From f72b8a2061f6401360fb98d6d825d713742bdcea Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Tue, 9 Jul 2019 13:04:15 -0400 Subject: [PATCH 68/85] FIXME: malloc-vs-local-2.c --- gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c | 152 ++++++++++++++++++++++ 1 file changed, 152 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c b/gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c new file mode 100644 index 0000000..cabad68 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c @@ -0,0 +1,152 @@ +/* { dg-additional-options "-fanalyzer-state-merge" } */ + +#include + +extern int foo (int); + +static int __attribute__((noinline)) +do_stuff_2 (int *p, int n) +{ + return 0; +} + +/* Various examples of functions that use either a malloc buffer + or a local buffer, do something, then conditionally free the + buffer, tracking whether "free" is necessary in various + ways. + + In each case, there ought to be only two paths through the function, + not four. */ + +/* Repeated (n > 10) predicate. */ + +int test_repeated_predicate_1 (int n) +{ + int buf[10]; + int *ptr; + int result; + + if (n > 10) + ptr = (int *)malloc (sizeof (int) * n); + else + ptr = buf; + + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + + { + int *p = ptr; + int sum = 0; + int i; + for (i = 0; i < n; i++) + p[i] = i; + for (i = 0; i < n; i++) + sum += foo (p[i]); /* { dg-bogus "uninitialized" } */ + result = sum; + } + + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + + if (n > 10) + free (ptr); /* { dg-bogus "not on the heap" } */ + + return result; /* { dg-bogus "leak" } */ +} + +/* A simpler version of the above. */ + +int test_repeated_predicate_2 (int n) +{ + int buf[10]; + int *ptr; + int result; + + if (n > 10) + ptr = (int *)malloc (sizeof (int) * n); + else + ptr = buf; + + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + + result = do_stuff_2 (ptr, n); + + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + + if (n > 10) + free (ptr); /* { dg-bogus "not on the heap" } */ + + return result; /* { dg-bogus "leak" } */ +} + +/* A predicate that sets a flag for the 2nd test. */ + +int test_explicit_flag (int n) +{ + int buf[10]; + int *ptr; + int result; + int need_to_free = 0; + + if (n > 10) + { + ptr = (int *)malloc (sizeof (int) * n); + need_to_free = 1; + } + else + ptr = buf; + + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + + { + int *p = ptr; + int sum = 0; + int i; + for (i = 0; i < n; i++) + p[i] = i; + for (i = 0; i < n; i++) + sum += foo (p[i]); /* { dg-bogus "uninitialized" } */ + result = sum; + } + + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + + if (need_to_free) + free (ptr); /* { dg-bogus "not on the heap" } */ + + return result; /* { dg-bogus "leak" } */ +} + +/* Pointer comparison. */ + +int test_pointer_comparison (int n) +{ + int buf[10]; + int *ptr; + int result; + + if (n > 10) + ptr = (int *)malloc (sizeof (int) * n); + else + ptr = buf; + + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + + { + int *p = ptr; + int sum = 0; + int i; + for (i = 0; i < n; i++) + p[i] = i; + for (i = 0; i < n; i++) + sum += foo (p[i]); /* { dg-bogus "uninitialized" } */ + result = sum; + } + + __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 exploded nodes" } */ + + if (ptr != buf) + free (ptr); /* { dg-bogus "not on the heap" } */ + + return result; /* { dg-bogus "leak" } */ +} -- 1.8.5.3