From patchwork Thu Feb  9 22:15:30 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Malcolm <dmalcolm@redhat.com>
X-Patchwork-Id: 55110
Return-Path: <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp604273wrn;
        Thu, 9 Feb 2023 14:16:19 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set+UopVPlnxM/zmnDBhLk4SSMugJ3ZpbjWfR63IJ2rigQ59pYhEOfMjVghLgOXrFzgWEajJd
X-Received: by 2002:a17:906:a194:b0:877:a7ec:5ff with SMTP id
 s20-20020a170906a19400b00877a7ec05ffmr13751739ejy.10.1675980979516;
        Thu, 09 Feb 2023 14:16:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1675980979; cv=none;
        d=google.com; s=arc-20160816;
        b=sxqITlDzVe7vezciiB0cOY1AzMzs6VSRCyYiAKtLKxNF0Vs/EZwKBglo5SxZx09CoQ
         EqHxgk00cGwEHkFzRpsNgtK4BnPSRcpJJoEvluyrlrMQn75HHl+x8ohgc6rRX9u1K57L
         arMFxk97ViM4ckDyD7Qc2e5boAK84sAZ/5zoPqk7IrPXfzrnlAe8Pk1IhiEW5fahiki6
         n3gA4+nl+CYxDOuSSDy6dusN+4sM8wv+6egEDmECCSubpYa9Sbvkv5AcIR1zQRsJntB4
         K3BF8ZDLEpIMoZKz0sDaijWTk5dZZFhaiUnTteHtkLL9u6+0Z+IEGVRvLIu2amuU4GWW
         aCxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence
         :content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:dmarc-filter:delivered-to:dkim-signature:dkim-filter;
        bh=vHTldEcT8XBSgY4dSm27bzIVRKF1Zt4vbyIP6dxq6LQ=;
        b=YFBqROnUm9y9oCXXhIYKMfHCT08hOUrCLkk5wjMAVMfL9X5g+xc2mAXHH80jn7vqkY
         XH4wIKCHYxzEHfguQg+EGF97FBJZO4LXwSz0MH+0ackOPqO37PtCafAtKXNa+zzwBXqC
         XJpsJBE3cUAOfG8dACYZl+kt70R8SntA5N2VSUdxegePf5wW9Mf9H3PSb5aH31PnLzsb
         KCRWMMovLcDFE5jptQpcUWmq1JyeOjQk06wzhRms9vuLmjSXV/3f2G/k44vtKm8Qn5eo
         fmAvx9Hp2vHeJCzPtaI4VtDWUMeTmotO2zDXDB53EkQuUBjBbVTP22OsJP81VmwIAmLA
         7Smg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gcc.gnu.org header.s=default header.b="b7/BJFs+";
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org
Received: from sourceware.org (server2.sourceware.org. [8.43.85.97])
        by mx.google.com with ESMTPS id
 u16-20020a170906109000b008845c668412si3871640eju.189.2023.02.09.14.16.19
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Feb 2023 14:16:19 -0800 (PST)
Received-SPF: pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gcc.gnu.org header.s=default header.b="b7/BJFs+";
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 859193858C74
	for <ouuuleilei@gmail.com>; Thu,  9 Feb 2023 22:16:18 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 859193858C74
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1675980978;
	bh=vHTldEcT8XBSgY4dSm27bzIVRKF1Zt4vbyIP6dxq6LQ=;
	h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From:Reply-To:From;
	b=b7/BJFs++t49pJKUAgLQ0BuXxR0OdXNcfTFB0XLJPw7kCDrzqczHosqTRQppqoQaw
	 PCN7DYbVBMRllAJ0WZh+4wyx3RpepOwETeaF2f0szKHu2dNDGQrLm4u8hBkhtoEDGo
	 tQoPHOPmp5y8ic+rj87l93cQp2ZFahL1jO+odL/U=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTPS id 385F73858C5F
 for <gcc-patches@gcc.gnu.org>; Thu,  9 Feb 2023 22:15:34 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 385F73858C5F
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-488-i7-_bummMT2tH77AH5DnQQ-1; Thu, 09 Feb 2023 17:15:32 -0500
X-MC-Unique: i7-_bummMT2tH77AH5DnQQ-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 572C629A9D36
 for <gcc-patches@gcc.gnu.org>; Thu,  9 Feb 2023 22:15:32 +0000 (UTC)
Received: from t14s.localdomain.com (unknown [10.2.16.227])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 3401A140EBF6;
 Thu,  9 Feb 2023 22:15:32 +0000 (UTC)
To: gcc-patches@gcc.gnu.org
Cc: David Malcolm <dmalcolm@redhat.com>
Subject: [pushed] analyzer: fix further overzealous state purging [PR108733]
Date: Thu,  9 Feb 2023 17:15:30 -0500
Message-Id: <20230209221530.1349166-1-dmalcolm@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: David Malcolm via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: David Malcolm <dmalcolm@redhat.com>
Reply-To: David Malcolm <dmalcolm@redhat.com>
Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org
Sender: "Gcc-patches" <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1757393431542745532?=
X-GMAIL-MSGID: =?utf-8?q?1757393431542745532?=

