analyzer: fix missing check for uninit of return values

When moving the -fanalyzer tests for -ftrivial-auto-var-init to the "torture" subdirectory of gcc.dg/analyzer I noticed that -fanalyzer wasn't always properly checking for initialization of return values. The issue was that some "return" handling was using region_model::copy_region to copy to the RESULT_DECL, and copy_region wasn't checking for poisoned svalues. This patch eliminates region_model::copy_region in favor of simply doing a get_ravlue/set_value pair, fixing the issue. gcc/analyzer/ChangeLog: * region-model.cc (region_model::on_return): Replace usage of copy_region with get_rvalue/set_value pair. (region_model::pop_frame): Likewise. (selftest::test_compound_assignment): Likewise. * region-model.h (region_model::copy_region): Delete decl. * region.cc (region_model::copy_region): Delete. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/torture/ubsan-1.c: Add missing return stmts. * gcc.dg/analyzer/uninit-trivial-auto-var-init-pattern.c: Move to... * gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-pattern.c: ...here. * gcc.dg/analyzer/uninit-trivial-auto-var-init-uninitialized.c: Move to... * gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-uninitialized.c: ...here. * gcc.dg/analyzer/uninit-trivial-auto-var-init-zero.c: Move to... * gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-zero.c: ...here. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
author: David Malcolm <dmalcolm@redhat.com> 2022-01-28 13:37:51 -0500
committer: David Malcolm <dmalcolm@redhat.com> 2022-02-02 09:55:29 -0500
commit: 13ad6d9f50e3f197246b460c4d9a9e80ba2559cf (patch)
tree: 5e0440468c2de0836d9963f6b68da0d59565a2c6 /gcc
parent: ea3e1915954371d8230fda44ce6821928f04f80e (diff)
download: gcc-13ad6d9f50e3f197246b460c4d9a9e80ba2559cf.zip
gcc-13ad6d9f50e3f197246b460c4d9a9e80ba2559cf.tar.gz
gcc-13ad6d9f50e3f197246b460c4d9a9e80ba2559cf.tar.bz2
10 files changed, 43 insertions, 48 deletions
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 58c7028..6e7a21d 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1559,7 +1559,11 @@ region_model::on_return (const greturn *return_stmt, region_model_context *ctxt)
   tree rhs = gimple_return_retval (return_stmt);
 
   if (lhs && rhs)
-    copy_region (get_lvalue (lhs, ctxt), get_lvalue (rhs, ctxt), ctxt);
+    {
+      const svalue *sval = get_rvalue (rhs, ctxt);
+      const region *ret_reg = get_lvalue (lhs, ctxt);
+      set_value (ret_reg, sval, ctxt);
+    }
 }
 
 /* Update this model for a call and return of setjmp/sigsetjmp at CALL within
@@ -3618,15 +3622,11 @@ region_model::pop_frame (const region *result_dst_reg,
   tree result = DECL_RESULT (fndecl);
   if (result && TREE_TYPE (result) != void_type_node)
     {
+      const svalue *retval = get_rvalue (result, ctxt);
       if (result_dst_reg)
-	{
-	  /* Copy the result to RESULT_DST_REG.  */
-	  copy_region (result_dst_reg,
-		       get_lvalue (result, ctxt),
-		       ctxt);
-	}
+	set_value (result_dst_reg, retval, ctxt);
       if (out_result)
-	*out_result = get_rvalue (result, ctxt);
+	*out_result = retval;
     }
 
   /* Pop the frame.  */
@@ -4758,8 +4758,9 @@ test_compound_assignment ()
   model.set_value (c_y, int_m3, NULL);
 
   /* Copy c to d.  */
-  model.copy_region (model.get_lvalue (d, NULL), model.get_lvalue (c, NULL),
-		     NULL);
+  const svalue *sval = model.get_rvalue (c, NULL);
+  model.set_value (model.get_lvalue (d, NULL), sval, NULL);
+
   /* Check that the fields have the same svalues.  */
   ASSERT_EQ (model.get_rvalue (c_x, NULL), model.get_rvalue (d_x, NULL));
   ASSERT_EQ (model.get_rvalue (c_y, NULL), model.get_rvalue (d_y, NULL));
diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h
index 3fa090d..46cf37e 100644
--- a/gcc/analyzer/region-model.h
+++ b/gcc/analyzer/region-model.h
@@ -676,8 +676,6 @@ class region_model
   void zero_fill_region (const region *reg);
   void mark_region_as_unknown (const region *reg, uncertainty_t *uncertainty);
 
-  void copy_region (const region *dst_reg, const region *src_reg,
-		    region_model_context *ctxt);
   tristate eval_condition (const svalue *lhs,
 			   enum tree_code op,
 			   const svalue *rhs) const;
diff --git a/gcc/analyzer/region.cc b/gcc/analyzer/region.cc
index 77554b8..0adc75e 100644
--- a/gcc/analyzer/region.cc
+++ b/gcc/analyzer/region.cc
@@ -539,21 +539,6 @@ region::get_relative_concrete_offset (bit_offset_t *) const
   return false;
 }
 
