diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2022-12-06 18:24:16 -0500 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2022-12-06 18:24:16 -0500 |
| commit | dfe2ef7f2b6cac7017f32a0a04f74e1b6d9f1311 (patch) | |
| tree | ad0f486c15d0251b91323d06be965402bd95d680 /gcc/analyzer/store.h | |
| parent | 2a23b93f944fa78d4284eb5687051c224e5ab08f (diff) | |
| download | gcc-dfe2ef7f2b6cac7017f32a0a04f74e1b6d9f1311.zip gcc-dfe2ef7f2b6cac7017f32a0a04f74e1b6d9f1311.tar.gz gcc-dfe2ef7f2b6cac7017f32a0a04f74e1b6d9f1311.tar.bz2 | |
analyzer: don't create bindings or binding keys for empty regions [PR107882]
PR analyzer/107882 reports an ICE, due to trying to get a compound svalue
for this binding:
cluster for: a:
key: {bytes 0-3}
value: {UNKNOWN()}
key: {empty}
value: {UNKNOWN()}
key: {bytes 4-7}
value: {UNKNOWN()}
where there's an binding to the unknown value of zero bits in size
"somewhere" within "a" (perhaps between bits 3 and 4?)
This makes no sense, so this patch adds an assertion that we never
attempt to create a binding key for an empty region, and adds early
rejection of attempts to get or set the values of such regions, fixing
the ICE.
gcc/analyzer/ChangeLog:
PR analyzer/107882
* region-model.cc (region_model::get_store_value): Return an
unknown value for empty regions.
(region_model::set_value): Bail on empty regions.
* region.cc (region::empty_p): New.
* region.h (region::empty_p): New decl.
* state-purge.cc (same_binding_p): Bail if either region is empty.
* store.cc (binding_key::make): Assert that a concrete binding's
bit_size must be > 0.
(binding_cluster::mark_region_as_unknown): Bail on empty regions.
(binding_cluster::get_binding): Likewise.
(binding_cluster::remove_overlapping_bindings): Likewise.
(binding_cluster::on_unknown_fncall): Don't conjure values for
empty regions.
(store::fill_region): Bail on empty regions.
* store.h (class concrete_binding): Update comment to reflect that
the range of bits must be non-empty.
(concrete_binding::concrete_binding): Assert that bit range is
non-empty.
gcc/testsuite/ChangeLog:
PR analyzer/107882
* gcc.dg/analyzer/memcpy-pr107882.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'gcc/analyzer/store.h')
| -rw-r--r-- | gcc/analyzer/store.h | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/gcc/analyzer/store.h b/gcc/analyzer/store.h index 6243ec6..30284eb 100644 --- a/gcc/analyzer/store.h +++ b/gcc/analyzer/store.h @@ -356,8 +356,8 @@ struct byte_range byte_size_t m_size_in_bytes; }; -/* Concrete subclass of binding_key, for describing a concrete range of - bits within the binding_map (e.g. "bits 8-15"). */ +/* Concrete subclass of binding_key, for describing a non-empty + concrete range of bits within the binding_map (e.g. "bits 8-15"). */ class concrete_binding : public binding_key { @@ -367,7 +367,9 @@ public: concrete_binding (bit_offset_t start_bit_offset, bit_size_t size_in_bits) : m_bit_range (start_bit_offset, size_in_bits) - {} + { + gcc_assert (!m_bit_range.empty_p ()); + } bool concrete_p () const final override { return true; } hashval_t hash () const |