analyzer: fix issue with symbolic reads with concrete bindings

gcc/analyzer/ChangeLog: * store.cc (binding_cluster::get_any_binding): Make symbolic reads from a cluster with concrete bindings return unknown. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/symbolic-7.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-06-18 13:24:19 -04:00 · 2021-06-18 13:24:19 -04:00 · 3bb85b8687
parent 83faf7eacd
commit 3bb85b8687
2 changed files with 54 additions and 0 deletions
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@ -1177,6 +1177,16 @@ binding_cluster::get_any_binding (store_manager *mgr,
      return rmm_mgr->get_or_create_unknown_svalue (reg->get_type ());
    }

+  /* Alternatively, if this is a symbolic read and the cluster has any bindings,
+     then we don't know if we're reading those values or not, so the result
+     is also "UNKNOWN".  */
+  if (reg->get_offset ().symbolic_p ()
+      && m_map.elements () > 0)
+    {
+      region_model_manager *rmm_mgr = mgr->get_svalue_manager ();
+      return rmm_mgr->get_or_create_unknown_svalue (reg->get_type ());
+    }
+
  if (const svalue *compound_sval = maybe_get_compound_binding (mgr, reg))
    return compound_sval;

--- a/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c
+++ b/gcc/testsuite/gcc.dg/analyzer/symbolic-7.c
@ -0,0 +1,44 @@
+#include "analyzer-decls.h"
+
+extern void maybe_write (int *);
+
+void test_1 (int i)
+{
+  /* An array with purely concrete bindings.  */
+  int arr[2];
+  arr[0] = 1066;
+  arr[1] = 1776;
+
+  /* Concrete reads.  */
+  __analyzer_eval (arr[0] == 1066); /* { dg-warning "TRUE" } */
+  __analyzer_eval (arr[1] == 1776); /* { dg-warning "TRUE" } */
+
+  /* Symbolic read.  */
+  __analyzer_describe (0, arr[i]); /* { dg-warning "svalue: 'UNKNOWN\\(int\\)'" } */
+  __analyzer_eval (arr[i] == 1776); /* { dg-warning "UNKNOWN" } */
+}
+
+void test_2 (int i)
+{
+  /* An array that could have been touched.  */
+  int arr[2];
+  maybe_write (arr);
+  
+  /* Concrete reads.  */
+  __analyzer_eval (arr[0] == 42); /* { dg-warning "UNKNOWN" } */
+
+  /* Symbolic read.  */
+  __analyzer_eval (arr[i] == 42); /* { dg-warning "UNKNOWN" } */
+}
+
+void test_3 (int i)
+{
+  /* An array that can't have been touched.  */
+  int arr[2];
+  
+  /* Concrete reads.  */
+  __analyzer_eval (arr[0] == 42); /* { dg-warning "UNKNOWN" } */
+
+  /* Symbolic read.  */
+  __analyzer_eval (arr[i] == 42); /* { dg-warning "UNKNOWN" } */
+}