+2020-02-11 David Malcolm <dmalcolm@redhat.com>
+
+ PR analyzer/93288
+ * analysis-plan.cc (analysis_plan::use_summary_p): Look through
+ the ultimate_alias_target when getting the called function.
+ * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
+ "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
+ gimple_call_fndecl.
+ * region-model.cc (region_model::get_fndecl_for_call): Use
+ ultimate_alias_target on fndecl.
+ * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
+ function.
+ (supergraph_call_edge): Use it when rejecting edges without
+ functions.
+ (supergraph::supergraph): Use it to get the function for the
+ cgraph_edge when building interprocedural superedges.
+ (callgraph_superedge::get_callee_function): Use it.
+ * supergraph.h (supergraph::get_num_snodes): Make param const.
+ (supergraph::function_to_num_snodes_t): Make first type param
+ const.
+
2020-02-11 David Malcolm <dmalcolm@redhat.com>
PR analyzer/93374
/* Require the callee to be sufficiently complex to be worth
summarizing. */
- if ((int)m_sg.get_num_snodes (callee->get_fun ())
+ const function *fun
+ = const_cast <cgraph_node *> (callee)->ultimate_alias_target ()->get_fun ();
+ /* TODO(stage1): can ultimate_alias_target be made const? */
+
+ if ((int)m_sg.get_num_snodes (fun)
< param_analyzer_min_snodes_for_call_summary)
return false;
const sm_state_map *old_smap
= old_state.m_checker_states[sm_idx];
sm_state_map *new_smap = state->m_checker_states[sm_idx];
- impl_sm_context ctxt (eg, sm_idx, sm, this, &old_state, state,
- change,
- old_smap, new_smap);
+ impl_sm_context sm_ctxt (eg, sm_idx, sm, this, &old_state, state,
+ change,
+ old_smap, new_smap);
/* Allow the state_machine to handle the stmt. */
- if (sm.on_stmt (&ctxt, snode, stmt))
+ if (sm.on_stmt (&sm_ctxt, snode, stmt))
unknown_side_effects = false;
else
{
/* For those stmts that were not handled by the state machine. */
if (const gcall *call = dyn_cast <const gcall *> (stmt))
{
- tree callee_fndecl = gimple_call_fndecl (call);
- // TODO: maybe we can be smarter about handling function pointers?
+ tree callee_fndecl
+ = state->m_region_model->get_fndecl_for_call (call, &ctxt);
if (!fndecl_has_gimple_body_p (callee_fndecl))
new_smap->purge_for_unknown_fncall (eg, sm, call, callee_fndecl,
if (code)
{
tree fn_decl = code->get_tree_for_child_region (fn_rid);
- return fn_decl;
+ const cgraph_node *ultimate_node
+ = cgraph_node::get (fn_decl)->ultimate_alias_target ();
+ if (ultimate_node)
+ return ultimate_node->decl;
}
}
namespace ana {
+/* Get the function of the ultimate alias target being called at EDGE,
+ if any. */
+
+static function *
+get_ultimate_function_for_cgraph_edge (cgraph_edge *edge)
+{
+ cgraph_node *ultimate_node = edge->callee->ultimate_alias_target ();
+ if (!ultimate_node)
+ return NULL;
+ return ultimate_node->get_fun ();
+}
+
/* Get the cgraph_edge, but only if there's an underlying function body. */
cgraph_edge *
return NULL;
if (!edge->callee)
return NULL; /* e.g. for a function pointer. */
- if (!edge->callee->get_fun ())
+ if (!get_ultimate_function_for_cgraph_edge (edge))
return NULL;
return edge;
}
{
cgraph_edge *edge = (*iter).first;
supernode *caller_prev_supernode = (*iter).second;
- basic_block callee_cfg_block
- = ENTRY_BLOCK_PTR_FOR_FN (edge->callee->get_fun ());
+ function* callee_fn = get_ultimate_function_for_cgraph_edge (edge);
+ if (!callee_fn || !callee_fn->cfg)
+ continue;
+ basic_block callee_cfg_block = ENTRY_BLOCK_PTR_FOR_FN (callee_fn);
supernode *callee_supernode
= *m_bb_to_initial_node.get (callee_cfg_block);
call_superedge *sedge
{
cgraph_edge *edge = (*iter).first;
supernode *caller_next_supernode = (*iter).second;
- basic_block callee_cfg_block
- = EXIT_BLOCK_PTR_FOR_FN (edge->callee->get_fun ());
+ function* callee_fn = get_ultimate_function_for_cgraph_edge (edge);
+ if (!callee_fn || !callee_fn->cfg)
+ continue;
+ basic_block callee_cfg_block = EXIT_BLOCK_PTR_FOR_FN (callee_fn);
supernode *callee_supernode
= *m_bb_to_initial_node.get (callee_cfg_block);
return_superedge *sedge
function *
callgraph_superedge::get_callee_function () const
{
- return m_cedge->callee->get_fun ();
+ return get_ultimate_function_for_cgraph_edge (m_cedge);
}
/* Get the calling function at this interprocedural call/return edge. */
return m_nodes[idx];
}
- unsigned get_num_snodes (function *fun) const
+ unsigned get_num_snodes (const function *fun) const
{
function_to_num_snodes_t &map
= const_cast <function_to_num_snodes_t &>(m_function_to_num_snodes);
typedef ordered_hash_map<gimple *, supernode *> stmt_to_node_t;
stmt_to_node_t m_stmt_to_node_t;
- typedef hash_map<function *, unsigned> function_to_num_snodes_t;
+ typedef hash_map<const function *, unsigned> function_to_num_snodes_t;
function_to_num_snodes_t m_function_to_num_snodes;
};
+2020-02-11 David Malcolm <dmalcolm@redhat.com>
+
+ PR analyzer/93288
+ * g++.dg/analyzer/malloc.C: Add test coverage for a double-free
+ called in a constructor.
+ * g++.dg/analyzer/pr93288.C: New test.
+
2020-02-11 David Malcolm <dmalcolm@redhat.com>
PR analyzer/93212
free (ptr);
free (ptr); /* { dg-warning "double-'free' of 'ptr'" } */
}
+
+/* Test of double-free in ctor. */
+
+struct s2
+{
+ s2 (void *v)
+ {
+ free (v); // { dg-warning "double-'free' of 'v'" }
+ }
+};
+
+void test_2 (void *ptr)
+{
+ free (ptr); // { dg-message "first 'free' here" }
+ s2 a (ptr); // { dg-message "passing freed pointer 'ptr' in call to 's2::s2' from 'test_2'" }
+}
--- /dev/null
+// { dg-do compile }
+
+struct a {
+ a();
+};
+class foo {
+ a b;
+} c;
projects / gcc.git / commitdiff