search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: b6e5375) | patch
analyzer: fix taint false +ve due to overzealous state purging [PR112977]
commite503f9aca9192654d83f141ae7865a3c9d90bf0d
authorDavid Malcolm <dmalcolm@redhat.com>
Wed, 24 Jan 2024 15:11:35 +0000 (24 10:11 -0500)
committerDavid Malcolm <dmalcolm@redhat.com>
Wed, 24 Jan 2024 15:11:35 +0000 (24 10:11 -0500)
tree61e317740cac6dcb006ffe286dae1830f7a5146btree | snapshot (tar.gz zip)
parentb6e537571c21d8f0bc276d7afa156d6d4a54a1c9commit | diff
analyzer: fix taint false +ve due to overzealous state purging [PR112977]

gcc/analyzer/ChangeLog:
PR analyzer/112977
* engine.cc (impl_region_model_context::on_liveness_change): Pass
m_ext_state to sm_state_map::on_liveness_change.
* program-state.cc (sm_state_map::on_svalue_leak): Guard removal
of map entry based on can_purge_p.
(sm_state_map::on_liveness_change): Add ext_state param.  Add
workaround for bad interaction between state purging and
alt-inherited sm-state.
* program-state.h (sm_state_map::on_liveness_change): Add
ext_state param.
* sm-taint.cc
(taint_state_machine::has_alt_get_inherited_state_p): New.
(taint_state_machine::can_purge_p): Return false for "has_lb" and
"has_ub".
* sm.h (state_machine::has_alt_get_inherited_state_p): New vfunc.

gcc/testsuite/ChangeLog:
PR analyzer/112977
* gcc.dg/plugin/plugin.exp: Add taint-pr112977.c.
* gcc.dg/plugin/taint-pr112977.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
gcc/analyzer/engine.cc diff | blob | blame | history
gcc/analyzer/program-state.cc diff | blob | blame | history
gcc/analyzer/program-state.h diff | blob | blame | history
gcc/analyzer/sm-taint.cc diff | blob | blame | history
gcc/analyzer/sm.h diff | blob | blame | history
gcc/testsuite/gcc.dg/plugin/plugin.exp diff | blob | blame | history
gcc/testsuite/gcc.dg/plugin/taint-pr112977.c [new file with mode: 0644] blob
Mirror of the offical gcc git repository hosted at gcc.gnu.org