analyzer: play better with -fsanitize=bounds

gcc/analyzer/ChangeLog: * region-model.cc (region_model::on_call_pre): Treat IFN_UBSAN_BOUNDS, BUILT_IN_STACK_SAVE, and BUILT_IN_STACK_RESTORE as no-ops, rather than handling them as unknown functions. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/torture/ubsan-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-07-28 14:47:54 -04:00 · 2021-07-28 14:47:54 -04:00 · 37eb3ef48c
commit 37eb3ef48c
parent b508113016
2 changed files with 66 additions and 0 deletions
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@ -1082,6 +1082,8 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt,
       case IFN_BUILTIN_EXPECT:
 	 impl_call_builtin_expect (cd);
 	 return false;
+       case IFN_UBSAN_BOUNDS:
+	 return false;
       }
    }

@ -1137,6 +1139,10 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt,
 	    impl_call_strlen (cd);
 	    return false;

+	  case BUILT_IN_STACK_SAVE:
+	  case BUILT_IN_STACK_RESTORE:
+	    return false;
+
 	  /* Stdio builtins.  */
 	  case BUILT_IN_FPRINTF:
 	  case BUILT_IN_FPRINTF_UNLOCKED:
--- a/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/ubsan-1.c
@ -0,0 +1,60 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+/* { dg-additional-options "-fsanitize=bounds" } */
+
+#include <stdlib.h>
+#include "../analyzer-decls.h"
+
+int test_1 (int *arr, int i, int n)
+{
+  if (i >= n)
+    return 0;
+  return arr[i];
+}
+
+int test_2 (int *arr, int i, int n)
+{
+  if (i >= n)
+    return 0;
+  if (arr[i])
+    __analyzer_eval (arr[i]); /* { dg-warning "TRUE" } */
+  else
+    __analyzer_eval (arr[i]); /* { dg-warning "FALSE" } */
+}
+
+int test_3 (int arr[], int i, int n)
+{
+  if (i >= n)
+    return 0;
+  if (arr[i])
+    __analyzer_eval (arr[i]); /* { dg-warning "TRUE" } */
+  else
+    __analyzer_eval (arr[i]); /* { dg-warning "FALSE" } */
+}
+
+void test_4 (int i, int n)
+{
+  int arr[n];
+  arr[i] = 42;
+  __analyzer_eval (arr[i] == 42); /* { dg-warning "TRUE" } */
+}
+
+void test_5 (int i, int n)
+{
+  int *arr = malloc (sizeof(int) * n);
+  if (arr)
+    {
+      arr[i] = 42;
+      __analyzer_eval (arr[i] == 42); /* { dg-warning "TRUE" } */
+    }
+  free (arr);
+}
+
+int global;
+
+void test_6 (int i, int n)
+{
+  int arr[n];
+  int saved = global;
+  arr[i] = 42;
+  __analyzer_eval (saved == global); /* { dg-warning "TRUE" } */
+}