From: David Malcolm <dmalcolm@redhat.com>
To: gcc-patches@gcc.gnu.org
Cc: David Malcolm <dmalcolm@redhat.com>
Subject: [PATCH 12/21] analyzer: casting all zeroes should give all zeroes [PR113333]
Date: Thu, 9 May 2024 13:42:27 -0400 [thread overview]
Message-ID: <20240509174236.2278921-13-dmalcolm@redhat.com> (raw)
In-Reply-To: <20240509174236.2278921-1-dmalcolm@redhat.com>
In particular, accessing the result of *calloc (1, SZ) (if non-NULL)
should be known to be all zeroes.
(backported from commit r14-7265-gd235bf2e807c5f)
gcc/analyzer/ChangeLog:
PR analyzer/113333
* region-model-manager.cc
(region_model_manager::maybe_fold_unaryop): Casting all zeroes
should give all zeroes.
gcc/testsuite/ChangeLog:
PR analyzer/113333
* gcc.dg/analyzer/calloc-1.c: Add tests.
* gcc.dg/analyzer/data-model-9.c: Update expected results.
* gcc.dg/analyzer/pr96639.c: Update expected results.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
gcc/analyzer/region-model-manager.cc | 6 ++++
gcc/testsuite/gcc.dg/analyzer/calloc-1.c | 34 ++++++++++++++++++++
gcc/testsuite/gcc.dg/analyzer/data-model-9.c | 6 ++--
gcc/testsuite/gcc.dg/analyzer/pr96639.c | 2 +-
4 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc
index 1a9886fd83c..51a2d8b029f 100644
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@@ -422,6 +422,12 @@ region_model_manager::maybe_fold_unaryop (tree type, enum tree_code op,
&& region_sval->get_type ()
&& POINTER_TYPE_P (region_sval->get_type ()))
return get_ptr_svalue (type, region_sval->get_pointee ());
+
+ /* Casting all zeroes should give all zeroes. */
+ if (type
+ && arg->all_zeroes_p ()
+ && (INTEGRAL_TYPE_P (type) || POINTER_TYPE_P (type)))
+ return get_or_create_int_cst (type, 0);
}
break;
case TRUTH_NOT_EXPR:
diff --git a/gcc/testsuite/gcc.dg/analyzer/calloc-1.c b/gcc/testsuite/gcc.dg/analyzer/calloc-1.c
index bc28128671f..efb1a24c96a 100644
--- a/gcc/testsuite/gcc.dg/analyzer/calloc-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/calloc-1.c
@@ -25,3 +25,37 @@ char *test_1 (size_t sz)
return p;
}
+
+char **
+test_pr113333_1 (void)
+{
+ char **p = (char **)calloc (1, sizeof(char *));
+ if (p)
+ {
+ __analyzer_eval (*p == 0); /* { dg-warning "TRUE" } */
+ __analyzer_eval (p[0] == 0); /* { dg-warning "TRUE" } */
+ }
+ return p;
+}
+
+char **
+test_pr113333_2 (void)
+{
+ char **p = (char **)calloc (2, sizeof(char *));
+ if (p)
+ {
+ __analyzer_eval (*p == 0); /* { dg-warning "TRUE" } */
+ __analyzer_eval (p[0] == 0); /* { dg-warning "TRUE" } */
+ __analyzer_eval (p[1] == 0); /* { dg-warning "TRUE" } */
+ }
+ return p;
+}
+
+char **
+test_pr113333_3 (void)
+{
+ char **vec = (char **)calloc (1, sizeof(char *));
+ if (vec)
+ for (char **p=vec ; *p ; p++); /* { dg-bogus "heap-based buffer over-read" } */
+ return vec;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/data-model-9.c b/gcc/testsuite/gcc.dg/analyzer/data-model-9.c
index 159bc612576..2121f20c4f0 100644
--- a/gcc/testsuite/gcc.dg/analyzer/data-model-9.c
+++ b/gcc/testsuite/gcc.dg/analyzer/data-model-9.c
@@ -14,8 +14,7 @@ void test_1 (void)
struct foo *f = calloc (1, sizeof (struct foo));
if (f == NULL)
return;
- __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" "desired" { xfail *-*-* } } */
- /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */
+ __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" } */
free (f);
}
@@ -27,7 +26,6 @@ void test_2 (void)
if (f == NULL)
return;
memset (f, 0, sizeof (struct foo));
- __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" "desired" { xfail *-*-* } } */
