From 15e7b93ba4256884c90198c678ed7eded4e73464 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 18 Sep 2020 17:34:50 -0400 Subject: [PATCH] analyzer: decls are not on the heap Whilst debugging the remaining state explosion in PR analyzer/93355 I noticed that half of the states at an exploding program point had: 'malloc': {'&buf': 'non-heap'} whereas the other half didn't, presumably depending on whether the path to each enode had used this local buffer: char buf[400]; This patch tweaks malloc_state_machine::get_default_state to be smarter about this, so that we can implicitly treat pointers to decls as non-heap, preventing pointless differences between sm_state_map instances. With that, all of the states in question have equal (empty) malloc sm-state - though the state explosion continues for other reasons. gcc/analyzer/ChangeLog: PR analyzer/93355 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at the base region when considering pointers. Treat pointers to decls as being non-heap. --- gcc/analyzer/sm-malloc.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc index 90d1da14586..12b2383e4a7 100644 --- a/gcc/analyzer/sm-malloc.cc +++ b/gcc/analyzer/sm-malloc.cc @@ -183,7 +183,9 @@ public: if (const region_svalue *ptr = sval->dyn_cast_region_svalue ()) { const region *reg = ptr->get_pointee (); - if (reg->get_kind () == RK_STRING) + const region *base_reg = reg->get_base_region (); + if (base_reg->get_kind () == RK_DECL + || base_reg->get_kind () == RK_STRING) return m_non_heap; } return m_start; -- 2.30.2