Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-6603-gab88f3607233376c3145c320e92e71943a495bb5
gcc/analyzer/ChangeLog:
PR analyzer/98628
* store.cc (binding_cluster::make_unknown_relative_to): Don't mark
dereferenced unknown pointers as having escaped.
gcc/testsuite/ChangeLog:
PR analyzer/98628
* gcc.dg/analyzer/pr98628.c: New test.
---
gcc/analyzer/store.cc | 7 +++++--
gcc/testsuite/gcc.dg/analyzer/pr98628.c | 19 +++++++++++++++++++
2 files changed, 24 insertions(+), 2 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr98628.c
diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc
index 23118d05685..bbd2e7c2d40 100644
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@@ -1323,8 +1323,11 @@ binding_cluster::make_unknown_relative_to (const
binding_cluster *other,
{
const region *base_reg
= region_sval->get_pointee ()->get_base_region ();
- binding_cluster *c = out_store->get_or_create_cluster (base_reg);
- c->mark_as_escaped ();
+ if (!base_reg->symbolic_for_unknown_ptr_p ())
+ {
+ binding_cluster *c = out_store->get_or_create_cluster (base_reg);
+ c->mark_as_escaped ();
+ }
}
}
}
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr98628.c
b/gcc/testsuite/gcc.dg/analyzer/pr98628.c
new file mode 100644
index 00000000000..e2fa778472c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr98628.c
@@ -0,0 +1,19 @@
+/* { dg-additional-options "-O1" } */
+
+void foo(void *);
+struct chanset_t help_subst_chan;
+struct chanset_t *help_subst_chan_0_0;
+struct chanset_t {
+ struct chanset_t *next;
+ char dname[];
+};
+void help_subst() {
+ char *writeidx;
+ for (;; help_subst_chan = *help_subst_chan_0_0) {
+ foo(help_subst_chan.next->dname);
+ if (help_subst_chan_0_0) {
+ writeidx++;
+ *writeidx++ = ' ';
+ }
+ }
+}
--
2.26.2
