https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105264
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:a358e4b60815b41e27f3508014ceb592f86b9b45 commit r12-8169-ga358e4b60815b41e27f3508014ceb592f86b9b45 Author: David Malcolm <dmalc...@redhat.com> Date: Thu Apr 14 09:52:00 2022 -0400 analyzer: fix escaping of pointer arithmetic [PR105264] PR analyzer/105264 reports that the analyzer can fail to treat (PTR + IDX) and PTR[IDX] as referring to the same memory under some situations. There are various ways in which this can happen when IDX is a symbolic value, due to having several ways in which such memory regions can be referred to symbolically. I attempted to fix this by being smarter when folding svalues and regions, but this fix seems too fiddly to attempt in stage 4. Instead, this less ambitious patch fixes a false positive from -Wanalyzer-use-of-uninitialized-value by making the analyzer's escape analysis smarter, so that it treats *PTR as escaping when (PTR + OFFSET) is passed to an external function, and thus it treats *PTR as possibly-initialized (the "passing &PTR[IDX]" case was already working). gcc/analyzer/ChangeLog: PR analyzer/105264 * region-model-reachability.cc (reachable_regions::handle_parm): Use maybe_get_deref_base_region rather than just region_svalue, to handle pointer arithmetic also. * svalue.cc (svalue::maybe_get_deref_base_region): New. * svalue.h (svalue::maybe_get_deref_base_region): New decl. gcc/testsuite/ChangeLog: PR analyzer/105264 * gcc.dg/analyzer/torture/symbolic-10.c: New test. Signed-off-by: David Malcolm <dmalc...@redhat.com>