- /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */
+ __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" } */
free (f);
}
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96639.c b/gcc/testsuite/gcc.dg/analyzer/pr96639.c
index aedf0464dc9..c06a5c02f79 100644
--- a/gcc/testsuite/gcc.dg/analyzer/pr96639.c
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96639.c
@@ -6,5 +6,5 @@ x7 (void)
int **md = calloc (1, sizeof (void *));
return md[0][0]; /* { dg-warning "possibly-NULL" "unchecked deref" } */
- /* { dg-warning "leak of 'md'" "leak" { target *-*-* } .-1 } */
+ /* { dg-warning "Wanalyzer-null-dereference" "deref of NULL" { target *-*-* } .-1 } */
}
--
2.26.3
next prev parent reply other threads:[~2024-05-09 17:42 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 17:42 [pushed 00/21] Various backports to gcc 13 (analyzer, jit, diagnostics) David Malcolm
2024-05-09 17:42 ` [PATCH 01/21] analyzer: add caching to globals with initializers [PR110112] David Malcolm
2024-05-09 17:42 ` [PATCH 02/21] analyzer: Fix allocation size false positive on conjured svalue [PR109577] David Malcolm
2024-05-11 16:43 ` NightStrike
2024-05-09 17:42 ` [PATCH 03/21] testsuite: Add more allocation size tests for conjured svalues [PR110014] David Malcolm
2024-05-11 16:44 ` NightStrike
2024-05-09 17:42 ` [PATCH 04/21] jit: avoid using __vector in testcase [PR110466] David Malcolm
2024-05-09 17:42 ` [PATCH 05/21] jit.exp: handle dwarf version mismatch in jit-check-debug-info [PR110466] David Malcolm
2024-05-09 17:42 ` [PATCH 06/21] analyzer: fix ICE on division of tainted floating-point values [PR110700] David Malcolm
2024-05-09 17:42 ` [PATCH 07/21] analyzer: fix ICE on zero-sized arrays [PR110882] David Malcolm
2024-05-09 17:42 ` [PATCH 08/21] testsuite, analyzer: add test case [PR108171] David Malcolm
2024-05-09 17:42 ` [PATCH 09/21] jit: dump string literal initializers correctly David Malcolm
2024-05-09 17:42 ` [PATCH 10/21] analyzer: fix ICE for 2 bits before the start of base region [PR112889] David Malcolm
2024-05-09 17:42 ` [PATCH 11/21] analyzer: fix deref-before-check false positives due to inlining [PR112790] David Malcolm
2024-05-09 17:42 ` David Malcolm [this message]
2024-05-09 17:42 ` [PATCH 13/21] analyzer: fix defaults in compound assignments from non-zero offsets [PR112969] David Malcolm
2024-05-09 17:42 ` [PATCH 14/21] analyzer: fix skipping of debug stmts [PR113253] David Malcolm
2024-05-09 17:42 ` [PATCH 15/21] analyzer: fix -Wanalyzer-va-arg-type-mismatch false +ve on int types [PR111289] David Malcolm
2024-05-09 17:42 ` [PATCH 16/21] analyzer: fix -Wanalyzer-deref-before-check false positive seen in loop header macro [PR109251] David Malcolm
2024-05-09 17:42 ` [PATCH 17/21] analyzer: fix ICE due to type mismatch when replaying call summary [PR114473] David Malcolm
2024-05-09 17:42 ` [PATCH 18/21] analyzer: fix ICE and false positive with -Wanalyzer-deref-before-check [PR114408] David Malcolm
2024-05-09 17:42 ` [PATCH 19/21] diagnostics: fix ICE on sarif output when source file is unreadable [PR111700] David Malcolm
2024-05-09 17:42 ` [PATCH 20/21] Fix ICE in -fdiagnostics-generate-patch [PR112684] David Malcolm
2024-05-09 17:42 ` [PATCH 21/21] diagnostics: fix corrupt json/SARIF on stderr [PR114348] David Malcolm
2024-05-13 9:03 ` [pushed 00/21] Various backports to gcc 13 (analyzer, jit, diagnostics) Jakub Jelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240509174236.2278921-13-dmalcolm@redhat.com \
--to=dmalcolm@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).