From patchwork Thu Nov 3 14:24:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 14919 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp565553wru; Thu, 3 Nov 2022 07:25:28 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4G+4ufz3u+ewLgYEsPM74hOUchFHolrS2iG1inMlDO/hEK8b3fdL41trtEmF464g1+QsQA X-Received: by 2002:a17:906:8a57:b0:7ad:69fb:3a with SMTP id gx23-20020a1709068a5700b007ad69fb003amr29034191ejc.179.1667485528002; Thu, 03 Nov 2022 07:25:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667485527; cv=none; d=google.com; s=arc-20160816; b=V9b0onNEPzDQWnoBceyxQQfPLWwchJxtLWJmZHO89jwDY9MNTF/2L4O5QO/LYVgv5c PjXBBhFu+Xl4wiOjp9ExQWo+hB5jZgREWqCEe8rpLCMRt63IP4HX3CzgWXimcLwsTZ4/ Cv/DVIxbRurLR8dokSe9D0yP03nHq8RgOjtleXOuLRdQLzKFwiPUMzVBXDVr2mGLNtFX z/0emzvCB3VCZMwlrOMb17Ta8B14ZIF1whZSM2EXA0AbaNS5lX1TU3GzTugN5vE51iLp jPG/61wRYr39dPEWPCNo42ZcnfA45EcGPIsYOvcvisGIKuiNK+CQwvNMpSPvCF2D98ot I5nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:message-id:date:subject:to :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=rNHarY/dWYPrRZJhSsyg1zsbBTm4UEXbzfrehcxpLUM=; b=ZKTw1fjKOXrsKCZZUcyTWa4tba7dIDiXPxqIgPFzqfTTvZIy7n6NK0BCNJLLOLwHGf sQ8gwQ5eYfTDPQqDA3yv57jtalEjbGoFj/YsqUj9sALWk7z9UQzfi1YOtCpjL7Kjoq74 u1+BZbYltt8juS5jsb0pfKz3aTpmHDbrn/m0Ua7YZ14BOFR4WTqHS5aYg7WZhp1qHGD3 /XnOwoSW+taQ/Fuk2exUXk7IUAN2arCPtxT5RJ/8sAMUefyDr4zYIG5P06cSivU6b9AB 3ANQIx6EK5L2CUxoNjSe0tprKJeyQ6XbLfF7oFLYeYnzBHtYI50ZjagC7L6ol8fFrgjb tfyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=tMlvJU6f; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id dt3-20020a170907728300b00782035a06b4si1733899ejc.200.2022.11.03.07.25.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Nov 2022 07:25:27 -0700 (PDT) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=tMlvJU6f; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id EF9CA3858C50 for ; Thu, 3 Nov 2022 14:25:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EF9CA3858C50 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1667485527; bh=rNHarY/dWYPrRZJhSsyg1zsbBTm4UEXbzfrehcxpLUM=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=tMlvJU6fKbEM6AnA6pJGzXprdVFS+YoRkE5QhPb+Y3N7vYhNJ+KWBM2uMk0m6vwYs 5qMtU2TxhMgvW91hdQ6s47SH/zAuiFNe53bFYL5d4oGk5cMMSTbpKh2AtaFe6zyirs if3wdrFDzlxpJZ+/sz07iNhswbJbyZdb0xmY04o8= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 4FA3C3858D1E for ; Thu, 3 Nov 2022 14:24:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4FA3C3858D1E Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-281-ZnHTTOB2MguLNvPGtMkdog-1; Thu, 03 Nov 2022 10:24:42 -0400 X-MC-Unique: ZnHTTOB2MguLNvPGtMkdog-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A5D2A3806738 for ; Thu, 3 Nov 2022 14:24:42 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.17.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7CB01C15BAB; Thu, 3 Nov 2022 14:24:42 +0000 (UTC) To: gcc-patches@gcc.gnu.org Subject: [committed] analyzer: fix ICE when pipe's arg isn't a pointer [PR107486] Date: Thu, 3 Nov 2022 10:24:40 -0400 Message-Id: <20221103142440.2260186-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: David Malcolm via Gcc-patches From: David Malcolm Reply-To: David Malcolm Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748485304994630759?= X-GMAIL-MSGID: =?utf-8?q?1748485304994630759?= Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-3626-g5acc10a9ea6641. gcc/analyzer/ChangeLog: PR analyzer/107486 * analyzer.cc (is_pipe_call_p): New. * analyzer.h (is_pipe_call_p): New decl. * region-model.cc (region_model::on_call_pre): Use it. (region_model::on_call_post): Likewise. gcc/testsuite/ChangeLog: PR analyzer/107486 * gcc.dg/analyzer/pipe-pr107486.c: New test. * gcc.dg/analyzer/pipe-void-return.c: New test. Signed-off-by: David Malcolm --- gcc/analyzer/analyzer.cc | 16 ++++++++++++++++ gcc/analyzer/analyzer.h | 2 ++ gcc/analyzer/region-model.cc | 8 ++++---- gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c | 5 +++++ gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c | 11 +++++++++++ 5 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc index 8a2a7734f24..6c7c969538c 100644 --- a/gcc/analyzer/analyzer.cc +++ b/gcc/analyzer/analyzer.cc @@ -379,6 +379,22 @@ is_longjmp_call_p (const gcall *call) return false; } +/* Return true if this is a "pipe" call. */ + +bool +is_pipe_call_p (const_tree fndecl, const char *funcname, + const gcall *call, unsigned int num_args) +{ + if (!is_named_call_p (fndecl, funcname, call, num_args)) + return false; + + /* We require a pointer for the initial argument. */ + if (!POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (call, 0)))) + return false; + + return true; +} + /* For a CALL that matched is_special_named_call_p or is_named_call_p for some name, return a name for the called function suitable for use in diagnostics (stripping the leading underscores). */ diff --git a/gcc/analyzer/analyzer.h b/gcc/analyzer/analyzer.h index a2d79e4a59f..c41cfb01656 100644 --- a/gcc/analyzer/analyzer.h +++ b/gcc/analyzer/analyzer.h @@ -324,6 +324,8 @@ extern bool is_std_named_call_p (const_tree fndecl, const char *funcname, const gcall *call, unsigned int num_args); extern bool is_setjmp_call_p (const gcall *call); extern bool is_longjmp_call_p (const gcall *call); +extern bool is_pipe_call_p (const_tree fndecl, const char *funcname, + const gcall *call, unsigned int num_args); extern const char *get_user_facing_name (const gcall *call); diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 7c44fc9e253..4713f0d2519 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -2315,8 +2315,8 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt, impl_call_memset (cd); return false; } - else if (is_named_call_p (callee_fndecl, "pipe", call, 1) - || is_named_call_p (callee_fndecl, "pipe2", call, 2)) + else if (is_pipe_call_p (callee_fndecl, "pipe", call, 1) + || is_pipe_call_p (callee_fndecl, "pipe2", call, 2)) { /* Handle in "on_call_post"; bail now so that fd array is left untouched so that we can detect use-of-uninit @@ -2403,8 +2403,8 @@ region_model::on_call_post (const gcall *call, impl_call_operator_delete (cd); return; } - else if (is_named_call_p (callee_fndecl, "pipe", call, 1) - || is_named_call_p (callee_fndecl, "pipe2", call, 2)) + else if (is_pipe_call_p (callee_fndecl, "pipe", call, 1) + || is_pipe_call_p (callee_fndecl, "pipe2", call, 2)) { impl_call_pipe (cd); return; diff --git a/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c b/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c new file mode 100644 index 00000000000..e9fc7fb4943 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c @@ -0,0 +1,5 @@ +void pipe(int); + +void f1(void) { + pipe(1); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c b/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c new file mode 100644 index 00000000000..0de676305f6 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c @@ -0,0 +1,11 @@ +extern void pipe(int pipefd[2]); +extern int close(int fd); + +void +test_unchecked (void) +{ + int fds[2]; + pipe (fds); /* { dg-message "when 'pipe' fails" } */ + close (fds[0]); /* { dg-warning "use of uninitialized value 'fds\\\[0\\\]'" } */ + close (fds[1]); /* { dg-warning "use of uninitialized value 'fds\\\[1\\\]'" } */ +}