[pushed] analyzer: casting all zeroes should give all zeroes [PR113333]
Checks
Commit Message
In particular, accessing the result of *calloc (1, SZ) (if non-NULL)
should be known to be all zeroes.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Successful run of analyzer integration tests on x86_64-pc-linux-gnu.
Pushed to trunk as r14-7265-gd235bf2e807c5f.
gcc/analyzer/ChangeLog:
PR analyzer/113333
* region-model-manager.cc
(region_model_manager::maybe_fold_unaryop): Casting all zeroes
should give all zeroes.
gcc/testsuite/ChangeLog:
PR analyzer/113333
* c-c++-common/analyzer/calloc-1.c: Add tests.
* c-c++-common/analyzer/pr96639.c: Update expected results.
* gcc.dg/analyzer/data-model-9.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
gcc/analyzer/region-model-manager.cc | 6 ++++
.../c-c++-common/analyzer/calloc-1.c | 34 +++++++++++++++++++
gcc/testsuite/c-c++-common/analyzer/pr96639.c | 2 +-
gcc/testsuite/gcc.dg/analyzer/data-model-9.c | 6 ++--
4 files changed, 43 insertions(+), 5 deletions(-)
@@ -457,6 +457,12 @@ region_model_manager::maybe_fold_unaryop (tree type, enum tree_code op,
&& region_sval->get_type ()
&& POINTER_TYPE_P (region_sval->get_type ()))
return get_ptr_svalue (type, region_sval->get_pointee ());
+
+ /* Casting all zeroes should give all zeroes. */
+ if (type
+ && arg->all_zeroes_p ()
+ && (INTEGRAL_TYPE_P (type) || POINTER_TYPE_P (type)))
+ return get_or_create_int_cst (type, 0);
}
break;
case TRUTH_NOT_EXPR:
@@ -22,3 +22,37 @@ char *test_1 (size_t sz)
return p;
}
+
+char **
+test_pr113333_1 (void)
+{
+ char **p = (char **)calloc (1, sizeof(char *));
+ if (p)
+ {
+ __analyzer_eval (*p == 0); /* { dg-warning "TRUE" } */
+ __analyzer_eval (p[0] == 0); /* { dg-warning "TRUE" } */
+ }
+ return p;
+}
+
+char **
+test_pr113333_2 (void)
+{
+ char **p = (char **)calloc (2, sizeof(char *));
+ if (p)
+ {
+ __analyzer_eval (*p == 0); /* { dg-warning "TRUE" } */
+ __analyzer_eval (p[0] == 0); /* { dg-warning "TRUE" } */
+ __analyzer_eval (p[1] == 0); /* { dg-warning "TRUE" } */
+ }
+ return p;
+}
+
+char **
+test_pr113333_3 (void)
+{
+ char **vec = (char **)calloc (1, sizeof(char *));
+ if (vec)
+ for (char **p=vec ; *p ; p++); /* { dg-bogus "heap-based buffer over-read" } */
+ return vec;
+}
@@ -6,5 +6,5 @@ x7 (void)
int **md = (int **) calloc (1, sizeof (void *));
return md[0][0]; /* { dg-warning "possibly-NULL" "unchecked deref" } */
- /* { dg-warning "leak of 'md'" "leak" { target *-*-* } .-1 } */
+ /* { dg-warning "Wanalyzer-null-dereference" "deref of NULL" { target *-*-* } .-1 } */
}
@@ -14,8 +14,7 @@ void test_1 (void)
struct foo *f = calloc (1, sizeof (struct foo));
if (f == NULL)
return;
- __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" "desired" { xfail *-*-* } } */
- /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */
+ __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" } */
free (f);
}
@@ -27,7 +26,6 @@ void test_2 (void)
if (f == NULL)
return;
memset (f, 0, sizeof (struct foo));
- __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" "desired" { xfail *-*-* } } */
- /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */
+ __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" } */
free (f);
}