diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2020-09-18 17:34:50 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2020-09-21 18:49:22 -0400 |
| commit | 15e7b93ba4256884c90198c678ed7eded4e73464 (patch) | |
| tree | 5fa02aa000936608becc8567a32f9542cec512fb | |
| parent | 7db5967f1050eb2b45e920b13d495d92ba4f16f4 (diff) | |
| download | gcc-15e7b93ba4256884c90198c678ed7eded4e73464.zip gcc-15e7b93ba4256884c90198c678ed7eded4e73464.tar.gz gcc-15e7b93ba4256884c90198c678ed7eded4e73464.tar.bz2 | |
analyzer: decls are not on the heap
Whilst debugging the remaining state explosion in PR analyzer/93355
I noticed that half of the states at an exploding program point had:
'malloc': {'&buf': 'non-heap'}
whereas the other half didn't, presumably depending on whether the path
to each enode had used this local buffer:
char buf[400];
This patch tweaks malloc_state_machine::get_default_state to be smarter
about this, so that we can implicitly treat pointers to decls as
non-heap, preventing pointless differences between sm_state_map
instances. With that, all of the states in question have equal (empty)
malloc sm-state - though the state explosion continues for other reasons.
gcc/analyzer/ChangeLog:
PR analyzer/93355
* sm-malloc.cc (malloc_state_machine::get_default_state): Look at
the base region when considering pointers. Treat pointers to
decls as being non-heap.
| -rw-r--r-- | gcc/analyzer/sm-malloc.cc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc index 90d1da1..12b2383 100644 --- a/gcc/analyzer/sm-malloc.cc +++ b/gcc/analyzer/sm-malloc.cc @@ -183,7 +183,9 @@ public: if (const region_svalue *ptr = sval->dyn_cast_region_svalue ()) { const region *reg = ptr->get_pointee (); - if (reg->get_kind () == RK_STRING) + const region *base_reg = reg->get_base_region (); + if (base_reg->get_kind () == RK_DECL + || base_reg->get_kind () == RK_STRING) return m_non_heap; } return m_start; |