diff options
author | David Malcolm <dmalcolm@redhat.com> | 2021-03-29 16:13:32 -0400 |
---|---|---|
committer | David Malcolm <dmalcolm@redhat.com> | 2021-03-31 19:16:48 -0400 |
commit | e4bb1bd60a9fd1bed36092a990aa5fed5d45bfa6 (patch) | |
tree | aa5dbd79a180cc2509761705283b40f5a10c2b41 /gcc/testsuite/gcc.dg/analyzer/malloc-ipa-13a.c | |
parent | e7fd3b783238d034018443e43a58ff87908b4db6 (diff) |
analyzer: avoid printing '<unknown>' for SSA names [PR99771]
We don't want to print '<unknown>' in our diagnostics, but
PR analyzer/99771 lists various cases where -fanalyzer does, due to
using the SSA_NAME for a temporary when determining the best tree to
use.
This can happen in two ways:
(a) ...when a better expression than the SSA_NAME could be built, but
finding it requires traversing the relationships in the region_model
in a graph-like way, rather than by considering individual svalues and
regions.
(b) ...when the only remaining user of the underlying svalue is the
SSA_NAME, typically due to the diagnostic referring to a temporary.
I've been experimenting with fixing (a), but don't have a good fix yet.
In the meantime, this patch addresses (b) by detecting if we have
the SSA_NAME for a temporary, and, for the cases where it's possible,
reconstructing a tree by walking the def-stmts. This fixes various
cases of (b) and ameliorates some cases of (a).
gcc/analyzer/ChangeLog:
PR analyzer/99771
* analyzer.cc (maybe_reconstruct_from_def_stmt): New.
(fixup_tree_for_diagnostic_1): New.
(fixup_tree_for_diagnostic): New.
* analyzer.h (fixup_tree_for_diagnostic): New decl.
* checker-path.cc (call_event::get_desc): Call
fixup_tree_for_diagnostic and use it for the call_with_state call.
(warning_event::get_desc): Likewise for the final_event and
make_label_text calls.
* engine.cc (impl_region_model_context::on_state_leak): Likewise
for the on_leak and add_diagnostic calls.
* region-model.cc (region_model::get_representative_tree):
Likewise for the result.
gcc/testsuite/ChangeLog:
PR analyzer/99771
* gcc.dg/analyzer/data-model-10.c: Update expected output.
* gcc.dg/analyzer/malloc-ipa-13.c: Likewise.
* gcc.dg/analyzer/malloc-ipa-13a.c: New test.
* gcc.dg/analyzer/pr99771-1.c: New test.
Diffstat (limited to 'gcc/testsuite/gcc.dg/analyzer/malloc-ipa-13a.c')
-rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/malloc-ipa-13a.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-13a.c b/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-13a.c new file mode 100644 index 00000000000..d74ef59c7cf --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-13a.c @@ -0,0 +1,38 @@ +/* { dg-additional-options "-fanalyzer-verbosity=1" } */ + +#include <stdlib.h> + +void +calls_free (void *victim) +{ + free (victim); /* { dg-warning "double-'free' of 'victim'" } */ +} + +extern void do_stuff (void); + +struct foo +{ + void *m_p; +}; + +static void * __attribute__((noinline)) +test_a (struct foo f) +{ + do_stuff (); + + calls_free (f.m_p); + + do_stuff (); + + return f.m_p; +} + +void test_b (void *p) +{ + void *q; + struct foo f; + f.m_p = p; + q = test_a (f); + calls_free (q); /* { dg-message "passing freed pointer 'q' in call to 'calls_free' from 'test_b'" } */ + do_stuff (); +} |