From patchwork Fri Feb 10 23:16:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 55626 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1226041wrn; Fri, 10 Feb 2023 15:16:54 -0800 (PST) X-Google-Smtp-Source: AK7set+W0mzaHee95+i0dFRJQvw69CpK7ndoCnoiDIRbdy4brREbdQf2q+nFHvJ4aFwIE0bP/+dq X-Received: by 2002:a17:907:1c92:b0:8af:4684:91cf with SMTP id nb18-20020a1709071c9200b008af468491cfmr4809056ejc.32.1676071014812; Fri, 10 Feb 2023 15:16:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676071014; cv=none; d=google.com; s=arc-20160816; b=WpR1jymwfviplEOhEWWa9rlgOMSOKYLWTsJC50FflmQjSY/I2nZIOoh3MUWB7I3tB5 KeIiUHFAqH7cAdp22WCtmHSAAyMR5ruM3q1TyD+3Ai3YVT1IRKJoMWsj57hdCrd1MZDM Zq6wvbPqV33BAjQZS/WSjHgbCqBKJnqrlMhYvvlW1Yrv5EwFrCj2j3ZPmYepwZEIcaD0 1U4uGNw146hlirowgR0V2BZtun4yHj3Gvy0rJmX99tbKAfegwyx0fj9Lt90/OxkPbSvV H7j28gqABOuJfSLB/X9VD2q996ANecXoyp5LqDUyQwRphdcONF9OypDwMHOSSQbshwRg tlew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:message-id:date:subject:cc :to:dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=CWGn6RubX8zclYE1d7DlSBIqTSMMZK9PovHMzPvrp1Q=; b=tmV5Kl/RU22bs8qiTixvNdGcwGnKtLU/VPC+iu8S4CaIu7HUNuNFCSNRYnI3nXPKe+ xT5MaO3SC+ObhaIlEJDT6CyWzf4CNZAQ9CM048KCtAjSb2UEPT5X7XLur9NkzStMm0ay Y7YlouVWfbGDw0JCDh+zEjk5PKMoh+hCvrlf5JdAD9o3iObrUWByM1bo7IGcjxFcrQ4s B5NUlw8dK1WbgPqhzJGhfpJbCrqHIuhuGt8aYc89/axqu1yeK+6YE0fd/EjjZ1yDF/X0 YQ6/hztO23fWTalHv+WceWd77HZJXm1PlkohliNK7clyHB+B5TmF8NOPzIVW/DMMu4Vw WXpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=Ts0hghV+; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id uo38-20020a170907cc2600b0089094eae192si6355354ejc.765.2023.02.10.15.16.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Feb 2023 15:16:54 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=Ts0hghV+; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id D1BBC3858000 for ; Fri, 10 Feb 2023 23:16:53 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D1BBC3858000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1676071013; bh=CWGn6RubX8zclYE1d7DlSBIqTSMMZK9PovHMzPvrp1Q=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=Ts0hghV+ol0UUXQzNNJTgml6llIyNkEPU1CvIpUYC7pvJsQnCCuwl1lCtF5pplm7j +J2VCHvFUCzTcGcvD1HVmowpwdkppyJX/p+p9odrdLNaSQAjInXVswrOwSQun2frjQ i8esyA+f2+xnwFkG0l/FQ9Rqc2qggui6/x5MPBLg= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 7FAD63858409 for ; Fri, 10 Feb 2023 23:16:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7FAD63858409 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-562-8Lep0jQdOKCi0oG5T_hAkQ-1; Fri, 10 Feb 2023 18:16:07 -0500 X-MC-Unique: 8Lep0jQdOKCi0oG5T_hAkQ-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DE1518432D0 for ; Fri, 10 Feb 2023 23:16:06 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.16.227]) by smtp.corp.redhat.com (Postfix) with ESMTP id BA201492B01; Fri, 10 Feb 2023 23:16:06 +0000 (UTC) To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [pushed] analyzer: don't warn for deref-before-check for checks in macros [PR108745] Date: Fri, 10 Feb 2023 18:16:05 -0500 Message-Id: <20230210231605.1406181-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: David Malcolm via Gcc-patches From: David Malcolm Reply-To: David Malcolm Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757487840482025456?= X-GMAIL-MSGID: =?utf-8?q?1757487840482025456?= Integration testing shows this patch fixes all 9 known false positives from -Wanalyzer-deref-before-check within ImageMagick-7.1.0-57, and eliminates 34 further as-yet unassessed such diagnostics, without eliminating the 1 known true positive. This improves the rate of true positives for the warning from 1.56% to 4.76% of the total: -Wanalyzer-deref-before-check: 1.56% -> 4.76% (GOOD: 1 BAD: 63->20) TRUE: 1 FALSE: 15 -> 6 (-9) ImageMagick-7.1.0-57: 9 -> 0 (-9) TODO: 48 -> 14 (-34) ImageMagick-7.1.0-57: 21 -> 1 (-20) qemu-7.2.0: 25 -> 11 (-14) Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-5811-gaa601e30758581. gcc/analyzer/ChangeLog: PR analyzer/108745 * sm-malloc.cc (deref_before_check::emit): Reject the warning if the check occurs within a macro defintion. gcc/testsuite/ChangeLog: PR analyzer/108745 * gcc.dg/analyzer/deref-before-check-macro-pr108745.c: New test. * gcc.dg/analyzer/deref-before-check-macro.c: New test. Signed-off-by: David Malcolm --- gcc/analyzer/sm-malloc.cc | 37 +++++++++++++ .../deref-before-check-macro-pr108745.c | 54 +++++++++++++++++++ .../analyzer/deref-before-check-macro.c | 25 +++++++++ 3 files changed, 116 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/analyzer/deref-before-check-macro-pr108745.