https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94362
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:c4b8f3730a80025192fdb485ad2535c165340e41 commit r12-6782-gc4b8f3730a80025192fdb485ad2535c165340e41 Author: David Malcolm <dmalc...@redhat.com> Date: Thu Jan 20 09:51:50 2022 -0500 analyzer: reject ((i + 1 > 0) && (i < 0)) for integers [PR94362] PR analyzer/94362 reports a false positive from -Wanalyzer-null-dereference seen when analyzing OpenSSL. The root cause is that the analyzer's path feasibility checker erroneously considers this to be feasible: (R + 1 > 0) && (R < 0) for int R (the return value from sk_EVP_PKEY_ASN1_METHOD_num), whereas it's not satisfiable for any int R. This patch makes the constraint manager try harder to reject such combinations of conditions, fixing the false positive; perhaps in the longer term we ought to use an SMT solver. gcc/analyzer/ChangeLog: PR analyzer/94362 * constraint-manager.cc (bound::ensure_closed): Convert param to enum bound_kind. (range::constrained_to_single_element): Likewise. (range::add_bound): New. (constraint_manager::add_constraint): Handle SVAL + OFFSET compared to a constant. (constraint_manager::get_ec_bounds): Rewrite in terms of range::add_bound. (constraint_manager::eval_condition): Reject if range::add_bound fails. (selftest::test_constant_comparisons): Add test coverage for various impossible combinations of integer comparisons. * constraint-manager.h (enum bound_kind): New. (struct bound): Likewise. (bound::ensure_closed): Convert to param to enum bound_kind. (struct range): Convert to... (class range): ...this, making fields private. (range::add_bound): New decls. * region-model.cc (region_model::add_constraint): Fail if constraint_manager::add_constraint fails. gcc/testsuite/ChangeLog: PR analyzer/94362 * gcc.dg/analyzer/pr94362-1.c: New test. * gcc.dg/analyzer/pr94362-2.c: New test. Signed-off-by: David Malcolm <dmalc...@redhat.com>
