MatCat.OpenSource/8sa1-gcc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
e4bb1bd60a
8sa1-gcc/gcc/testsuite/gcc.dg/analyzer/pr99771-1.c
David Malcolm e4bb1bd60a analyzer: avoid printing '<unknown>' for SSA names [PR99771] 
We don't want to print '<unknown>' in our diagnostics, but
PR analyzer/99771 lists various cases where -fanalyzer does, due to
using the SSA_NAME for a temporary when determining the best tree to
use.

This can happen in two ways:

(a) ...when a better expression than the SSA_NAME could be built, but
finding it requires traversing the relationships in the region_model
in a graph-like way, rather than by considering individual svalues and
regions.

(b) ...when the only remaining user of the underlying svalue is the
SSA_NAME, typically due to the diagnostic referring to a temporary.

I've been experimenting with fixing (a), but don't have a good fix yet.
In the meantime, this patch addresses (b) by detecting if we have
the SSA_NAME for a temporary, and, for the cases where it's possible,
reconstructing a tree by walking the def-stmts.  This fixes various
cases of (b) and ameliorates some cases of (a).

gcc/analyzer/ChangeLog:
	PR analyzer/99771
	* analyzer.cc (maybe_reconstruct_from_def_stmt): New.
	(fixup_tree_for_diagnostic_1): New.
	(fixup_tree_for_diagnostic): New.
	* analyzer.h (fixup_tree_for_diagnostic): New decl.
	* checker-path.cc (call_event::get_desc): Call
	fixup_tree_for_diagnostic and use it for the call_with_state call.
	(warning_event::get_desc): Likewise for the final_event and
	make_label_text calls.
	* engine.cc (impl_region_model_context::on_state_leak): Likewise
	for the on_leak and add_diagnostic calls.
	* region-model.cc (region_model::get_representative_tree):
	Likewise for the result.

gcc/testsuite/ChangeLog:
	PR analyzer/99771
	* gcc.dg/analyzer/data-model-10.c: Update expected output.
	* gcc.dg/analyzer/malloc-ipa-13.c: Likewise.
	* gcc.dg/analyzer/malloc-ipa-13a.c: New test.
	* gcc.dg/analyzer/pr99771-1.c: New test.
2021-03-31 19:16:48 -04:00

64 lines
2.8 KiB
C
Raw Blame History

/* Verify that we don't print "<unknown>" in various diagnostics
(PR analyzer/99771). */
#include <stdlib.h>
void test_1 (void)
{
*(char*)malloc (1024) = 42; /* { dg-warning "dereference of possibly-NULL 'malloc\\(1024\\)'" } */
} /* { dg-warning "leak of 'malloc\\(1024\\)'" "warning" } */
/* { dg-message "'malloc\\(1024\\)' leaks here" "final event" { target *-*-* } .-1 } */
void test_2 (size_t n)
{
*(char*)malloc (4 * n) = 42; /* { dg-warning "dereference of possibly-NULL 'malloc\\(n \\* 4\\)'" "warning" } */
/* { dg-message "'malloc\\(n \\* 4\\)' could be NULL" "final event" { target *-*-* } .-1 } */
} /* { dg-warning "leak of 'malloc\\(n \\* 4\\)'" "warning" } */
/* { dg-message "'malloc\\(n \\* 4\\)' leaks here" "final event" { target *-*-* } .-1 } */
/* A compound example. */
void test_3 (size_t a, size_t b, size_t c)
{
*(char*)malloc (a + (b * c)) = 42; /* { dg-warning "dereference of possibly-NULL 'malloc\\(a \\+ b \\* c\\)'" "warning" } */
/* { dg-message "'malloc\\(a \\+ b \\* c\\)' could be NULL" "final event" { target *-*-* } .-1 } */
} /* { dg-warning "leak of 'malloc\\(a \\+ b \\* c\\)'" "warning" } */
/* { dg-message "'malloc\\(a \\+ b \\* c\\)' leaks here" "final event" { target *-*-* } .-1 } */
void test_4 (size_t a, size_t b, size_t c)
{
*(char *)malloc (a ? b : c) = 42; /* { dg-warning "dereference of possibly-NULL 'malloc\\(<unknown>\\)'" "warning" } */
/* { dg-message "'malloc\\(<unknown>\\)' could be NULL" "final event" { target *-*-* } .-1 } */
} /* { dg-warning "leak of 'malloc\\(<unknown>\\)'" "warning" } */
/* { dg-message "'malloc\\(<unknown>\\)' leaks here" "final event" { target *-*-* } .-1 } */
/* Unary operators. */
void test_5 (size_t a)
{
*(char*)malloc (-a) = 42; /* { dg-warning "dereference of possibly-NULL 'malloc\\(-a\\)'" } */
} /* { dg-warning "leak of 'malloc\\(-a\\)'" "warning" } */
/* { dg-message "'malloc\\(-a\\)' leaks here" "final event" { target *-*-* } .-1 } */
void test_6 (size_t a)
{
*(char*)malloc (~a) = 42; /* { dg-warning "dereference of possibly-NULL 'malloc\\(~a\\)'" } */
} /* { dg-warning "leak of 'malloc\\(~a\\)'" "warning" } */
/* { dg-message "'malloc\\(~a\\)' leaks here" "final event" { target *-*-* } .-1 } */
/* Field access. */
struct s7 { size_t sz; };
void test_7a(struct s7 s)
{
*(char*)malloc (s.sz) = 42; /* { dg-warning "dereference of possibly-NULL 'malloc\\(s\\.sz\\)'" } */
} /* { dg-warning "leak of 'malloc\\(s\\.sz\\)'" "warning" } */
/* { dg-message "'malloc\\(s\\.sz\\)' leaks here" "final event" { target *-*-* } .-1 } */
void test_7b (struct s7 *s)
{
*(char*)malloc (s->sz) = 42; /* { dg-warning "dereference of possibly-NULL 'malloc\\(\\*s\\.sz\\)'" } */
} /* { dg-warning "leak of 'malloc\\(\\*s\\.sz\\)'" "warning" } */
/* { dg-message "'malloc\\(\\*s\\.sz\\)' leaks here" "final event" { target *-*-* } .-1 } */
Reference in New Issue View Git Blame Copy Permalink