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/deref-before-check-macro.c diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc index 9aee810f818..c24fe737481 100644 --- a/gcc/analyzer/sm-malloc.cc +++ b/gcc/analyzer/sm-malloc.cc @@ -1519,6 +1519,43 @@ public: != &m_check_enode->get_point ().get_call_string ()) return false; + /* Reject the warning if the check occurs within a macro defintion. + This avoids false positives for such code as: + + #define throw_error \ + do { \ + if (p) \ + cleanup (p); \ + return; \ + } while (0) + + if (p->idx >= n) + throw_error (); + + where the usage of "throw_error" implicitly adds a check + on 'p'. + + We do warn when the check is in a macro expansion if we can get + at the location of the condition and it is't part of the + definition, so that we warn for checks such as: + if (words[0][0] == '@') + return; + g_assert(words[0] != NULL); <--- here + Unfortunately we don't have locations for individual gimple + arguments, so in: + g_assert (ptr); + we merely have a gimple_cond + if (p_2(D) == 0B) + with no way of getting at the location of the condition separately + from that of the gimple_cond (where the "if" is within the macro + definition). We reject the warning for such cases. + + We do warn when the *deref* occurs in a macro, since this can be + a source of real bugs; see e.g. PR 77425. */ + location_t check_loc = m_check_enode->get_point ().get_location (); + if (linemap_location_from_macro_definition_p (line_table, check_loc)) + return false; + /* Reject the warning if the deref's BB doesn't dominate that of the check, so that we don't warn e.g. for shared cleanup code that checks a pointer for NULL, when that code is sometimes diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-macro-pr108745.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-macro-pr108745.c new file mode 100644 index 00000000000..92f5a02645d --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-macro-pr108745.c @@ -0,0 +1,54 @@ +/* Reduced from ImageMagick-7.1.0-57. */ + +#define NULL ((void *)0) + +typedef __builtin_va_list va_list; +typedef __SIZE_TYPE__ size_t; + +typedef struct _ExceptionInfo ExceptionInfo; + +void +ThrowMagickException(ExceptionInfo*, + const char*, + const char*, + ...) __attribute__((__format__(__printf__, 3, 4))); + +typedef struct _Image +{ + /* [...snip...] */ + size_t columns, rows, depth, colors; + /* [...snip...] */ +} Image; + +typedef struct _ImageInfo +{ + /* [...snip...] */ + char filename[4096]; + /* [...snip...] */ +} ImageInfo; + +extern Image *AcquireImage(const ImageInfo*, ExceptionInfo*); +extern void CloseBlob(Image*); +extern Image *DestroyImageList(Image*); + +#define ThrowReaderException(tag) \ +{ \ + (void) ThrowMagickException(exception, tag, \ + "`%s'",image_info->filename); \ + if ((image) != (Image *) NULL) \ + { \ + (void) CloseBlob(image); \ + image=DestroyImageList(image); \ + } \ + return((Image *) NULL); \ +} + +Image* +ReadMAPImage(const ImageInfo* image_info, ExceptionInfo* exception) +{ + Image* image; + image = AcquireImage(image_info, exception); + if ((image->columns == 0) || (image->rows == 0)) + ThrowReaderException("MustSpecifyImageSize"); + return image; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-macro.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-macro.c new file mode 100644 index 00000000000..5146129772f --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-macro.c @@ -0,0 +1,25 @@ +#define NULL ((void*)0) + +#define MY_ASSERT(COND) \ + do { \ + if (!(COND)) { __builtin_abort(); } \ + } while (0) + +int test_1 (int *p) +{ + int result = *p; + MY_ASSERT (p); /* { dg-warning "check of 'p' for NULL after already dereferencing it" "" { xfail *-*-* } } */ + /* Due to lack of locations for gimple arguments we can't get + at the location of the condition separately from the + gimple_cond stmt, and thus can't distinguish if it's in the + macro definition or in the supplied params; we defer to + rejecting the diagnostic. */ + return result; +} + +int test_2 (int *p) +{ + int result = *p; + MY_ASSERT (p != NULL); /* { dg-warning "check of 'p' for NULL after already dereferencing it" "" { xfail *-*-* } } */ + return result; +}