diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2021-07-19 15:44:02 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2021-07-19 15:44:02 -0400 |
| commit | a113b14398f2a4ad2742e6e9c87e25cac60f263e (patch) | |
| tree | 8022ef245e77dfa5ecfa223395d01bf907f54b37 /gcc/analyzer/svalue.h | |
| parent | f007a638a86e4b59bef0a0d8efa5bb8c5e5b200a (diff) | |
| download | gcc-a113b14398f2a4ad2742e6e9c87e25cac60f263e.zip gcc-a113b14398f2a4ad2742e6e9c87e25cac60f263e.tar.gz gcc-a113b14398f2a4ad2742e6e9c87e25cac60f263e.tar.bz2 | |
analyzer: add svalue::can_have_associated_state_p [PR101503]
PR analyzer/101503 reports an assertion failure due to an unexpected
"UNKNOWN" value (due to using --param analyzer-max-svalue-depth=0).
This patch fixes this by rejecting attempts to purge state involving
unknown/poisoned svalues (in region_model::purge_state_involving),
as these svalues should not have state associated with them - they
are singletons w.r.t each type.
To be more systematic about this, the patch also introduces a new
svalue::can_have_associated_state_p which returns false for
unknown/poisoned svalues, so that we can reject adding constraints
or sm-state on them, or building various kinds of svalue in terms
of them (e.g. unary ops, binary ops, etc).
gcc/analyzer/ChangeLog:
PR analyzer/101503
* constraint-manager.cc (constraint_manager::add_constraint): Use
can_have_associated_state_p rather than testing for unknown.
(constraint_manager::get_or_add_equiv_class): Likewise.
* program-state.cc (sm_state_map::set_state): Likewise.
(sm_state_map::impl_set_state): Add assertion.
* region-model-manager.cc
(region_model_manager::maybe_fold_unaryop): Handle poisoned
values.
(region_model_manager::maybe_fold_binop): Move handling of unknown
values...
(region_model_manager::get_or_create_binop): ...to here, and
generalize to use can_have_associated_state_p.
(region_model_manager::maybe_fold_sub_svalue): Use
can_have_associated_state_p rather than testing for unknown.
(region_model_manager::maybe_fold_repeated_svalue): Use unknown
when the size or repeated value is "unknown"/"poisoned".
* region-model.cc (region_model::purge_state_involving): Reject
attempts to purge unknown/poisoned svalues, as these svalues
should not have state associated with them.
* svalue.cc (sub_svalue::sub_svalue): Assert that we're building
on top of an svalue with can_have_associated_state_p.
(repeated_svalue::repeated_svalue): Likewise.
(bits_within_svalue::bits_within_svalue): Likewise.
* svalue.h (svalue::can_have_associated_state_p): New.
(unknown_svalue::can_have_associated_state_p): New.
(poisoned_svalue::can_have_associated_state_p): New.
(unaryop_svalue::unaryop_svalue): Assert that we're building on
top of an svalue with can_have_associated_state_p.
(binop_svalue::binop_svalue): Likewise.
(widening_svalue::widening_svalue): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/101503
* gcc.dg/analyzer/pr101503.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'gcc/analyzer/svalue.h')
| -rw-r--r-- | gcc/analyzer/svalue.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/gcc/analyzer/svalue.h b/gcc/analyzer/svalue.h index 1519889..debe439 100644 --- a/gcc/analyzer/svalue.h +++ b/gcc/analyzer/svalue.h @@ -160,6 +160,11 @@ public: virtual bool all_zeroes_p () const; + /* Can this svalue be involved in constraints and sm-state? + Most can, but UNKNOWN and POISONED svalues are singletons + per-type and thus it's meaningless for them to "have state". */ + virtual bool can_have_associated_state_p () const { return true; } + protected: svalue (complexity c, tree type) : m_complexity (c), m_type (type) @@ -319,6 +324,9 @@ public: maybe_fold_bits_within (tree type, const bit_range &subrange, region_model_manager *mgr) const FINAL OVERRIDE; + + /* Unknown values are singletons per-type, so can't have state. */ + bool can_have_associated_state_p () const FINAL OVERRIDE { return false; } }; /* An enum describing a particular kind of "poisoned" value. */ @@ -389,6 +397,9 @@ public: enum poison_kind get_poison_kind () const { return m_kind; } + /* Poisoned svalues are singletons per-type, so can't have state. */ + bool can_have_associated_state_p () const FINAL OVERRIDE { return false; } + private: enum poison_kind m_kind; }; @@ -602,6 +613,7 @@ public: unaryop_svalue (tree type, enum tree_code op, const svalue *arg) : svalue (complexity (arg), type), m_op (op), m_arg (arg) { + gcc_assert (arg->can_have_associated_state_p ()); } enum svalue_kind get_kind () const FINAL OVERRIDE { return SK_UNARYOP; } @@ -694,6 +706,8 @@ public: type), m_op (op), m_arg0 (arg0), m_arg1 (arg1) { + gcc_assert (arg0->can_have_associated_state_p ()); + gcc_assert (arg1->can_have_associated_state_p ()); } enum svalue_kind get_kind () const FINAL OVERRIDE { return SK_BINOP; } @@ -1135,6 +1149,8 @@ public: m_point (point.get_function_point ()), m_base_sval (base_sval), m_iter_sval (iter_sval) { + gcc_assert (base_sval->can_have_associated_state_p ()); + gcc_assert (iter_sval->can_have_associated_state_p ()); } enum svalue_kind get_kind () const FINAL OVERRIDE { return SK_WIDENING; } |