git.ipfire.org Git - thirdparty/gcc.git/commit

diagnostics: tweak diagnostic_path::interprocedural_p [PR106626]

The region-creation event at the start of...

<source>: In function 'int_arr_write_element_after_end_off_by_one':
<source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds]
   14 |   arr[10] = x;
      |   ~~~~~~~~^~~
  event 1
    |
    |   10 | int32_t arr[10];
    |      |         ^~~
    |      |         |
    |      |         (1) capacity is 40 bytes
    |
    +--> 'int_arr_write_element_after_end_off_by_one': events 2-3
           |
           |   12 | void int_arr_write_element_after_end_off_by_one(int32_t x)
           |      |      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |      |
           |      |      (2) entry to 'int_arr_write_element_after_end_off_by_one'
           |   13 | {
           |   14 |   arr[10] = x;  /* { dg-line line } */
           |      |   ~~~~~~~~~~~
           |      |           |
           |      |           (3) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40
           |
<source>:14:11: note: write of 4 bytes to beyond the end of 'arr'
   14 |   arr[10] = x;
      |   ~~~~~~~~^~~
<source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]'

...makes diagnostic_manager::finish_pruning consider the path to be
interprocedural, and so it doesn't prune the function entry event.

This patch tweaks diagnostic_path::interprocedural_p to ignore
leading events outside of any function, so that it considers the
path to be intraprocedural, and thus diagnostic_manager::finish_pruning
prunes the function entry event, leading to this simpler output:

<source>: In function 'int_arr_write_element_after_end_off_by_one':
<source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds]
   14 |   arr[10] = x;
      |   ~~~~~~~~^~~
  event 1
    |
    |   10 | int32_t arr[10];
    |      |         ^~~
    |      |         |
    |      |         (1) capacity is 40 bytes
    |
    +--> 'int_arr_write_element_after_end_off_by_one': event 2
           |
           |   14 |   arr[10] = x;
           |      |   ~~~~~~~~^~~
           |      |           |
           |      |           (2) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40
           |
<source>:14:11: note: write of 4 bytes to beyond the end of 'arr'
<source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]'

gcc/ChangeLog:
PR analyzer/106626
* diagnostic-path.h
(diagnostic_path::get_first_event_in_a_function): New decl.
* diagnostic.cc (diagnostic_path::get_first_event_in_a_function):
New.
(diagnostic_path::interprocedural_p): Ignore leading events that
are outside of any function.

gcc/testsuite/ChangeLog:
PR analyzer/106626
* gcc.dg/analyzer/out-of-bounds-multiline-1.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

author	David Malcolm <dmalcolm@redhat.com>
	Thu, 1 Dec 2022 02:26:43 +0000 (21:26 -0500)
committer	David Malcolm <dmalcolm@redhat.com>
	Thu, 1 Dec 2022 02:26:43 +0000 (21:26 -0500)
commit	1d86af242bc4a8e68aebf1f3b8c985f2d17fa791
tree	2353c4d7393853014fc9ec47f9582da896238a27	tree
parent	df460cf51b25868564dd2628a399b8c874ef309c	commit \| diff

gcc/diagnostic-path.h		diff \| blob \| blame \| history
gcc/diagnostic.cc		diff \| blob \| blame \| history
gcc/testsuite/gcc.dg/analyzer/out-of-bounds-multiline-1.c	[new file with mode: 0644]	blob