On Thu, 2022-08-11 at 19:24 +0200, Tim Lange wrote:
> This patch adds the "shrinks buffer" case to the success_with_move
> modelling of realloc.
Thanks for the updated patch.
>
> Regression-tested on Linux x86-64, further ran the analyzer tests
> with
> the -m32 option.
[...snip...]
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/analyzer/realloc-5.c
> @@ -0,0 +1,45 @@
> +#include "analyzer-decls.h"
> +
> +typedef __SIZE_TYPE__ size_t;
> +
> +#define NULL ((void *)0)
> +
> +extern void *malloc (size_t __size)
> + __attribute__ ((__nothrow__ , __leaf__))
> + __attribute__ ((__malloc__))
> + __attribute__ ((__alloc_size__ (1)));
> +extern void *realloc (void *__ptr, size_t __size)
> + __attribute__ ((__nothrow__ , __leaf__))
> + __attribute__ ((__warn_unused_result__))
> + __attribute__ ((__alloc_size__ (2)));
> +extern void free (void *__ptr)
> + __attribute__ ((__nothrow__ , __leaf__));
> +extern void *memset (void *__ptr, int __value, size_t __size);
> +
> +/* realloc where the region shrinks on success_with_move. */
> +
> +void test_1 ()
> +{
> + char *p = malloc (16);
> + if (!p)
> + return;
> + memset (p, 1, 16);
> +
> + char *q = realloc (p, 8);
> + if (!q)
> + {
> + free (p);
> + return;
> + }
> + else if (p != q)
> + {
> + __analyzer_dump_capacity (q); /* { dg-warning "capacity:
> '\\(\[^\n\r\]*\\)8'" } */
> + __analyzer_eval (q[8] == 1); /* { dg-line eval } */
> +
> + /* { dg-warning "UNKNOWN" "warning" { target *-*-* } eval } */
> + /* { dg-warning "overread" "warning" { target *-*-* } eval }
> */
Strictly speaking, this "overread" warning is dependent on the followup
patch, but assuming that that patch is OK, this patch is also OK.
Thanks
Dave
> + /* { dg-warning "use of uninitialized value" "warning" {
> target *-*-* } eval } */
> + }
> +
> + free (q);
> +}
