[committed] analyzer: fix issue with symbolic reads with concrete bindings

David Malcolm dmalcolm@redhat.com
Fri Jun 18 17:30:42 GMT 2021


Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as 3bb85b868722e69aef0d37858c0dc3c88d92a0eb.

gcc/analyzer/ChangeLog:
	* store.cc (binding_cluster::get_any_binding): Make symbolic reads
	from a cluster with concrete bindings return unknown.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/symbolic-7.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/store.cc                      | 10 +++++
 gcc/testsuite/gcc.dg/analyzer/symbolic-7.c | 44 ++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-7.c

diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc
index b643b631863..320370326bd 100644
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@@ -1177,6 +1177,16 @@ binding_cluster::get_any_binding (store_manager *mgr,
       return rmm_mgr->get_or_create_unknown_svalue (reg->get_type ());
     }
 
+  /* Alternatively, if this is a symbolic read and the cluster has any bindings,
+     then we don't know if we're reading those values or not, so the result
+     is also "UNKNOWN".  */
+  if (reg->get_offset ().symbolic_p ()
+      && m_map.elements () > 0)
+    {
+      region_model_manager *rmm_mgr = mgr->get_svalue_manager ();
+      return rmm_mgr->get_or_create_unknown_svalue (reg->get_type ());
+    }
+
   if (const svalue *compound_sval = maybe_get_compound_binding (mgr, reg))
     return compound_sval;
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c b/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c
new file mode 100644
index 00000000000..4f013677f86
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c
@@ -0,0 +1,44 @@
+#include "analyzer-decls.h"
+
+extern void maybe_write (int *);
+
+void test_1 (int i)
+{
+  /* An array with purely concrete bindings.  */
+  int arr[2];
+  arr[0] = 1066;
+  arr[1] = 1776;
+
+  /* Concrete reads.  */
+  __analyzer_eval (arr[0] == 1066); /* { dg-warning "TRUE" } */
+  __analyzer_eval (arr[1] == 1776); /* { dg-warning "TRUE" } */
+
+  /* Symbolic read.  */
+  __analyzer_describe (0, arr[i]); /* { dg-warning "svalue: 'UNKNOWN\\(int\\)'" } */
+  __analyzer_eval (arr[i] == 1776); /* { dg-warning "UNKNOWN" } */
+}
+
+void test_2 (int i)
+{
+  /* An array that could have been touched.  */
+  int arr[2];
+  maybe_write (arr);
+  
+  /* Concrete reads.  */
+  __analyzer_eval (arr[0] == 42); /* { dg-warning "UNKNOWN" } */
+
+  /* Symbolic read.  */
+  __analyzer_eval (arr[i] == 42); /* { dg-warning "UNKNOWN" } */
+}
+
+void test_3 (int i)
+{
+  /* An array that can't have been touched.  */
+  int arr[2];
+  
+  /* Concrete reads.  */
+  __analyzer_eval (arr[0] == 42); /* { dg-warning "UNKNOWN" } */
+
+  /* Symbolic read.  */
+  __analyzer_eval (arr[i] == 42); /* { dg-warning "UNKNOWN" } */
+}
-- 
2.26.3



More information about the Gcc-patches mailing list