[PATCH 16/21] analyzer: fix -Wanalyzer-deref-before-check false positive seen in loop header macro [PR109251]

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: David Malcolm <dmalcolm@redhat.com>
To: gcc-patches@gcc.gnu.org
Cc: David Malcolm <dmalcolm@redhat.com>
Subject: [PATCH 16/21] analyzer: fix -Wanalyzer-deref-before-check false positive seen in loop header macro [PR109251]
Date: Thu,  9 May 2024 13:42:31 -0400	[thread overview]
Message-ID: <20240509174236.2278921-17-dmalcolm@redhat.com> (raw)
In-Reply-To: <20240509174236.2278921-1-dmalcolm@redhat.com>

Backported from commit r14-9586-g9093f275e0a343 (moving tests from
c-c++-common to gcc.dg)

gcc/analyzer/ChangeLog:
	PR analyzer/109251
	* sm-malloc.cc (deref_before_check::emit): Reject cases where the
	check is in a loop header within a macro expansion.
	(deref_before_check::loop_header_p): New.

gcc/testsuite/ChangeLog:
	PR analyzer/109251
	* gcc.dg/analyzer/deref-before-check-pr109251-1.c: New test.
	* gcc.dg/analyzer/deref-before-check-pr109251-2.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/sm-malloc.cc                     | 30 ++++++++++
 .../analyzer/deref-before-check-pr109251-1.c  | 60 +++++++++++++++++++
 .../analyzer/deref-before-check-pr109251-2.c  | 37 ++++++++++++
 3 files changed, 127 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-1.c
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-2.c

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index 64295cfb66e..e9384a14dea 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -1565,6 +1565,21 @@ public:
     if (linemap_location_from_macro_definition_p (line_table, check_loc))
       return false;
 
+    /* Reject warning if the check is in a loop header within a
+       macro expansion.  This rejects cases like:
+       |  deref of x;
+       |  [...snip...]
+       |  FOR_EACH(x) {
+       |    [...snip...]
+       |  }
+       where the FOR_EACH macro tests for non-nullness of x, since
+       the user is hoping to encapsulate the details of iteration
+       in the macro, and the extra check on the first iteration
+       would just be noise if we reported it.  */
+    if (loop_header_p (m_check_enode->get_point ())
+	&& linemap_location_from_macro_expansion_p (line_table, check_loc))
+      return false;
+
     /* Reject if m_deref_expr is sufficiently different from m_arg
        for cases where the dereference is spelled differently from
        the check, which is probably two different ways to get the
@@ -1621,6 +1636,21 @@ public:
   }
 
 private:
+  static bool loop_header_p (const program_point &point)
+  {
+    const supernode *snode = point.get_supernode ();
+    if (!snode)
+      return false;
+    for (auto &in_edge : snode->m_preds)
+      {
+	if (const cfg_superedge *cfg_in_edge
+	      = in_edge->dyn_cast_cfg_superedge ())
+	  if (cfg_in_edge->back_edge_p ())
+	    return true;
+      }
+    return false;
+  }
+
   static bool sufficiently_similar_p (tree expr_a, tree expr_b)
   {
     pretty_printer *pp_a = global_dc->printer->clone ();
diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-1.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-1.c
new file mode 100644
index 00000000000..769cffae6d7
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-1.c
@@ -0,0 +1,60 @@
+/* Reduced from linux-5.10.162's kernel/sched/fair.c,
+   with !CONFIG_FAIR_GROUP_SCHED.  */
+
+#define NULL ((void*)0)
+
+struct load_weight
+{
+  unsigned long weight;
+  /* [...snip...] */
+};
+
+struct sched_entity
+{
+  struct load_weight load;
+  /* [...snip...] */
+  unsigned int on_rq;
+  /* [...snip...] */
+};
+
+struct cfs_rq
+{
+  /* [...snip...] */
+  unsigned int nr_running;
+  /* [...snip...] */
+};
+
+extern int
+__calc_delta(int delta_exec, unsigned long weight /* [...snip...] */);
+
+/* !CONFIG_FAIR_GROUP_SCHED */
+#define for_each_sched_entity(se) \
+  for (; se; se = (struct sched_entity *)NULL)
+
+extern struct cfs_rq*
+cfs_rq_of(struct sched_entity* se);
+
+extern int
+__sched_period(unsigned long nr_running);
+
+int
+sched_slice(struct cfs_rq* cfs_rq, struct sched_entity* se)
+{
+  unsigned int nr_running = cfs_rq->nr_running;
+  int slice;
+
+  /* [...snip...] */
+
+  slice = __sched_period(nr_running + !se->on_rq);
+
+  for_each_sched_entity(se) {
+    /* [...snip...] */
+    cfs_rq = cfs_rq_of(se);
+    /* [...snip...] */
+    slice = __calc_delta(slice, se->load.weight);
+  }
+
+  /* [...snip...] */
+
+  return slice;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-2.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-2.c
new file mode 100644
index 00000000000..8e85a47d315
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr109251-2.c
@@ -0,0 +1,37 @@
+struct node
+{
+  struct node *next;
+  int val;
+};
+
+int test_loop_1 (struct node *n)
+{
+  int total = 0;
+  if (n->val = 42)
+    return -1;
+  for (struct node *iter = n; iter; iter=iter->next)
+    total += iter->val;
+  return total;
+}
+
+int test_loop_2 (struct node *n)
+{
+  int total = 0;
+  if (n->val = 42)
+    return -1;
+  for (; n; n=n->next)
+    total += n->val;
+  return total;
+}
+
+#define FOR_EACH_NODE(ITER) for (; (ITER); (ITER)=(ITER)->next)
+
+int test_loop_3 (struct node *n)
+{
+  int total = 0;
+  if (n->val = 42)
+    return -1;
+  FOR_EACH_NODE (n)
+    total += n->val;
+  return total;
+}
-- 
2.26.3

