On Thu, 2022-08-11 at 19:24 +0200, Tim Lange wrote: > This patch adds the "shrinks buffer" case to the success_with_move > modelling of realloc.
Thanks for the updated patch. > > Regression-tested on Linux x86-64, further ran the analyzer tests > with > the -m32 option. [...snip...] > --- /dev/null > +++ b/gcc/testsuite/gcc.dg/analyzer/realloc-5.c > @@ -0,0 +1,45 @@ > +#include "analyzer-decls.h" > + > +typedef __SIZE_TYPE__ size_t; > + > +#define NULL ((void *)0) > + > +extern void *malloc (size_t __size) > + __attribute__ ((__nothrow__ , __leaf__)) > + __attribute__ ((__malloc__)) > + __attribute__ ((__alloc_size__ (1))); > +extern void *realloc (void *__ptr, size_t __size) > + __attribute__ ((__nothrow__ , __leaf__)) > + __attribute__ ((__warn_unused_result__)) > + __attribute__ ((__alloc_size__ (2))); > +extern void free (void *__ptr) > + __attribute__ ((__nothrow__ , __leaf__)); > +extern void *memset (void *__ptr, int __value, size_t __size); > + > +/* realloc where the region shrinks on success_with_move. */ > + > +void test_1 () > +{ > + char *p = malloc (16); > + if (!p) > + return; > + memset (p, 1, 16); > + > + char *q = realloc (p, 8); > + if (!q) > + { > + free (p); > + return; > + } > + else if (p != q) > + { > + __analyzer_dump_capacity (q); /* { dg-warning "capacity: > '\\(\[^\n\r\]*\\)8'" } */ > + __analyzer_eval (q[8] == 1); /* { dg-line eval } */ > + > + /* { dg-warning "UNKNOWN" "warning" { target *-*-* } eval } */ > + /* { dg-warning "overread" "warning" { target *-*-* } eval } > */ Strictly speaking, this "overread" warning is dependent on the followup patch, but assuming that that patch is OK, this patch is also OK. Thanks Dave > + /* { dg-warning "use of uninitialized value" "warning" { > target *-*-* } eval } */ > + } > + > + free (q); > +}