analyzer: simplify region_model::push_frame

region_model::push_frame was binding arguments for both the default SSA
name for each parameter, and the underlying parameter.

Simplify the generated states by only binding the default SSA name if
it exists, or the parameter if there is no default SSA name.

gcc/analyzer/ChangeLog:
	* region-model.cc (region_model::push_frame): Bind the default
	SSA name for each parm if it exists, falling back to the parm
	itself otherwise, rather than doing both.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/malloc-ipa-8-double-free.c: Drop
	-fanalyzer-verbose-state-changes.
This commit is contained in:
David Malcolm 2020-08-21 17:19:15 -04:00
parent fc34d04b07
commit 294b6da21b
2 changed files with 12 additions and 17 deletions

View File

@ -2353,17 +2353,12 @@ region_model::push_frame (function *fun, const vec<const svalue *> *arg_svals,
rest of the params as uninitialized. */
if (idx >= arg_svals->length ())
break;
tree parm_lval = iter_parm;
if (tree parm_default_ssa = ssa_default_def (fun, iter_parm))
parm_lval = parm_default_ssa;
const region *parm_reg = get_lvalue (parm_lval, ctxt);
const svalue *arg_sval = (*arg_svals)[idx];
const region *parm_reg = get_lvalue (iter_parm, ctxt);
set_value (parm_reg, arg_sval, ctxt);
/* Also do it for default SSA name (sharing the same value). */
tree parm_default_ssa = ssa_default_def (fun, iter_parm);
if (parm_default_ssa)
{
const region *defssa_reg = get_lvalue (parm_default_ssa, ctxt);
set_value (defssa_reg, arg_sval, ctxt);
}
}
}
else
@ -2375,10 +2370,10 @@ region_model::push_frame (function *fun, const vec<const svalue *> *arg_svals,
for (tree iter_parm = DECL_ARGUMENTS (fndecl); iter_parm;
iter_parm = DECL_CHAIN (iter_parm))
{
on_top_level_param (iter_parm, ctxt);
tree parm_default_ssa = ssa_default_def (fun, iter_parm);
if (parm_default_ssa)
if (tree parm_default_ssa = ssa_default_def (fun, iter_parm))
on_top_level_param (parm_default_ssa, ctxt);
else
on_top_level_param (iter_parm, ctxt);
}
}

View File

@ -1,6 +1,6 @@
/* Example of a multilevel wrapper around malloc/free, with a double-'free'. */
/* { dg-additional-options "-fdiagnostics-show-line-numbers -fdiagnostics-path-format=inline-events -fanalyzer-checker=malloc -fanalyzer-verbose-state-changes -fdiagnostics-show-caret" } */
/* { dg-additional-options "-fdiagnostics-show-line-numbers -fdiagnostics-path-format=inline-events -fanalyzer-checker=malloc -fdiagnostics-show-caret" } */
/* { dg-enable-nn-line-numbers "" } */
#include <stdlib.h>
@ -83,7 +83,7 @@ void test (int i)
| NN | return malloc (size);
| | ~~~~~~~~~~~~~
| | |
| | (6) allocated here (state of '<unknown>': 'start' -> 'unchecked', NULL origin)
| | (6) allocated here
|
<------+
|
@ -96,7 +96,7 @@ void test (int i)
| NN | if (!result)
| | ~
| | |
| | (8) assuming 'result' is non-NULL (state of 'result': 'unchecked' -> 'nonnull', NULL origin)
| | (8) assuming 'result' is non-NULL
| | (9) following 'false' branch (when 'result' is non-NULL)...
| NN | abort ();
| NN | result->i = i;
@ -140,7 +140,7 @@ void test (int i)
| NN | free (ptr);
| | ~~~~~~~~~~
| | |
| | (16) first 'free' here (state of 'ptr': 'nonnull' -> 'freed', NULL origin)
| | (16) first 'free' here
|
<------+
|
@ -187,7 +187,7 @@ void test (int i)
| NN | free (ptr);
| | ~~~~~~~~~~
| | |
| | (23) second 'free' here; first 'free' was at (16) ('ptr' is in state 'freed')
| | (23) second 'free' here; first 'free' was at (16)
|
{ dg-end-multiline-output "" } */