Commit e503f9ac authored 1 year ago by David Malcolm

analyzer: fix taint false +ve due to overzealous state purging [PR112977]


gcc/analyzer/ChangeLog:
	PR analyzer/112977
	* engine.cc (impl_region_model_context::on_liveness_change): Pass
	m_ext_state to sm_state_map::on_liveness_change.
	* program-state.cc (sm_state_map::on_svalue_leak): Guard removal
	of map entry based on can_purge_p.
	(sm_state_map::on_liveness_change): Add ext_state param.  Add
	workaround for bad interaction between state purging and
	alt-inherited sm-state.
	* program-state.h (sm_state_map::on_liveness_change): Add
	ext_state param.
	* sm-taint.cc
	(taint_state_machine::has_alt_get_inherited_state_p): New.
	(taint_state_machine::can_purge_p): Return false for "has_lb" and
	"has_ub".
	* sm.h (state_machine::has_alt_get_inherited_state_p): New vfunc.

gcc/testsuite/ChangeLog:
	PR analyzer/112977
	* gcc.dg/plugin/plugin.exp: Add taint-pr112977.c.
	* gcc.dg/plugin/taint-pr112977.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

parent b6e53757

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 126 additions and 4 deletions

Please register or to comment