analyzer: extract bits from integer constants [PR105783]

Fix a false positive from -Wanalyzer-null-dereference due to -fanalyzer failing to grok the value of a particular boolean field initialized to a constant. gcc/analyzer/ChangeLog: PR analyzer/105783 * region-model.cc (selftest::get_bit): New function. (selftest::test_bits_within_svalue_folding): New. (selfftest::analyzer_region_model_cc_tests): Call it. * svalue.cc (constant_svalue::maybe_fold_bits_within): Handle the case of extracting a single bit. gcc/testsuite/ChangeLog: PR analyzer/105783 * gcc.dg/analyzer/pr105783.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
author: David Malcolm <dmalcolm@redhat.com> 2022-10-07 12:41:59 -0400
committer: David Malcolm <dmalcolm@redhat.com> 2022-10-07 12:41:59 -0400
commit: f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd (patch)
tree: 5dfa5182f6242910eb9770406e78020e5cdd534b /gcc
parent: eb491ea5c10955c667ceeda76dede393c93a377b (diff)
download: gcc-f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd.zip
gcc-f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd.tar.gz
gcc-f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd.tar.bz2
3 files changed, 94 insertions, 1 deletions
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index c50f5c6..81ef41e 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -7132,6 +7132,57 @@ test_sub_svalue_folding ()
   ASSERT_EQ (sub->get_type (), TREE_TYPE (ct.m_x_field));
 }
 
+/* Get BIT within VAL as a symbolic value within MGR.  */
+
+static const svalue *
+get_bit (region_model_manager *mgr,
+	 bit_offset_t bit,
+	 unsigned HOST_WIDE_INT val)
+{
+  const svalue *inner_svalue
+    = mgr->get_or_create_int_cst (unsigned_type_node, val);
+  return mgr->get_or_create_bits_within (boolean_type_node,
+					 bit_range (bit, 1),
+					 inner_svalue);
+}
+
+/* Verify that bits_within_svalues are folded as expected.  */
+
+static void
+test_bits_within_svalue_folding ()
+{
+  region_model_manager mgr;
+
+  const svalue *zero = mgr.get_or_create_int_cst (boolean_type_node, 0);
+  const svalue *one = mgr.get_or_create_int_cst (boolean_type_node, 1);
+
+  {
+    const unsigned val = 0x0000;
+    for (unsigned bit = 0; bit < 16; bit++)
+      ASSERT_EQ (get_bit (&mgr, bit, val), zero);
+  }
+
+  {
+    const unsigned val = 0x0001;
+    ASSERT_EQ (get_bit (&mgr, 0, val), one);
+    for (unsigned bit = 1; bit < 16; bit++)
+      ASSERT_EQ (get_bit (&mgr, bit, val), zero);
+  }
+
+  {
+    const unsigned val = 0x8000;
+    for (unsigned bit = 0; bit < 15; bit++)
+      ASSERT_EQ (get_bit (&mgr, bit, val), zero);
+    ASSERT_EQ (get_bit (&mgr, 15, val), one);
+  }
+
+  {
+    const unsigned val = 0xFFFF;
+    for (unsigned bit = 0; bit < 16; bit++)
+      ASSERT_EQ (get_bit (&mgr, bit, val), one);
+  }
+}
+
 /* Test that region::descendent_of_p works as expected.  */
 
 static void
@@ -8488,6 +8539,7 @@ analyzer_region_model_cc_tests ()
   test_unaryop_svalue_folding ();
   test_binop_svalue_folding ();
   test_sub_svalue_folding ();
+  test_bits_within_svalue_folding ();
   test_descendent_of_p ();
   test_bit_range_regions ();
   test_assignment ();
diff --git a/gcc/analyzer/svalue.cc b/gcc/analyzer/svalue.cc
index 9ec46d6..a0838c0 100644
--- a/gcc/analyzer/svalue.cc
+++ b/gcc/analyzer/svalue.cc
@@ -868,7 +868,7 @@ constant_svalue::eval_condition (const constant_svalue *lhs,
 
 const svalue *
 constant_svalue::maybe_fold_bits_within (tree type,
-					 const bit_range &,
+					 const bit_range &bits,
 					 region_model_manager *mgr) const
 {
   /* Bits within an all-zero value are also all zero.  */
@@ -879,6 +879,21 @@ constant_svalue::maybe_fold_bits_within (tree type,
       else
 	return this;
     }
+
+  /* Handle the case of extracting a single bit. */
+  if (bits.m_size_in_bits == 1
+      && TREE_CODE (m_cst_expr) == INTEGER_CST
+      && type
+      && INTEGRAL_TYPE_P (type))
+    {
+      unsigned HOST_WIDE_INT bit = bits.m_start_bit_offset.to_uhwi ();
+      unsigned HOST_WIDE_INT mask = (1 << bit);
+      unsigned HOST_WIDE_INT val_as_hwi = tree_to_uhwi (m_cst_expr);
+      unsigned HOST_WIDE_INT masked_val = val_as_hwi & mask;
+      int result = masked_val ? 1 : 0;
+      return mgr->get_or_create_int_cst (type, result);
+    }
+
   /* Otherwise, don't fold.  */
   return NULL;
 }
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr105783.c b/gcc/testsuite/gcc.dg/analyzer/pr105783.c
new file mode 100644
index 0000000..00f44d0
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr105783.c
@@ -0,0 +1,26 @@
+/* { dg-additional-options "-O" } */
+
+struct ss_s {
+    union out_or_counting_u {
+    	char *newstr;
+    	unsigned long long cnt;
+    } uu;
+    _Bool counting;
+};
+
+struct ss_s ss_init(void) {
+   struct ss_s rr = { .counting = 1 };
+   return rr;
+}
+
+void ss_out(struct ss_s *t, char cc) {
+   if (!t->counting) {
+       *t->uu.newstr++ = cc;
+   }
+}
+
+int main() {
+    struct ss_s ss = ss_init();
+    ss_out(&ss, 'a');
+}
+
author	David Malcolm <dmalcolm@redhat.com>	2022-10-07 12:41:59 -0400
committer	David Malcolm <dmalcolm@redhat.com>	2022-10-07 12:41:59 -0400
commit	f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd (patch)
tree	5dfa5182f6242910eb9770406e78020e5cdd534b /gcc
parent	eb491ea5c10955c667ceeda76dede393c93a377b (diff)
download	gcc-f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd.zip gcc-f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd.tar.gz gcc-f09b99550a3c6cd16f5e9150ebd4b1d87033dcbd.tar.bz2