diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2021-06-18 13:24:19 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2021-06-18 13:24:19 -0400 |
| commit | 3bb85b868722e69aef0d37858c0dc3c88d92a0eb (patch) | |
| tree | 623c7f644ade5186d0f594140fb23b53e973ce6b | |
| parent | 83faf7eacd2081a373afb6069fd923c2dc497271 (diff) | |
| download | gcc-3bb85b868722e69aef0d37858c0dc3c88d92a0eb.zip gcc-3bb85b868722e69aef0d37858c0dc3c88d92a0eb.tar.gz gcc-3bb85b868722e69aef0d37858c0dc3c88d92a0eb.tar.bz2 | |
analyzer: fix issue with symbolic reads with concrete bindings
gcc/analyzer/ChangeLog:
* store.cc (binding_cluster::get_any_binding): Make symbolic reads
from a cluster with concrete bindings return unknown.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/symbolic-7.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
| -rw-r--r-- | gcc/analyzer/store.cc | 10 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/symbolic-7.c | 44 |
2 files changed, 54 insertions, 0 deletions
diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc index b643b63..3203703 100644 --- a/gcc/analyzer/store.cc +++ b/gcc/analyzer/store.cc @@ -1177,6 +1177,16 @@ binding_cluster::get_any_binding (store_manager *mgr, return rmm_mgr->get_or_create_unknown_svalue (reg->get_type ()); } + /* Alternatively, if this is a symbolic read and the cluster has any bindings, + then we don't know if we're reading those values or not, so the result + is also "UNKNOWN". */ + if (reg->get_offset ().symbolic_p () + && m_map.elements () > 0) + { + region_model_manager *rmm_mgr = mgr->get_svalue_manager (); + return rmm_mgr->get_or_create_unknown_svalue (reg->get_type ()); + } + if (const svalue *compound_sval = maybe_get_compound_binding (mgr, reg)) return compound_sval; diff --git a/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c b/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c new file mode 100644 index 0000000..4f01367 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c @@ -0,0 +1,44 @@ +#include "analyzer-decls.h" + +extern void maybe_write (int *); + +void test_1 (int i) +{ + /* An array with purely concrete bindings. */ + int arr[2]; + arr[0] = 1066; + arr[1] = 1776; + + /* Concrete reads. */ + __analyzer_eval (arr[0] == 1066); /* { dg-warning "TRUE" } */ + __analyzer_eval (arr[1] == 1776); /* { dg-warning "TRUE" } */ + + /* Symbolic read. */ + __analyzer_describe (0, arr[i]); /* { dg-warning "svalue: 'UNKNOWN\\(int\\)'" } */ + __analyzer_eval (arr[i] == 1776); /* { dg-warning "UNKNOWN" } */ +} + +void test_2 (int i) +{ + /* An array that could have been touched. */ + int arr[2]; + maybe_write (arr); + + /* Concrete reads. */ + __analyzer_eval (arr[0] == 42); /* { dg-warning "UNKNOWN" } */ + + /* Symbolic read. */ + __analyzer_eval (arr[i] == 42); /* { dg-warning "UNKNOWN" } */ +} + +void test_3 (int i) +{ + /* An array that can't have been touched. */ + int arr[2]; + + /* Concrete reads. */ + __analyzer_eval (arr[0] == 42); /* { dg-warning "UNKNOWN" } */ + + /* Symbolic read. */ + __analyzer_eval (arr[i] == 42); /* { dg-warning "UNKNOWN" } */ +} |