diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2022-04-14 09:52:00 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2022-04-14 18:42:34 -0400 |
| commit | a358e4b60815b41e27f3508014ceb592f86b9b45 (patch) | |
| tree | cd2325b0d8fb044595e2689284b3d83fc38b4d7b /libphobos | |
| parent | af27d545dc6132dcd67d1ee854372ea9cfd2a225 (diff) | |
| download | gcc-a358e4b60815b41e27f3508014ceb592f86b9b45.zip gcc-a358e4b60815b41e27f3508014ceb592f86b9b45.tar.gz gcc-a358e4b60815b41e27f3508014ceb592f86b9b45.tar.bz2 | |
analyzer: fix escaping of pointer arithmetic [PR105264]
PR analyzer/105264 reports that the analyzer can fail to treat
(PTR + IDX) and PTR[IDX] as referring to the same memory under
some situations.
There are various ways in which this can happen when IDX is a
symbolic value, due to having several ways in which such memory
regions can be referred to symbolically. I attempted to fix this by
being smarter when folding svalues and regions, but this fix
seems too fiddly to attempt in stage 4.
Instead, this less ambitious patch fixes a false positive from
-Wanalyzer-use-of-uninitialized-value by making the analyzer's escape
analysis smarter, so that it treats *PTR as escaping when
(PTR + OFFSET) is passed to an external function, and thus
it treats *PTR as possibly-initialized (the "passing &PTR[IDX]" case
was already working).
gcc/analyzer/ChangeLog:
PR analyzer/105264
* region-model-reachability.cc (reachable_regions::handle_parm):
Use maybe_get_deref_base_region rather than just region_svalue, to
handle pointer arithmetic also.
* svalue.cc (svalue::maybe_get_deref_base_region): New.
* svalue.h (svalue::maybe_get_deref_base_region): New decl.
gcc/testsuite/ChangeLog:
PR analyzer/105264
* gcc.dg/analyzer/torture/symbolic-10.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'libphobos')
0 files changed, 0 insertions, 0 deletions