From 294b6da21bbd8297fe6aee497ac6c8e561637e70 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 21 Aug 2020 17:19:15 -0400 Subject: [PATCH] analyzer: simplify region_model::push_frame region_model::push_frame was binding arguments for both the default SSA name for each parameter, and the underlying parameter. Simplify the generated states by only binding the default SSA name if it exists, or the parameter if there is no default SSA name. gcc/analyzer/ChangeLog: * region-model.cc (region_model::push_frame): Bind the default SSA name for each parm if it exists, falling back to the parm itself otherwise, rather than doing both. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/malloc-ipa-8-double-free.c: Drop -fanalyzer-verbose-state-changes. --- gcc/analyzer/region-model.cc | 19 +++++++------------ .../gcc.dg/analyzer/malloc-ipa-8-double-free.c | 10 +++++----- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index b8a0f9f..02bbfa5 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -2353,17 +2353,12 @@ region_model::push_frame (function *fun, const vec *arg_svals, rest of the params as uninitialized. */ if (idx >= arg_svals->length ()) break; + tree parm_lval = iter_parm; + if (tree parm_default_ssa = ssa_default_def (fun, iter_parm)) + parm_lval = parm_default_ssa; + const region *parm_reg = get_lvalue (parm_lval, ctxt); const svalue *arg_sval = (*arg_svals)[idx]; - const region *parm_reg = get_lvalue (iter_parm, ctxt); set_value (parm_reg, arg_sval, ctxt); - - /* Also do it for default SSA name (sharing the same value). */ - tree parm_default_ssa = ssa_default_def (fun, iter_parm); - if (parm_default_ssa) - { - const region *defssa_reg = get_lvalue (parm_default_ssa, ctxt); - set_value (defssa_reg, arg_sval, ctxt); - } } } else @@ -2375,10 +2370,10 @@ region_model::push_frame (function *fun, const vec *arg_svals, for (tree iter_parm = DECL_ARGUMENTS (fndecl); iter_parm; iter_parm = DECL_CHAIN (iter_parm)) { - on_top_level_param (iter_parm, ctxt); - tree parm_default_ssa = ssa_default_def (fun, iter_parm); - if (parm_default_ssa) + if (tree parm_default_ssa = ssa_default_def (fun, iter_parm)) on_top_level_param (parm_default_ssa, ctxt); + else + on_top_level_param (iter_parm, ctxt); } } diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c b/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c index cdf5ac1..580862b 100644 --- a/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c +++ b/gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c @@ -1,6 +1,6 @@ /* Example of a multilevel wrapper around malloc/free, with a double-'free'. */ -/* { dg-additional-options "-fdiagnostics-show-line-numbers -fdiagnostics-path-format=inline-events -fanalyzer-checker=malloc -fanalyzer-verbose-state-changes -fdiagnostics-show-caret" } */ +/* { dg-additional-options "-fdiagnostics-show-line-numbers -fdiagnostics-path-format=inline-events -fanalyzer-checker=malloc -fdiagnostics-show-caret" } */ /* { dg-enable-nn-line-numbers "" } */ #include @@ -83,7 +83,7 @@ void test (int i) | NN | return malloc (size); | | ~~~~~~~~~~~~~ | | | - | | (6) allocated here (state of '': 'start' -> 'unchecked', NULL origin) + | | (6) allocated here | <------+ | @@ -96,7 +96,7 @@ void test (int i) | NN | if (!result) | | ~ | | | - | | (8) assuming 'result' is non-NULL (state of 'result': 'unchecked' -> 'nonnull', NULL origin) + | | (8) assuming 'result' is non-NULL | | (9) following 'false' branch (when 'result' is non-NULL)... | NN | abort (); | NN | result->i = i; @@ -140,7 +140,7 @@ void test (int i) | NN | free (ptr); | | ~~~~~~~~~~ | | | - | | (16) first 'free' here (state of 'ptr': 'nonnull' -> 'freed', NULL origin) + | | (16) first 'free' here | <------+ | @@ -187,7 +187,7 @@ void test (int i) | NN | free (ptr); | | ~~~~~~~~~~ | | | - | | (23) second 'free' here; first 'free' was at (16) ('ptr' is in state 'freed') + | | (23) second 'free' here; first 'free' was at (16) | { dg-end-multiline-output "" } */ -- 2.7.4