[committed] analyzer: simplify region_model::push_frame

David Malcolm dmalcolm@redhat.com
Sat Aug 22 15:26:39 GMT 2020


region_model::push_frame was binding arguments for both the default SSA
name for each parameter, and the underlying parameter.

Simplify the generated states by only binding the default SSA name if
it exists, or the parameter if there is no default SSA name.

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as 294b6da21bbd8297fe6aee497ac6c8e561637e70.

gcc/analyzer/ChangeLog:
	* region-model.cc (region_model::push_frame): Bind the default
	SSA name for each parm if it exists, falling back to the parm
	itself otherwise, rather than doing both.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/malloc-ipa-8-double-free.c: Drop
	-fanalyzer-verbose-state-changes.
---
 gcc/analyzer/region-model.cc                  | 19 +++++++------------
 .../analyzer/malloc-ipa-8-double-free.c       | 10 +++++-----
 2 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index b8a0f9ffd3d..02bbfa54781 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -2353,17 +2353,12 @@ region_model::push_frame (function *fun, const vec<const svalue *> *arg_svals,
 	     rest of the params as uninitialized.  */
 	  if (idx >= arg_svals->length ())
 	    break;
+	  tree parm_lval = iter_parm;
+	  if (tree parm_default_ssa = ssa_default_def (fun, iter_parm))
+	    parm_lval = parm_default_ssa;
+	  const region *parm_reg = get_lvalue (parm_lval, ctxt);
 	  const svalue *arg_sval = (*arg_svals)[idx];
-	  const region *parm_reg = get_lvalue (iter_parm, ctxt);
 	  set_value (parm_reg, arg_sval, ctxt);
-
-	  /* Also do it for default SSA name (sharing the same value).  */
-	  tree parm_default_ssa = ssa_default_def (fun, iter_parm);
-	  if (parm_default_ssa)
-	    {
-	      const region *defssa_reg = get_lvalue (parm_default_ssa, ctxt);
-	      set_value (defssa_reg, arg_sval, ctxt);
-	    }
 	}
     }
   else
@@ -2375,10 +2370,10 @@ region_model::push_frame (function *fun, const vec<const svalue *> *arg_svals,
       for (tree iter_parm = DECL_ARGUMENTS (fndecl); iter_parm;
 	   iter_parm = DECL_CHAIN (iter_parm))
 	{
-	  on_top_level_param (iter_parm, ctxt);
-	  tree parm_default_ssa = ssa_default_def (fun, iter_parm);
-	  if (parm_default_ssa)
+	  if (tree parm_default_ssa = ssa_default_def (fun, iter_parm))
 	    on_top_level_param (parm_default_ssa, ctxt);
+	  else
+	    on_top_level_param (iter_parm, ctxt);
 	}
     }
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c b/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c
index cdf5ac18324..580862b0138 100644
--- a/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c
@@ -1,6 +1,6 @@
 /* Example of a multilevel wrapper around malloc/free, with a double-'free'.  */
 
-/* { dg-additional-options "-fdiagnostics-show-line-numbers -fdiagnostics-path-format=inline-events -fanalyzer-checker=malloc -fanalyzer-verbose-state-changes -fdiagnostics-show-caret" } */
+/* { dg-additional-options "-fdiagnostics-show-line-numbers -fdiagnostics-path-format=inline-events -fanalyzer-checker=malloc -fdiagnostics-show-caret" } */
 /* { dg-enable-nn-line-numbers "" } */
 
 #include <stdlib.h>
@@ -83,7 +83,7 @@ void test (int i)
                   |   NN |   return malloc (size);
                   |      |          ~~~~~~~~~~~~~
                   |      |          |
-                  |      |          (6) allocated here (state of '<unknown>': 'start' -> 'unchecked', NULL origin)
+                  |      |          (6) allocated here
                   |
            <------+
            |
@@ -96,7 +96,7 @@ void test (int i)
            |   NN |   if (!result)
            |      |      ~                              
            |      |      |
-           |      |      (8) assuming 'result' is non-NULL (state of 'result': 'unchecked' -> 'nonnull', NULL origin)
+           |      |      (8) assuming 'result' is non-NULL
            |      |      (9) following 'false' branch (when 'result' is non-NULL)...
            |   NN |     abort ();
            |   NN |   result->i = i;
@@ -140,7 +140,7 @@ void test (int i)
                   |   NN |   free (ptr);
                   |      |   ~~~~~~~~~~
                   |      |   |
-                  |      |   (16) first 'free' here (state of 'ptr': 'nonnull' -> 'freed', NULL origin)
+                  |      |   (16) first 'free' here
                   |
            <------+
            |
@@ -187,7 +187,7 @@ void test (int i)
                   |   NN |   free (ptr);
                   |      |   ~~~~~~~~~~
                   |      |   |
-                  |      |   (23) second 'free' here; first 'free' was at (16) ('ptr' is in state 'freed')
+                  |      |   (23) second 'free' here; first 'free' was at (16)
                   |
    { dg-end-multiline-output "" } */
 
-- 
2.26.2



More information about the Gcc-patches mailing list