How to add ".ACCESS_WITH_SIZE" into analyzer?

Tue, 17 Feb 2026 08:33:36 -0800 

Hi, David,

I am working on PR96503 right now, and the initial implementation has some 
regression in analyzer as show from the following small testing case:
$ cat t.c
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>

/* Tests with constant buffer sizes.  */

void test_2 (void)
{
  int32_t *ptr = (int32_t *) malloc (21 * sizeof (int16_t)); /* { dg-line 
malloc2 } */
  free (ptr);

  /* { dg-warning "allocated buffer size is not a multiple of the pointee's 
size \\\[CWE-131\\\]" "warning" { target *-*-* } malloc2 } */
  /* { dg-message "42 bytes" "note" { target *-*-* } malloc2 } */
  /* { dg-message "'int32_t \\*' (\\\{aka '(long )?int \\*'\\\})? here; 'sizeof 
\\(int32_t (\\\{aka (long )?int\\\})?\\)' is '4'" "note" { target c } malloc2 } 
*/
  /* { dg-message "'int32_t\\*' (\\\{aka '(long )?int\\*'\\\})? here; 'sizeof 
\\(int32_t (\\\{aka (long )?int\\\})?\\)' is '4'" "note" { target c++ } malloc2 
} */
}

****Without my change, the IR for the above is:

void test_2 ()
{
  int32_t * ptr;

  ptr = malloc (42);
  free (ptr);
}

And when compiled with "-fdiagnostics-plain-output -fanalyzer 
-Wanalyzer-too-complex -Wanalyzer-symbol-too-complex -S”:t.c: In function 
‘test_2’:
t.c:9:30: warning: allocated buffer size is not a multiple of the pointee's 
size [CWE-131] [-Wanalyzer-allocation-size]
t.c:9:30: note: (1) allocated 42 bytes here
t.c:9:30: note: (2) assigned to ‘int32_t *’ {aka ‘int *’} here; ‘sizeof 
(int32_t {aka int})’ is ‘4’

**** with my change, the IR for the above is:
void test_2 ()
{
  int32_t * ptr;

  _1 = malloc (42);
  ptr = .ACCESS_WITH_SIZE (_1, 42, 4B, 1);
  free (ptr);
}

And the analyzer cannot detect the warning anymore.

*****After studying a little bit in analyzer, I realize that I might need to 
add the IFN_ACCESS_WITH_SIZE as a known internal function into
Analyzer, (similar as malloc), such as:

kfm.add ("malloc", std::make_unique<kf_malloc> ());

Is this correct understanding? 
I also need to define a “kf_access_with_size” class similar as “kf_malloc” and 
define the kf_access_with_size::impl_call_pre as well?

What else I need to do in analyzer to resolve this problem?

Thanks a lot for your help.

Qing

Reply via email to