analyzer: casting all zeroes should give all zeroes [PR113333]

In particular, accessing the result of *calloc (1, SZ) (if non-NULL) should be known to be all zeroes. gcc/analyzer/ChangeLog: PR analyzer/113333 * region-model-manager.cc (region_model_manager::maybe_fold_unaryop): Casting all zeroes should give all zeroes. gcc/testsuite/ChangeLog: PR analyzer/113333 * c-c++-common/analyzer/calloc-1.c: Add tests. * c-c++-common/analyzer/pr96639.c: Update expected results. * gcc.dg/analyzer/data-model-9.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-01-15 19:01:16 -05:00 · 2024-01-15 19:01:16 -05:00 · d235bf2e80
commit d235bf2e80
parent a305448911
4 changed files with 43 additions and 5 deletions
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@ -457,6 +457,12 @@ region_model_manager::maybe_fold_unaryop (tree type, enum tree_code op,
 	      && region_sval->get_type ()
 	      && POINTER_TYPE_P (region_sval->get_type ()))
 	    return get_ptr_svalue (type, region_sval->get_pointee ());
+
+	/* Casting all zeroes should give all zeroes.  */
+	if (type
+	    && arg->all_zeroes_p ()
+	    && (INTEGRAL_TYPE_P (type) || POINTER_TYPE_P (type)))
+	  return get_or_create_int_cst (type, 0);
      }
      break;
    case TRUTH_NOT_EXPR:
--- a/gcc/testsuite/c-c++-common/analyzer/calloc-1.c
+++ b/gcc/testsuite/c-c++-common/analyzer/calloc-1.c
@ -22,3 +22,37 @@ char *test_1 (size_t sz)

  return p;
 }
+
+char **
+test_pr113333_1 (void)
+{
+  char **p = (char **)calloc (1, sizeof(char *));
+  if (p)
+    {
+      __analyzer_eval (*p == 0); /* { dg-warning "TRUE" } */
+      __analyzer_eval (p[0] == 0); /* { dg-warning "TRUE" } */
+    }
+  return p;
+}
+
+char **
+test_pr113333_2 (void)
+{
+  char **p = (char **)calloc (2, sizeof(char *));
+  if (p)
+    {
+      __analyzer_eval (*p == 0); /* { dg-warning "TRUE" } */
+      __analyzer_eval (p[0] == 0); /* { dg-warning "TRUE" } */
+      __analyzer_eval (p[1] == 0); /* { dg-warning "TRUE" } */
+    }
+  return p;
+}
+
+char **
+test_pr113333_3 (void)
+{
+  char **vec = (char **)calloc (1, sizeof(char *));
+  if (vec)
+    for (char **p=vec ; *p ; p++); /* { dg-bogus "heap-based buffer over-read" } */
+  return vec;
+}
--- a/gcc/testsuite/c-c++-common/analyzer/pr96639.c
+++ b/gcc/testsuite/c-c++-common/analyzer/pr96639.c
@ -6,5 +6,5 @@ x7 (void)
  int **md = (int **) calloc (1, sizeof (void *));

  return md[0][0]; /* { dg-warning "possibly-NULL" "unchecked deref" } */
-  /* { dg-warning "leak of 'md'" "leak" { target *-*-* } .-1 } */
+  /* { dg-warning "Wanalyzer-null-dereference" "deref of NULL" { target *-*-* } .-1 } */
 }
--- a/gcc/testsuite/gcc.dg/analyzer/data-model-9.c
+++ b/gcc/testsuite/gcc.dg/analyzer/data-model-9.c
@ -14,8 +14,7 @@ void test_1 (void)
  struct foo *f = calloc (1, sizeof (struct foo));
  if (f == NULL)
    return;
-  __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" "desired" { xfail *-*-* } } */
-  /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */
+  __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" } */
  free (f);
 }

@ -27,7 +26,6 @@ void test_2 (void)
  if (f == NULL)
    return;
  memset (f, 0, sizeof (struct foo));
-  __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" "desired" { xfail *-*-* } } */
-  /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */
+  __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" } */
  free (f);
 }