From: David Malcolm <dmalcolm@redhat.com>
To: gcc-patches@gcc.gnu.org
Cc: David Malcolm <dmalcolm@redhat.com>
Subject: [PATCH 16/21] analyzer: fix -Wanalyzer-deref-before-check false positive seen in loop header macro [PR109251]
Date: Thu, 9 May 2024 13:42:31 -0400 [thread overview]
Message-ID: <20240509174236.2278921-17-dmalcolm@redhat.com> (raw)
In-Reply-To: <20240509174236.2278921-1-dmalcolm@redhat.com>
Backported from commit r14-9586-g9093f275e0a343 (moving tests from
c-c++-common to gcc.dg)
gcc/analyzer/ChangeLog:
PR analyzer/109251
* sm-malloc.cc (deref_before_check::emit): Reject cases where the
check is in a loop header within a macro expansion.
(deref_before_check::loop_header_p): New.
gcc/testsuite/ChangeLog:
PR analyzer/109251
* gcc.dg/analyzer/deref-before-check-pr109251-1.c: New test.
* gcc.dg/analyzer/deref-before-check-pr109251-2.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
gcc/analyzer/sm-malloc.cc | 30 ++++++++++
.../analyzer/deref-before-check-pr109251-1.c | 60 +++++++++++++++++++
.../analyzer/deref-before-check-pr109251-2.c | 37 ++++++++++++
3 files changed, 127 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-1.c
create mode 100644 gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-2.c
diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index 64295cfb66e..e9384a14dea 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -1565,6 +1565,21 @@ public:
if (linemap_location_from_macro_definition_p (line_table, check_loc))
return false;
+ /* Reject warning if the check is in a loop header within a
+ macro expansion. This rejects cases like:
+ | deref of x;
+ | [...snip...]
+ | FOR_EACH(x) {
+ | [...snip...]
+ | }
+ where the FOR_EACH macro tests for non-nullness of x, since
+ the user is hoping to encapsulate the details of iteration
+ in the macro, and the extra check on the first iteration
+ would just be noise if we reported it. */
+ if (loop_header_p (m_check_enode->get_point ())
+ && linemap_location_from_macro_expansion_p (line_table, check_loc))
+ return false;
+
/* Reject if m_deref_expr is sufficiently different from m_arg
for cases where the dereference is spelled differently from
the check, which is probably two different ways to get the
@@ -1621,6 +1636,21 @@ public:
}
private:
+ static bool loop_header_p (const program_point &point)
+ {
+ const supernode *snode = point.get_supernode ();
+ if (!snode)
+ return false;
+ for (auto &in_edge : snode->m_preds)
+ {
+ if (const cfg_superedge *cfg_in_edge
+ = in_edge->dyn_cast_cfg_superedge ())
+ if (cfg_in_edge->back_edge_p ())
+ return true;
+ }
+ return false;
+ }
+
static bool sufficiently_similar_p (tree expr_a, tree expr_b)
{
pretty_printer *pp_a = global_dc->printer->clone ();
diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-1.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-1.c
new file mode 100644
index 00000000000..769cffae6d7
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-1.c
@@ -0,0 +1,60 @@
+/* Reduced from linux-5.10.162's kernel/sched/fair.c,
+ with !CONFIG_FAIR_GROUP_SCHED. */
+
+#define NULL ((void*)0)
+
+struct load_weight
+{
+ unsigned long weight;
+ /* [...snip...] */
+};
+
+struct sched_entity
+{
+ struct load_weight load;
+ /* [...snip...] */
+ unsigned int on_rq;
+ /* [...snip...] */
+};
+
+struct cfs_rq
+{
+ /* [...snip...] */
+ unsigned int nr_running;
+ /* [...snip...] */
+};
+
+extern int
+__calc_delta(int delta_exec, unsigned long weight /* [...snip...] */);
+
+/* !CONFIG_FAIR_GROUP_SCHED */
+#define for_each_sched_entity(se) \
+ for (; se; se = (struct sched_entity *)NULL)
+
+extern struct cfs_rq*
+cfs_rq_of(struct sched_entity* se);
+
+extern int
+__sched_period(unsigned long nr_running);
+
+int
+sched_slice(struct cfs_rq* cfs_rq, struct sched_entity* se)
+{
+ unsigned int nr_running = cfs_rq->nr_running;
+ int slice;
+
+ /* [...snip...] */
+
+ slice = __sched_period(nr_running + !se->on_rq);
