From 18faaeb3af42f3d7dc609b9b91df77d0d59b16f6 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Mon, 24 Oct 2022 16:38:23 -0400 Subject: [PATCH] analyzer: handle (NULL == &VAR) [PR107345] gcc/analyzer/ChangeLog: PR analyzer/107345 * region-model.cc (region_model::eval_condition_without_cm): Ensure that constants are on the right-hand side before checking for them. gcc/testsuite/ChangeLog: PR analyzer/107345 * gcc.dg/analyzer/pr107345.c: New test. Signed-off-by: David Malcolm --- gcc/analyzer/region-model.cc | 15 ++++++++++++--- gcc/testsuite/gcc.dg/analyzer/pr107345.c | 17 +++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr107345.c diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 608fcd5..7c44fc9 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -4212,10 +4212,19 @@ region_model::eval_condition_without_cm (const svalue *lhs, /* Otherwise, only known through constraints. */ } - /* If we have a pair of constants, compare them. */ if (const constant_svalue *cst_lhs = lhs->dyn_cast_constant_svalue ()) - if (const constant_svalue *cst_rhs = rhs->dyn_cast_constant_svalue ()) - return constant_svalue::eval_condition (cst_lhs, op, cst_rhs); + { + /* If we have a pair of constants, compare them. */ + if (const constant_svalue *cst_rhs = rhs->dyn_cast_constant_svalue ()) + return constant_svalue::eval_condition (cst_lhs, op, cst_rhs); + else + { + /* When we have one constant, put it on the RHS. */ + std::swap (lhs, rhs); + op = swap_tree_comparison (op); + } + } + gcc_assert (lhs->get_kind () != SK_CONSTANT); /* Handle comparison against zero. */ if (const constant_svalue *cst_rhs = rhs->dyn_cast_constant_svalue ()) diff --git a/gcc/testsuite/gcc.dg/analyzer/pr107345.c b/gcc/testsuite/gcc.dg/analyzer/pr107345.c new file mode 100644 index 0000000..540596d --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pr107345.c @@ -0,0 +1,17 @@ +/* Ensure the analyzer treats (NULL == &e) as being false for this case, + where the logic is sufficiently complicated to not be optimized away. */ + +#include + +int main() { + int e = 10086; + int *f = &e; + int g = 0; + int *h[2][1]; + h[1][0] = f; + if (g == (h[1][0])) { /* { dg-warning "comparison between pointer and integer" } */ + unsigned int *i = 0; + } + printf("NPD_FLAG: %d\n ", *f); + return 0; +} -- 2.7.4