt);
+      check_for_poison (sval, expr, NULL, ctxt);
       set_value (lhs_reg, sval, ctxt);
       return;
     }
@@ -2227,7 +2228,7 @@ region_model::get_rvalue (path_var pv, region_model_context *ctxt) const
 
   assert_compat_types (result_sval->get_type (), TREE_TYPE (pv.m_tree));
 
-  result_sval = check_for_poison (result_sval, pv.m_tree, ctxt);
+  result_sval = check_for_poison (result_sval, pv.m_tree, NULL, ctxt);
 
   return result_sval;
 }
diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h
index 626b10d2538..e8767e5ed41 100644
--- a/gcc/analyzer/region-model.h
+++ b/gcc/analyzer/region-model.h
@@ -485,6 +485,7 @@ class region_model
 
   const svalue *check_for_poison (const svalue *sval,
 				  tree expr,
+				  const region *src_region,
 				  region_model_context *ctxt) const;
 
   void check_region_for_write (const region *dest_reg,
diff --git a/gcc/analyzer/sm-fd.cc b/gcc/analyzer/sm-fd.cc
index 50e1313f85b..03bcdfa60b4 100644
--- a/gcc/analyzer/sm-fd.cc
+++ b/gcc/analyzer/sm-fd.cc
@@ -1992,6 +1992,7 @@ fd_state_machine::on_accept (const call_details &cd,
 				  build_int_cst (TREE_TYPE (len_ptr), 0));
       old_len_sval = model->check_for_poison (old_len_sval,
 					      star_len_ptr,
+					      len_reg,
 					      cd.get_ctxt ());
       if (successful)
 	{
diff --git a/gcc/analyzer/varargs.cc b/gcc/analyzer/varargs.cc
index 1a3bddee4b2..5414f233ab1 100644
--- a/gcc/analyzer/varargs.cc
+++ b/gcc/analyzer/varargs.cc
@@ -723,6 +723,7 @@ kf_va_copy::impl_call_pre (const call_details &cd) const
   in_va_list
     = model->check_for_poison (in_va_list,
 			       get_va_list_diag_arg (cd.get_arg_tree (1)),
+			       NULL,
 			       cd.get_ctxt ());
 
   const region *out_dst_reg
@@ -1004,7 +1005,7 @@ kf_va_arg::impl_call_pre (const call_details &cd) const
     ap_sval = cast;
 
   tree va_list_tree = get_va_list_diag_arg (cd.get_arg_tree (0));
-  ap_sval = model->check_for_poison (ap_sval, va_list_tree, ctxt);
+  ap_sval = model->check_for_poison (ap_sval, va_list_tree, ap_reg, ctxt);
 
   if (const region *impl_reg = ap_sval->maybe_get_region ())
     {
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr104308.c b/gcc/testsuite/gcc.dg/analyzer/pr104308.c
index e6a2c8821bf..a3a0cbb7317 100644
--- a/gcc/testsuite/gcc.dg/analyzer/pr104308.c
+++ b/gcc/testsuite/gcc.dg/analyzer/pr104308.c
@@ -6,7 +6,7 @@
 
 int test_memmove_within_uninit (void)
 {
-  char s[5]; /* { dg-message "region created on stack here" "" { xfail riscv*-*-* } } */
+  char s[5]; /* { dg-message "region created on stack here" } */
   memmove(s, s + 1, 2); /* { dg-warning "use of uninitialized value" } */
   return 0;
 }
-- 
2.26.3