+
+ for_each_sched_entity(se) {
+ /* [...snip...] */
+ cfs_rq = cfs_rq_of(se);
+ /* [...snip...] */
+ slice = __calc_delta(slice, se->load.weight);
+ }
+
+ /* [...snip...] */
+
+ return slice;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-2.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-2.c
new file mode 100644
index 00000000000..8e85a47d315
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-2.c
@@ -0,0 +1,37 @@
+struct node
+{
+ struct node *next;
+ int val;
+};
+
+int test_loop_1 (struct node *n)
+{
+ int total = 0;
+ if (n->val = 42)
+ return -1;
+ for (struct node *iter = n; iter; iter=iter->next)
+ total += iter->val;
+ return total;
+}
+
+int test_loop_2 (struct node *n)
+{
+ int total = 0;
+ if (n->val = 42)
+ return -1;
+ for (; n; n=n->next)
+ total += n->val;
+ return total;
+}
+
+#define FOR_EACH_NODE(ITER) for (; (ITER); (ITER)=(ITER)->next)
+
+int test_loop_3 (struct node *n)
+{
+ int total = 0;
+ if (n->val = 42)
+ return -1;
+ FOR_EACH_NODE (n)
+ total += n->val;
+ return total;
+}
--
2.26.3
next prev parent reply other threads:[~2024-05-09 17:42 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 17:42 [pushed 00/21] Various backports to gcc 13 (analyzer, jit, diagnostics) David Malcolm
2024-05-09 17:42 ` [PATCH 01/21] analyzer: add caching to globals with initializers [PR110112] David Malcolm
2024-05-09 17:42 ` [PATCH 02/21] analyzer: Fix allocation size false positive on conjured svalue [PR109577] David Malcolm
2024-05-11 16:43 ` NightStrike
2024-05-09 17:42 ` [PATCH 03/21] testsuite: Add more allocation size tests for conjured svalues [PR110014] David Malcolm
2024-05-11 16:44 ` NightStrike
2024-05-09 17:42 ` [PATCH 04/21] jit: avoid using __vector in testcase [PR110466] David Malcolm
2024-05-09 17:42 ` [PATCH 05/21] jit.exp: handle dwarf version mismatch in jit-check-debug-info [PR110466] David Malcolm
2024-05-09 17:42 ` [PATCH 06/21] analyzer: fix ICE on division of tainted floating-point values [PR110700] David Malcolm
2024-05-09 17:42 ` [PATCH 07/21] analyzer: fix ICE on zero-sized arrays [PR110882] David Malcolm
2024-05-09 17:42 ` [PATCH 08/21] testsuite, analyzer: add test case [PR108171] David Malcolm
2024-05-09 17:42 ` [PATCH 09/21] jit: dump string literal initializers correctly David Malcolm
2024-05-09 17:42 ` [PATCH 10/21] analyzer: fix ICE for 2 bits before the start of base region [PR112889] David Malcolm
2024-05-09 17:42 ` [PATCH 11/21] analyzer: fix deref-before-check false positives due to inlining [PR112790] David Malcolm
2024-05-09 17:42 ` [PATCH 12/21] analyzer: casting all zeroes should give all zeroes [PR113333] David Malcolm
2024-05-09 17:42 ` [PATCH 13/21] analyzer: fix defaults in compound assignments from non-zero offsets [PR112969] David Malcolm
2024-05-09 17:42 ` [PATCH 14/21] analyzer: fix skipping of debug stmts [PR113253] David Malcolm
2024-05-09 17:42 ` [PATCH 15/21] analyzer: fix -Wanalyzer-va-arg-type-mismatch false +ve on int types [PR111289] David Malcolm
2024-05-09 17:42 ` David Malcolm [this message]
2024-05-09 17:42 ` [PATCH 17/21] analyzer: fix ICE due to type mismatch when replaying call summary [PR114473] David Malcolm
2024-05-09 17:42 ` [PATCH 18/21] analyzer: fix ICE and false positive with -Wanalyzer-deref-before-check [PR114408] David Malcolm
2024-05-09 17:42 ` [PATCH 19/21] diagnostics: fix ICE on sarif output when source file is unreadable [PR111700] David Malcolm
2024-05-09 17:42 ` [PATCH 20/21] Fix ICE in -fdiagnostics-generate-patch [PR112684] David Malcolm
2024-05-09 17:42 ` [PATCH 21/21] diagnostics: fix corrupt json/SARIF on stderr [PR114348] David Malcolm
2024-05-13 9:03 ` [pushed 00/21] Various backports to gcc 13 (analyzer, jit, diagnostics) Jakub Jelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240509174236.2278921-17-dmalcolm@redhat.com \
--to=dmalcolm@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).