From a146c89a7a8caaa536c90d093a358f3a5ae03d59 Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Thu, 9 Jul 2020 16:55:40 -0400
Subject: [PATCH 295/315] FIXME: make binding_cluster2::can_merge_p more
 aggressive about merging

---
 gcc/analyzer/store2.cc                        | 35 ++++++++++++-------
 .../gcc.dg/analyzer/malloc-vs-local-2.c       |  2 +-
 2 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/gcc/analyzer/store2.cc b/gcc/analyzer/store2.cc
index bbbbd71bc0b..4f26e67b579 100644
--- a/gcc/analyzer/store2.cc
+++ b/gcc/analyzer/store2.cc
@@ -808,23 +808,34 @@ binding_cluster2::can_merge_p (const binding_cluster2 *cluster_a,
 	{
 	  gcc_assert (sval_a);
 	  out_cluster->m_map.put (key, sval_a);
+	  continue;
 	}
-      else
+      else if (sval_a && sval_b)
 	{
-	  /* FIXME: TODO: what should we do when we have non-equal
-	     values?  What does a merged value look like?  */
-	  if (sval_a && sval_b)
+	  region_model2_manager *sval_mgr = mgr->get_svalue2_manager ();
+	  if (const svalue2 *merged_sval
+	      = sval_a->can_merge_p (sval_b, sval_mgr, merger))
 	    {
-	      region_model2_manager *sval_mgr = mgr->get_svalue2_manager ();
-	      if (const svalue2 *merged_sval
-		  = sval_a->can_merge_p (sval_b, sval_mgr, merger))
-		{
-		  out_cluster->m_map.put (key, merged_sval);
-		  continue;
-		}
+	      out_cluster->m_map.put (key, merged_sval);
+	      continue;
 	    }
-	  return false;
 	}
+
+      /* If we get here, then either one cluster binds this key and the other
+	 doesn't, or svalue2::can_merge_p failed.  */
+      gcc_assert (sval_a || sval_b);
+
+      /* Don't merge unmergeable.  */
+      if (sval_a && sval_a->dyn_cast_unmergeable_svalue2 ())
+	return false;
+      if (sval_b && sval_b->dyn_cast_unmergeable_svalue2 ())
+	return false;
+
+      /* Otherwise, merge them as "UNKNOWN".  */
+      tree type = sval_a ? sval_a->get_type () : sval_b->get_type ();
+      const svalue2 *unknown_sval
+	= mgr->get_svalue2_manager ()->get_or_create_unknown_svalue2 (type);
+      out_cluster->m_map.put (key, unknown_sval);
     }
   // FIXME: what about overlaps?
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c b/gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c
index 89bd511549f..4e0e364099e 100644
--- a/gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c
@@ -69,7 +69,7 @@ int test_repeated_predicate_1a (int n)
     result = sum;
   }
 
-  __analyzer_dump_exploded_nodes (0); /* { dg-warning "3 processed enodes" } */
+  __analyzer_dump_exploded_nodes (0); /* { dg-warning "2 processed enodes" } */
 
   if (n > 10)
     free (ptr); /* { dg-bogus "not on the heap" } */
-- 
2.26.2