diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2020-03-26 09:42:25 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2020-03-27 10:04:57 -0400 |
| commit | 6969ac301f2229366a812942a906257e5c060762 (patch) | |
| tree | cb6843707780950674bcdfd10f4db886d4e0e70d /gcc/analyzer/ChangeLog | |
| parent | 42c633132521c8c2874cef54852090d587ce66c3 (diff) | |
analyzer: fix malloc pointer NULL-ness
Fixes to exploded_path::feasible_p exposed a pre-existing bug
with pointer NULL-ness for pointers to symbolic_region.
symbolic_region has an "m_possibly_null" flag which if set means
that a region_svalue pointing to that region is treated as possibly
NULL. Adding a constraint of "!= NULL" on an edge records that
the pointer is non-NULL, but doesn't affect other pointers (e.g.
if the first if a void *, but the other pointers are cast to other
pointer types). This showed up in the tests
gcc.dg/analyzer/data-model-5b.c and -5c.c, which malloc a buffer
and test for NULL, but then cast that to a struct * and later test
that struct *: a path for the first test being non-NULL and the
second being NULL was erroneously found to be feasible.
This patch clears the m_possibly_null flag when a "!= NULL" constraint
is added, fixing that erroneous path (but not yet fixing the false
positive in the above tests, which seems to go on to hit a different
issue). It also adds the field to dumps.
gcc/analyzer/ChangeLog:
* program-state.cc (selftest::test_program_state_dumping): Update
expected dump to include symbolic_region's possibly_null field.
* region-model.cc (symbolic_region::print_fields): New vfunc
implementation.
(region_model::add_constraint): Clear m_possibly_null from
symbolic_regions now known to be non-NULL.
(selftest::test_malloc_constraints): New selftest.
(selftest::analyzer_region_model_cc_tests): Call it.
* region-model.h (region::dyn_cast_symbolic_region): Add non-const
overload.
(symbolic_region::dyn_cast_symbolic_region): Implement it.
(symbolic_region::print_fields): New vfunc override decl.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/data-model-5b.c: Add xfail for new false
positive leak.
* gcc.dg/analyzer/data-model-5c.c: Likewise.
* gcc.dg/analyzer/malloc-5.c: New test.
Diffstat (limited to 'gcc/analyzer/ChangeLog')
| -rw-r--r-- | gcc/analyzer/ChangeLog | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog index ddb02afe192..98093cd4f35 100644 --- a/gcc/analyzer/ChangeLog +++ b/gcc/analyzer/ChangeLog @@ -1,5 +1,20 @@ 2020-03-27 David Malcolm <dmalcolm@redhat.com> + * program-state.cc (selftest::test_program_state_dumping): Update + expected dump to include symbolic_region's possibly_null field. + * region-model.cc (symbolic_region::print_fields): New vfunc + implementation. + (region_model::add_constraint): Clear m_possibly_null from + symbolic_regions now known to be non-NULL. + (selftest::test_malloc_constraints): New selftest. + (selftest::analyzer_region_model_cc_tests): Call it. + * region-model.h (region::dyn_cast_symbolic_region): Add non-const + overload. + (symbolic_region::dyn_cast_symbolic_region): Implement it. + (symbolic_region::print_fields): New vfunc override decl. + +2020-03-27 David Malcolm <dmalcolm@redhat.com> + * analyzer.h (class feasibility_problem): New forward decl. * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): Initialize new fields m_status, m_epath_length, and m_problem. |