From 5a2069b4028894c57d7cd8a408469b281621826d Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Fri, 22 May 2020 13:06:01 -0400
Subject: [PATCH 176/179] FIXME: handle symbolic bindings vs zero-init

---
 gcc/analyzer/store2.cc                     | 11 +++++++----
 gcc/testsuite/gcc.dg/analyzer/symbolic-4.c | 11 +++++++++++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/gcc/analyzer/store2.cc b/gcc/analyzer/store2.cc
index 5cc47d62c07..af61e45b908 100644
--- a/gcc/analyzer/store2.cc
+++ b/gcc/analyzer/store2.cc
@@ -411,7 +411,7 @@ binding_cluster2::zero_fill_region (store2_manager *mgr, const region2 *reg)
 						  cst_sval);
   bind (mgr, reg, bound_sval, BK_default);
 
-  // FIXME: clear m_touched; testcase for this
+  m_touched = false;
 }
 
 /* FIXME.  */
@@ -483,9 +483,12 @@ binding_cluster2::get_any_binding (store2_manager *mgr,
   if (const svalue2 *direct_sval
       = get_binding_recursive (mgr, reg, BK_direct))
     return direct_sval;
-  if (const svalue2 *default_sval
-      = get_binding_recursive (mgr, reg, BK_default))
-    return default_sval;
+
+  /* Don't use "default" bindings if there's been a symbolic write.  */
+  if (!m_touched)
+    if (const svalue2 *default_sval
+	= get_binding_recursive (mgr, reg, BK_default))
+      return default_sval;
 
   /* If this cluster has been touched by a symbolic write, then the content
      of any subregion not currently specifically bound is "UNKNOWN".  */
diff --git a/gcc/testsuite/gcc.dg/analyzer/symbolic-4.c b/gcc/testsuite/gcc.dg/analyzer/symbolic-4.c
index 1c313343b56..a466f912007 100644
--- a/gcc/testsuite/gcc.dg/analyzer/symbolic-4.c
+++ b/gcc/testsuite/gcc.dg/analyzer/symbolic-4.c
@@ -1,3 +1,4 @@
+#include <string.h>
 #include "analyzer-decls.h"
 
 void test_1 (int i, int j, int k)
@@ -6,4 +7,14 @@ void test_1 (int i, int j, int k)
   iarr[i] = j;
   __analyzer_eval (iarr[i] == j); /* { dg-warning "TRUE" } */
   __analyzer_eval (iarr[k] == j); /* { dg-warning "UNKNOWN" } */
+
+  memset (iarr, 0, sizeof (iarr));
+  __analyzer_eval (iarr[0] == 0); /* { dg-warning "TRUE" } */
+  __analyzer_eval (iarr[i] == 0); /* { dg-warning "TRUE" } */
+  __analyzer_eval (iarr[i] == j); /* { dg-warning "UNKNOWN" } */
+
+  iarr[i] = j;
+  __analyzer_eval (iarr[i] == j); /* { dg-warning "TRUE" } */
+  __analyzer_eval (iarr[0] == 0); /* { dg-warning "UNKNOWN" } */
+  __analyzer_eval (iarr[i] == 0); /* { dg-warning "UNKNOWN" } */
 }
-- 
2.21.0