From patchwork Thu Jan 6 22:49:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 1576362 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=wXaAMmXn; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JVM5810fmz9ssD for ; Fri, 7 Jan 2022 09:50:36 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 877C2385802D for ; Thu, 6 Jan 2022 22:50:33 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 877C2385802D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1641509433; bh=dsIKc8yPkSMC3BBuiYP8D837Uu02MKpOXeGKEzatp40=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=wXaAMmXn3mxm2P2cNXKyrTBsd59+uuI4jwFzAy/lMCD9QMXV4IdxNiO9kgvBEyaCu MWog96esOqAff0EO8qygD2YVLV4nMEP79Z/By6QoA55gF6slAEvINh1M8VOMFuBeOH fNuRFNNVN73CD4d1euhR0dGClH9WRvnLBzvfnWE0= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 0C8783858412 for ; Thu, 6 Jan 2022 22:49:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0C8783858412 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-427-nTkMvL--MPmSTVD3MPF4aQ-1; Thu, 06 Jan 2022 17:49:46 -0500 X-MC-Unique: nTkMvL--MPmSTVD3MPF4aQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A90D718A080F for ; Thu, 6 Jan 2022 22:49:45 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.16.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id 58ED97B9C5; Thu, 6 Jan 2022 22:49:45 +0000 (UTC) To: gcc-patches@gcc.gnu.org Subject: [committed] analyzer: make use of may_be_aliased in alias detection [PR103546] Date: Thu, 6 Jan 2022 17:49:43 -0500 Message-Id: <20220106224943.971382-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: David Malcolm via Gcc-patches From: David Malcolm Reply-To: David Malcolm Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" Whilst debugging PR analyzer/103546 (false +ve in flex-generated lexers) I noticed that the analyzer was considering that writes through symbolic pointers could be treated as clobbering static globals such as: static YY_BUFFER_STATE * yy_buffer_stack = NULL; even for such variables that never have their address taken. This patch fixes this issue at least, so that the analyzer can preserve knowledge of such globals on code paths with writes through symbolic pointers. It does not fix the false +ve in the lexer code. Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r12-6323-gd564a83d14252d7db01381f71900b7a68357803b. gcc/analyzer/ChangeLog: PR analyzer/103546 * store.cc (store::eval_alias_1): Refactor handling of decl regions, adding a test for may_be_aliased, rejecting those for which it returns false. gcc/testsuite/ChangeLog: PR analyzer/103546 * gcc.dg/analyzer/aliasing-3.c: New test. --- gcc/analyzer/store.cc | 18 ++++-- gcc/testsuite/gcc.dg/analyzer/aliasing-3.c | 75 ++++++++++++++++++++++ 2 files changed, 86 insertions(+), 7 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/aliasing-3.c diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc index 8729aa8dab6..3f91b6107a9 100644 --- a/gcc/analyzer/store.cc +++ b/gcc/analyzer/store.cc @@ -2456,13 +2456,17 @@ store::eval_alias_1 (const region *base_reg_a, = base_reg_a->dyn_cast_symbolic_region ()) { const svalue *sval_a = sym_reg_a->get_pointer (); - if (sval_a->get_kind () == SK_INITIAL) - if (tree decl_b = base_reg_b->maybe_get_decl ()) - if (!is_global_var (decl_b)) - { - /* The initial value of a pointer can't point to a local. */ - return tristate::TS_FALSE; - } + if (tree decl_b = base_reg_b->maybe_get_decl ()) + { + if (!may_be_aliased (decl_b)) + return tristate::TS_FALSE; + if (sval_a->get_kind () == SK_INITIAL) + if (!is_global_var (decl_b)) + { + /* The initial value of a pointer can't point to a local. */ + return tristate::TS_FALSE; + } + } if (sval_a->get_kind () == SK_INITIAL && base_reg_b->get_kind () == RK_HEAP_ALLOCATED) { diff --git a/gcc/testsuite/gcc.dg/analyzer/aliasing-3.c b/gcc/testsuite/gcc.dg/analyzer/aliasing-3.c new file mode 100644 index 00000000000..003077ad5c1 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/aliasing-3.c @@ -0,0 +1,75 @@ +#include "analyzer-decls.h" + +#define NULL ((void *)0) + +struct s1 +{ + int f1; +}; + +static struct s1 *p1_glob = NULL; + +void test_1 (struct s1 **pp1, struct s1 *p1_parm) +{ + struct s1 *init_p1_glob = p1_glob; + + __analyzer_eval (p1_glob == init_p1_glob); /* { dg-warning "TRUE" } */ + + if (!p1_glob) + return; + + __analyzer_eval (p1_glob == init_p1_glob); /* { dg-warning "TRUE" } */ + __analyzer_eval (p1_glob != NULL); /* { dg-warning "TRUE" } */ + + *pp1 = p1_parm; + + /* The write through *pp1 can't have changed p1_glob, because + we never take a pointer to p1_glob (and it's static to this TU). */ + __analyzer_eval (p1_glob == init_p1_glob); /* { dg-warning "TRUE" } */ + __analyzer_eval (p1_glob != NULL); /* { dg-warning "TRUE" } */ +} + +struct s2 +{ + int f1; +}; + +static struct s2 *p2_glob = NULL; + +void test_2 (struct s2 **pp2, struct s2 *p2_parm) +{ + /* Ensure that p2_glob is modified. */ + p2_glob = __builtin_malloc (sizeof (struct s2)); + if (!p2_glob) + return; + + __analyzer_eval (p2_glob != NULL); /* { dg-warning "TRUE" } */ + + *pp2 = p2_parm; + + /* The write through *pp2 can't have changed p2_glob, because + we never take a pointer to p2_glob (and it's static to this TU). */ + __analyzer_eval (p2_glob != NULL); /* { dg-warning "TRUE" } */ +} + +struct s3 +{ + int f1; +}; + +struct s3 *p3_glob = NULL; + +void test_3 (struct s3 **pp3, struct s3 *p3_parm) +{ + p3_glob = __builtin_malloc (sizeof (struct s3)); + if (!p3_glob) + return; + + __analyzer_eval (p3_glob != NULL); /* { dg-warning "TRUE" } */ + + *pp3 = p3_parm; + + /* The write through *pp3 could have changed p3_glob, because + another TU could take a pointer to p3_glob. */ + __analyzer_eval (p3_glob != NULL); /* { dg-warning "UNKNOWN" } */ +}