diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2020-08-22 06:30:17 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2020-08-22 11:08:46 -0400 |
| commit | df2b78d407a3fe8685343f7249b9c31c7e3af44d (patch) | |
| tree | 0cb9979014e69b118419c684cfe9f1e1dcf12fe7 /gcc/tree-vectorizer.h | |
| parent | c199723d7ed0032db095abc75b82a9710eaa5e56 (diff) | |
| download | gcc-df2b78d407a3fe8685343f7249b9c31c7e3af44d.zip gcc-df2b78d407a3fe8685343f7249b9c31c7e3af44d.tar.gz gcc-df2b78d407a3fe8685343f7249b9c31c7e3af44d.tar.bz2 | |
analyzer: fix NULL deref false positives [PR94851]
PR analyzer/94851 reports various false "NULL dereference" diagnostics.
The first case (comment #1) affects GCC 10.2 but no longer affects
trunk; I believe it was fixed by the state rewrite of
r11-2694-g808f4dfeb3a95f50f15e71148e5c1067f90a126d.
The patch adds a regression test for this case.
The other cases (comment #3 and comment #4) still affect trunk.
In both cases, the && in a conditional is optimized to bitwise &
_1 = p_4 != 0B;
_2 = p_4 != q_6(D);
_3 = _1 & _2;
and the analyzer fails to fold this for the case where one (or both) of
the conditionals is false, and thus erroneously considers the path where
"p" is non-NULL despite being passed a NULL value.
Fix this by implementing folding for this case.
gcc/analyzer/ChangeLog:
PR analyzer/94851
* region-model-manager.cc
(region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
gcc/testsuite/ChangeLog:
PR analyzer/94851
* gcc.dg/analyzer/pr94851-1.c: New test.
* gcc.dg/analyzer/pr94851-3.c: New test.
* gcc.dg/analyzer/pr94851-4.c: New test.
Diffstat (limited to 'gcc/tree-vectorizer.h')
0 files changed, 0 insertions, 0 deletions