-/* Copy from SRC_REG to DST_REG, using CTXT for any issues that occur.  */
-
-void
-region_model::copy_region (const region *dst_reg, const region *src_reg,
-			   region_model_context *ctxt)
-{
-  gcc_assert (dst_reg);
-  gcc_assert (src_reg);
-  if (dst_reg == src_reg)
-    return;
-
-  const svalue *sval = get_store_value (src_reg, ctxt);
-  set_value (dst_reg, sval, ctxt);
-}
-
 /* Dump a description of this region to stderr.  */
 
 DEBUG_FUNCTION void
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c b/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c
index b9f34f1..2e1e6a0 100644
--- a/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c
@@ -19,6 +19,7 @@ int test_2 (int *arr, int i, int n)
     __analyzer_eval (arr[i]); /* { dg-warning "TRUE" } */
   else
     __analyzer_eval (arr[i]); /* { dg-warning "FALSE" } */
+  return 1;
 }
 
 int test_3 (int arr[], int i, int n)
@@ -29,6 +30,7 @@ int test_3 (int arr[], int i, int n)
     __analyzer_eval (arr[i]); /* { dg-warning "TRUE" } */
   else
     __analyzer_eval (arr[i]); /* { dg-warning "FALSE" } */
+  return 1;
 }
 
 void test_4 (int i, int n)
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-pattern.c b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-pattern.c
new file mode 100644
index 0000000..2445ee5
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-pattern.c
@@ -0,0 +1,10 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+/* { dg-additional-options "-ftrivial-auto-var-init=pattern" } */
+
+int test_1 (void)
+{
+  int i; /* { dg-message "region created on stack here" } */
+  return i; /* { dg-warning "use of uninitialized value 'i.*'" } */
+  /* FIXME: the LTO build sometimes shows SSA names here
+     (PR analyzer/94976).  */
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-uninitialized.c b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-uninitialized.c
new file mode 100644
index 0000000..7c4dd27
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-uninitialized.c
@@ -0,0 +1,10 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+/* { dg-additional-options "-ftrivial-auto-var-init=uninitialized" } */
+
+int test_1 (void)
+{
+  int i; /* { dg-message "region created on stack here" } */
+  return i; /* { dg-warning "use of uninitialized value 'i.*'" } */
+  /* FIXME: the LTO build sometimes shows SSA names here
+     (PR analyzer/94976).  */
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-zero.c b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-zero.c
new file mode 100644
index 0000000..6486d25
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-trivial-auto-var-init-zero.c
@@ -0,0 +1,10 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+/* { dg-additional-options "-ftrivial-auto-var-init=zero" } */
+
+int test_1 (void)
+{
+  int i; /* { dg-message "region created on stack here" } */
+  return i; /* { dg-warning "use of uninitialized value 'i.*'" } */
+  /* FIXME: the LTO build sometimes shows SSA names here
+     (PR analyzer/94976).  */
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-pattern.c b/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-pattern.c
deleted file mode 100644
index 0b78dc6..0000000
--- a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-pattern.c
+++ /dev/null
@@ -1,7 +0,0 @@
-/* { dg-additional-options "-ftrivial-auto-var-init=pattern" } */
-
-int test_1 (void)
-{
-  int i; /* { dg-message "region created on stack here" } */
-  return i; /* { dg-warning "use of uninitialized value 'i'" } */
-}
diff --git a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-uninitialized.c b/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-uninitialized.c
deleted file mode 100644
index 124d3a3..0000000
--- a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-uninitialized.c
+++ /dev/null
@@ -1,7 +0,0 @@
-/* { dg-additional-options "-ftrivial-auto-var-init=uninitialized" } */
-
-int test_1 (void)
-{
-  int i; /* { dg-message "region created on stack here" } */
-  return i; /* { dg-warning "use of uninitialized value 'i'" } */
-}
diff --git a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-zero.c b/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-zero.c
deleted file mode 100644
index ef7dc67..0000000
--- a/gcc/testsuite/gcc.dg/analyzer/uninit-trivial-auto-var-init-zero.c
+++ /dev/null
@@ -1,7 +0,0 @@
-/* { dg-additional-options "-ftrivial-auto-var-init=zero" } */
-
-int test_1 (void)
-{
-  int i; /* { dg-message "region created on stack here" } */
-  return i; /* { dg-warning "use of uninitialized value 'i'" } */
-}
author	David Malcolm <dmalcolm@redhat.com>	2022-01-28 13:37:51 -0500
committer	David Malcolm <dmalcolm@redhat.com>	2022-02-02 09:55:29 -0500
commit	13ad6d9f50e3f197246b460c4d9a9e80ba2559cf (patch)
tree	5e0440468c2de0836d9963f6b68da0d59565a2c6 /gcc
parent	ea3e1915954371d8230fda44ce6821928f04f80e (diff)
download	gcc-13ad6d9f50e3f197246b460c4d9a9e80ba2559cf.zip gcc-13ad6d9f50e3f197246b460c4d9a9e80ba2559cf.tar.gz gcc-13ad6d9f50e3f197246b460c4d9a9e80ba2559cf.tar.bz2