On Sun, 2022-09-11 at 00:19 +0200, Tim Lange wrote:
> Hi,
>
> see my patch below for a fix of pr106845. I decided to allow
> bit_ranges
> and byte_ranges to have a size of zero and rather only add an
> assertion
> to the functions that assume a non-zero size. That way is more
> elegant in
> the caller than restricting byte_range to only represent non-empty
> ranges.
Agreed.
>
> - Tim
>
> This patch adds handling of empty ranges in bit_range and byte_range
> and
> adds an assertion to member functions that assume a positive size.
> Further, the patch fixes an ICE caused by an empty byte_range passed
> to
> byte_range::exceeds_p.
>
> Regression-tested on Linux x86_64.
>
Thanks - the patch is OK for trunk, though...
[...snip...]
>
> +++ b/gcc/testsuite/gcc.dg/analyzer/pr106845.c
> @@ -0,0 +1,11 @@
> +int buf_size;
> +
> +int
> +main (void)
> +{
> + char buf[buf_size];
> +
> + __builtin_memset (&buf[1], 0, buf_size);
> +
> + return 0;
> +}
...it took me a moment to realize that the analyzer "sees" that this is
"main", and thus buf_size is 0.
Interestingly, if I rename it to not be "main" (and thus buf_size could
be non-zero), we still don't complain:
https://godbolt.org/z/PezfTo9Mz
Presumably this is a known limitation of the symbolic bounds checking?
Thanks
Dave
