On Wed, May 6, 2026 at 10:12 PM David Malcolm <[email protected]> wrote: > > The previous patch used the states of the exploded nodes at each end of > an exploded edge for rewinding state, but this doesn't always work when > state purging is active (the default) due to the state purging > eliminating pertinent information. This can be see in > gcc.dg/analyzer/divide-by-zero-{4,5,6}.c, which required > -fno-analyzer-state-purge to rewind the data flow to locate where the > zero values were coming from. > > This patch extends diagnostic_manager::annotate_exploded_path so that > it performs an initial forward walk through the exploded path, building > region_model instances along the path without any state purging or > merging, and updates the rewind_context to use these states to rewind > pertinent state for a diagnostic. > > Doing so allows us to drop -fno-analyzer-state-purge from the testcases > which needed them before. > > Successfully bootstrapped & regrtested on aarch64-unknown-linux-gnu > Pushed to trunk as r17-360-ga2bd06e89526a6. > > gcc/analyzer/ChangeLog: > * analyzer-logging.h (class text_art::canvas): New forward decl. > (logger::log_canvas): New decl. > * diagnostic-manager.cc (path_builder::get_supergraph): New. > (logger::log_canvas): New. > (dump_to_logger): New. > (log_region_model): New. > (epath_rewind_context::epath_rewind_context): Add params > src_model and dst_model, using them to initialize m_src_model and > m_dst_model. > (epath_rewind_context::get_src_region_model): New. > (epath_rewind_context::get_dst_region_model): New. > (epath_rewind_context::m_src_model): New. > (epath_rewind_context::m_dst_model): New. > (make_raw_dst_region_model): New. > (diagnostic_manager::annotate_exploded_path): Walk EPATH forwards, > populating new vectors src_models and dst_models without state > purging or merging, so that we can reliably rewind state. Pass > these models to epath_rewind_context when rewinding state. > * engine.cc (interprocedural_call::try_to_rewind_data_flow): Get > src and dst region_model instances via vfuncs of ctxt, rather than > accessing the eedge. > * ops.cc (rewind_context::on_data_origin): Get src and dst > region_model instances via vfuncs of ctxt, rather than accessing > the eedge. > (greturn_op::try_to_rewind_data_flow): Likewise. > * ops.h (rewind_context::rewind_context): Drop param "eedge". > (rewind_context::get_src_region_model): New vfunc. > (rewind_context::get_dst_region_model): New vfunc. > (rewind_context::m_eedge): Drop field. > > gcc/testsuite/ChangeLog: > * gcc.dg/analyzer/divide-by-zero-4.c: Drop option. > -fno-analyzer-state-merge. > * gcc.dg/analyzer/divide-by-zero-5.c: Likewise. > * gcc.dg/analyzer/divide-by-zero-6.c: Likewise.
I got FAIL: gcc.dg/analyzer/divide-by-zero-6.c (test for warnings, line 14) FAIL: gcc.dg/analyzer/divide-by-zero-6.c at line 15 (test for warnings, line 14) FAIL: gcc.dg/analyzer/divide-by-zero-6.c (test for excess errors) Excess errors: /export/gnu/import/git/gitlab/x86-gcc/gcc/testsuite/gcc.dg/analyzer/divide-by-zero-6.c:14:18: warning: use of uninitialized value '*f.y' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] -- H.J.