next prev parent reply	other threads:[~2024-05-09 17:42 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-09 17:42 [pushed 00/21] Various backports to gcc 13 (analyzer, jit, diagnostics) David Malcolm
2024-05-09 17:42 ` [PATCH 01/21] analyzer: add caching to globals with initializers [PR110112] David Malcolm
2024-05-09 17:42 ` [PATCH 02/21] analyzer: Fix allocation size false positive on conjured svalue [PR109577] David Malcolm
2024-05-11 16:43   ` NightStrike
2024-05-09 17:42 ` [PATCH 03/21] testsuite: Add more allocation size tests for conjured svalues [PR110014] David Malcolm
2024-05-11 16:44   ` NightStrike
2024-05-09 17:42 ` [PATCH 04/21] jit: avoid using __vector in testcase [PR110466] David Malcolm
2024-05-09 17:42 ` [PATCH 05/21] jit.exp: handle dwarf version mismatch in jit-check-debug-info [PR110466] David Malcolm
2024-05-09 17:42 ` [PATCH 06/21] analyzer: fix ICE on division of tainted floating-point values [PR110700] David Malcolm
2024-05-09 17:42 ` [PATCH 07/21] analyzer: fix ICE on zero-sized arrays [PR110882] David Malcolm
2024-05-09 17:42 ` [PATCH 08/21] testsuite, analyzer: add test case [PR108171] David Malcolm
2024-05-09 17:42 ` [PATCH 09/21] jit: dump string literal initializers correctly David Malcolm
2024-05-09 17:42 ` [PATCH 10/21] analyzer: fix ICE for 2 bits before the start of base region [PR112889] David Malcolm
2024-05-09 17:42 ` [PATCH 11/21] analyzer: fix deref-before-check false positives due to inlining [PR112790] David Malcolm
2024-05-09 17:42 ` [PATCH 12/21] analyzer: casting all zeroes should give all zeroes [PR113333] David Malcolm
2024-05-09 17:42 ` [PATCH 13/21] analyzer: fix defaults in compound assignments from non-zero offsets [PR112969] David Malcolm
2024-05-09 17:42 ` [PATCH 14/21] analyzer: fix skipping of debug stmts [PR113253] David Malcolm
2024-05-09 17:42 ` [PATCH 15/21] analyzer: fix -Wanalyzer-va-arg-type-mismatch false +ve on int types [PR111289] David Malcolm
2024-05-09 17:42 ` David Malcolm [this message]
2024-05-09 17:42 ` [PATCH 17/21] analyzer: fix ICE due to type mismatch when replaying call summary [PR114473] David Malcolm
2024-05-09 17:42 ` [PATCH 18/21] analyzer: fix ICE and false positive with -Wanalyzer-deref-before-check [PR114408] David Malcolm
2024-05-09 17:42 ` [PATCH 19/21] diagnostics: fix ICE on sarif output when source file is unreadable [PR111700] David Malcolm
2024-05-09 17:42 ` [PATCH 20/21] Fix ICE in -fdiagnostics-generate-patch [PR112684] David Malcolm
2024-05-09 17:42 ` [PATCH 21/21] diagnostics: fix corrupt json/SARIF on stderr [PR114348] David Malcolm
2024-05-13  9:03 ` [pushed 00/21] Various backports to gcc 13 (analyzer, jit, diagnostics) Jakub Jelinek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240509174236.2278921-17-dmalcolm@redhat.com \
    --to=dmalcolm@redhat.com \
    --cc=gcc-patches@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).