From d5604febcfb09445eb738dcb8c675a4cb9671519 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Thu, 18 Jan 2024 12:11:57 -0500 Subject: [PATCH] analyzer: fix ICE on strlen ((char *)&VECTOR_CST) [PR111361] gcc/analyzer/ChangeLog: PR analyzer/111361 * region-model.cc (svalue_byte_range_has_null_terminator_1): The initial byte of an all-zeroes SVAL is a zero byte. Remove gcc_unreachable from SK_CONSTANT for constants that aren't STRING_CST or INTEGER_CST. gcc/testsuite/ChangeLog: PR analyzer/111361 * c-c++-common/analyzer/strlen-pr111361.c: New test. * c-c++-common/analyzer/strncpy-1.c (test_zero_fill): Remove fixed xfail. * c-c++-common/analyzer/strncpy-pr111361.c: New test. Signed-off-by: David Malcolm --- gcc/analyzer/region-model.cc | 9 ++++++++- .../c-c++-common/analyzer/strlen-pr111361.c | 18 ++++++++++++++++++ .../c-c++-common/analyzer/strncpy-1.c | 3 +-- .../c-c++-common/analyzer/strncpy-pr111361.c | 8 ++++++++ 4 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 gcc/testsuite/c-c++-common/analyzer/strlen-pr111361.c create mode 100644 gcc/testsuite/c-c++-common/analyzer/strncpy-pr111361.c diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index f01010cf630a..dbb2149dbd46 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -3605,6 +3605,14 @@ svalue_byte_range_has_null_terminator_1 (const svalue *sval, byte_offset_t *out_bytes_read, logger *logger) { + if (bytes.m_start_byte_offset == 0 + && sval->all_zeroes_p ()) + { + /* The initial byte of an all-zeroes SVAL is a zero byte. */ + *out_bytes_read = 1; + return tristate (true); + } + switch (sval->get_kind ()) { case SK_CONSTANT: @@ -3631,7 +3639,6 @@ svalue_byte_range_has_null_terminator_1 (const svalue *sval, return tristate::TS_UNKNOWN; default: - gcc_unreachable (); break; } } diff --git a/gcc/testsuite/c-c++-common/analyzer/strlen-pr111361.c b/gcc/testsuite/c-c++-common/analyzer/strlen-pr111361.c new file mode 100644 index 000000000000..b3b875c5a975 --- /dev/null +++ b/gcc/testsuite/c-c++-common/analyzer/strlen-pr111361.c @@ -0,0 +1,18 @@ +#include "analyzer-decls.h" + +typedef int __attribute__((__vector_size__ (32))) V; + +typedef __SIZE_TYPE__ size_t; + +static size_t __attribute__((noinline)) +call_strlen (const char *p) +{ + return __builtin_strlen (p); +} + +void +foo (void *out) +{ + V v = (V) { }; + __analyzer_eval (call_strlen ((const char *)&v) == 0); /* { dg-warning "TRUE" } */ +} diff --git a/gcc/testsuite/c-c++-common/analyzer/strncpy-1.c b/gcc/testsuite/c-c++-common/analyzer/strncpy-1.c index 3ca1d81d90cb..8edaf26654d8 100644 --- a/gcc/testsuite/c-c++-common/analyzer/strncpy-1.c +++ b/gcc/testsuite/c-c++-common/analyzer/strncpy-1.c @@ -44,8 +44,7 @@ test_zero_fill (char *dst) __analyzer_eval (dst[4] == '\0'); /* { dg-warning "TRUE" "correct" { xfail *-*-* } } */ /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */ __analyzer_eval (__analyzer_get_strlen (dst) == 0); /* { dg-warning "TRUE" } */ - __analyzer_eval (__analyzer_get_strlen (dst + 1) == 0); /* { dg-warning "TRUE" "correct" { xfail *-*-* } } */ - /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */ + __analyzer_eval (__analyzer_get_strlen (dst + 1) == 0); /* { dg-warning "TRUE" } */ } char *test_unterminated_concrete_a (char *dst) diff --git a/gcc/testsuite/c-c++-common/analyzer/strncpy-pr111361.c b/gcc/testsuite/c-c++-common/analyzer/strncpy-pr111361.c new file mode 100644 index 000000000000..da3eaeb6edb9 --- /dev/null +++ b/gcc/testsuite/c-c++-common/analyzer/strncpy-pr111361.c @@ -0,0 +1,8 @@ +typedef int __attribute__((__vector_size__ (32))) V; + +void +foo (char *out) +{ + V v = (V) { }; + __builtin_strncpy (out, (char *)&v, 5); +} -- 2.47.2