git.ipfire.org Git - thirdparty/gcc.git/commit

author	Tim Lange <mail@tim-lange.me>
	Fri, 9 Jun 2023 18:07:33 +0000 (20:07 +0200)
committer	Tim Lange <mail@tim-lange.me>
	Sat, 10 Jun 2023 12:13:31 +0000 (14:13 +0200)
commit	1d57a2232575913ad1085bac0ba5e22b58185179
tree	00c79898770f95446d3967d601e8ac797192d849	tree
parent	a53a83b63b4c4b3f7d2d997b3a26d82abb883f9a	commit \| diff

analyzer: Fix allocation size false positive on conjured svalue [PR109577]

Currently, the analyzer tries to prove that the allocation size is a
multiple of the pointee's type size.  This patch reverses the behavior
to try to prove that the expression is not a multiple of the pointee's
type size.  With this change, each unhandled case should be gracefully
considered as correct.  This fixes the bug reported in PR 109577 by
Paul Eggert.

Regression-tested on Linux x86-64 with -m32 and -m64.

2023-06-09  Tim Lange  <mail@tim-lange.me>

PR analyzer/109577

gcc/analyzer/ChangeLog:

* constraint-manager.cc (class sval_finder): Visitor to find
childs in svalue trees.
(constraint_manager::sval_constrained_p): Add new function to
check whether a sval might be part of an constraint.
* constraint-manager.h: Add sval_constrained_p function.
* region-model.cc (class size_visitor): Reverse behavior to not
emit a warning on not explicitly considered cases.
(region_model::check_region_size):
Adapt to size_visitor changes.

gcc/testsuite/ChangeLog:

* gcc.dg/analyzer/allocation-size-2.c: Change expected output
and add new test case.
* gcc.dg/analyzer/pr109577.c: New test.

gcc/analyzer/constraint-manager.cc		diff \| blob \| blame \| history
gcc/analyzer/constraint-manager.h		diff \| blob \| blame \| history
gcc/analyzer/region-model.cc		diff \| blob \| blame \| history
gcc/testsuite/gcc.dg/analyzer/allocation-size-2.c		diff \| blob \| blame \| history
gcc/testsuite/gcc.dg/analyzer/pr109577.c	[new file with mode: 0644]	blob