PR analyzer/108733 reports various false positives in qemu from
-Wanalyzer-use-of-uninitialized-value with __attribute__((cleanup))
at -O1 and above.

Root cause is that the state-purging code was failing to treat:
   _25 = MEM[(void * *)&val];
as a usage of "val", leading to it erroneously purging the
initialization of "val" along an execution path that didn't otherwise
use "val", apart from the  __attribute__((cleanup)).

Fixed thusly.

Integration testing on the patch show this change in the number of
diagnostics:
  -Wanalyzer-use-of-uninitialized-value
       coreutils-9.1: 18 -> 16 (-2)
          qemu-7.2.0: 87 -> 80 (-7)
where all that I investigated appear to have been false positives, hence
an improvement.

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r13-5762-g125b57aa674003.

gcc/analyzer/ChangeLog:
	PR analyzer/108733
	* state-purge.cc (get_candidate_for_purging): Add ADDR_EXPR
	and MEM_REF.

gcc/testsuite/ChangeLog:
	PR analyzer/108733
	* gcc.dg/analyzer/torture/uninit-pr108733.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/state-purge.cc                   |  2 +
 .../gcc.dg/analyzer/torture/uninit-pr108733.c | 65 +++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/uninit-pr108733.c

diff --git a/gcc/analyzer/state-purge.cc b/gcc/analyzer/state-purge.cc
index 5f2d1f7fefa..3a73146d928 100644
--- a/gcc/analyzer/state-purge.cc
+++ b/gcc/analyzer/state-purge.cc
@@ -63,6 +63,8 @@ get_candidate_for_purging (tree node)
       default:
 	return NULL_TREE;
 
+      case ADDR_EXPR:
+      case MEM_REF:
       case COMPONENT_REF:
 	iter = TREE_OPERAND (iter, 0);
 	continue;
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/uninit-pr108733.c b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-pr108733.c
new file mode 100644
index 00000000000..9e684bf4f09
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/uninit-pr108733.c
@@ -0,0 +1,65 @@
+#define NULL ((void*)0)
+
+typedef unsigned char __uint8_t;
+typedef __uint8_t uint8_t;
+typedef char gchar;
+typedef void* gpointer;
+
+extern void g_free(gpointer mem);
+extern gchar* g_strdup(const gchar* str) __attribute__((__malloc__));
+
+static inline void
+g_autoptr_cleanup_generic_gfree(void* p)
+{
+  void** pp = (void**)p;
+  g_free(*pp); /* { dg-bogus "use of uninitialized value" } */
+}
+
+typedef struct Object Object;
+
+void
+error_setg_internal(const char* fmt,
+		    ...) __attribute__((__format__(gnu_printf, 1, 2)));
+void
+visit_type_str(const char* name, char** obj);
+typedef struct SpaprMachineState SpaprMachineState;
+
+extern uint8_t
+spapr_get_cap(SpaprMachineState* spapr, int cap);
+
+typedef struct SpaprCapPossible
+{
+  int num;
+  /* [...snip...] */
+  const char* vals[];
+} SpaprCapPossible;
+
+typedef struct SpaprCapabilityInfo
+{
+  const char* name;
+  /* [...snip...] */
+  int index;
+  /* [...snip...] */
+  SpaprCapPossible* possible;
+  /* [...snip...] */
+} SpaprCapabilityInfo;
+
+void
+spapr_cap_get_string(SpaprMachineState* spapr,
+		     const char* name,
+		     SpaprCapabilityInfo* cap)
+{
+  __attribute__((cleanup(g_autoptr_cleanup_generic_gfree))) char* val = NULL;
+  uint8_t value = spapr_get_cap(spapr, cap->index);
+
+  if (value >= cap->possible->num) {
+    error_setg_internal("Invalid value (%d) for cap-%s",
+			value,
+			cap->name);
+    return;
+  }
+
+  val = g_strdup(cap->possible->vals[value]);
+
+  visit_type_str(name, &val);
+}