From: Paul Eggert <eggert@cs.ucla.edu>
To: bug-gnulib@gnu.org
Cc: Paul Eggert <eggert@cs.ucla.edu>
Subject: [PATCH 03/27] dfa: improve -fanalyzer malloc checking
Date: Sun, 1 Aug 2021 18:17:57 -0700 [thread overview]
Message-ID: <20210802011821.1057057-3-eggert@cs.ucla.edu> (raw)
In-Reply-To: <20210802011821.1057057-1-eggert@cs.ucla.edu>
---
ChangeLog | 5 ++++-
lib/dfa.c | 15 +++++++++++++++
lib/dfa.h | 9 +++++++--
3 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 1af0b926a..d7740df52 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,8 +2,11 @@
maint: improve -fanalyzer malloc checking
* lib/backup-internal.h, lib/backupfile.h:
- * lib/canonicalize.h:
+ * lib/canonicalize.h, lib/dfa.h:
Add malloc-related attributes and include stdlib.h as needed.
+ * lib/dfa.c: Include verify.h.
+ (assume_nonnull): New macro.
+ (dfamust): Use it to pacify GCC.
2021-08-01 Jim Meyering <meyering@fb.com>
diff --git a/lib/dfa.c b/lib/dfa.c
index 7e05a78da..44c3b65c2 100644
--- a/lib/dfa.c
+++ b/lib/dfa.c
@@ -26,6 +26,7 @@
#include "flexmember.h"
#include "idx.h"
+#include "verify.h"
#include <assert.h>
#include <ctype.h>
@@ -35,6 +36,13 @@
#include <limits.h>
#include <string.h>
+/* Pacify gcc -Wanalyzer-null-dereference in areas where GCC
+ understandably cannot deduce that the input comes from a
+ well-formed regular expression. There's little point to the
+ runtime overhead of 'assert' instead of 'assume_nonnull' when the
+ MMU will check anyway. */
+#define assume_nonnull(x) assume ((x) != NULL)
+
static bool
streq (char const *a, char const *b)
{
@@ -4090,6 +4098,7 @@ dfamust (struct dfa const *d)
case STAR:
case QMARK:
+ assume_nonnull (mp);
resetmust (mp);
break;
@@ -4097,7 +4106,9 @@ dfamust (struct dfa const *d)
{
char **new;
must *rmp = mp;
+ assume_nonnull (rmp);
must *lmp = mp = mp->prev;
+ assume_nonnull (lmp);
idx_t j, ln, rn, n;
/* Guaranteed to be. Unlikely, but ... */
@@ -4138,10 +4149,12 @@ dfamust (struct dfa const *d)
break;
case PLUS:
+ assume_nonnull (mp);
mp->is[0] = '\0';
break;
case END:
+ assume_nonnull (mp);
assert (!mp->prev);
for (idx_t i = 0; mp->in[i] != NULL; i++)
if (strlen (mp->in[i]) > strlen (result))
@@ -4159,7 +4172,9 @@ dfamust (struct dfa const *d)
case CAT:
{
must *rmp = mp;
+ assume_nonnull (rmp);
must *lmp = mp = mp->prev;
+ assume_nonnull (lmp);
/* In. Everything in left, plus everything in
right, plus concatenation of
diff --git a/lib/dfa.h b/lib/dfa.h
index 19a4127b6..28f9f6336 100644
--- a/lib/dfa.h
+++ b/lib/dfa.h
@@ -24,6 +24,7 @@
#include <regex.h>
#include <stdbool.h>
#include <stddef.h>
+#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
@@ -46,7 +47,9 @@ struct dfa;
/* Needed when Gnulib is not used. */
#ifndef _GL_ATTRIBUTE_MALLOC
-# define _GL_ATTRIBUTE_MALLOC
+# define _GL_ATTRIBUTE_MALLOC
+# define _GL_ATTRIBUTE_DEALLOC_FREE
+# define _GL_ATTRIBUTE_RETURNS_NONNULL
#endif
/* Entry points. */
@@ -55,7 +58,9 @@ struct dfa;
It should be initialized via dfasyntax or dfacopysyntax before other use.
The returned pointer should be passed directly to free() after
calling dfafree() on it. */
-extern struct dfa *dfaalloc (void) _GL_ATTRIBUTE_MALLOC;
+extern struct dfa *dfaalloc (void)
+ _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC_FREE
+ _GL_ATTRIBUTE_RETURNS_NONNULL;
/* DFA options that can be ORed together, for dfasyntax's 4th arg. */
enum
--
2.31.1
next prev parent reply other threads:[~2021-08-02 1:18 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-02 1:17 [PATCH 01/27] backupfile: improve -fanalyzer malloc checking Paul Eggert
2021-08-02 1:17 ` [PATCH 02/27] maint: " Paul Eggert
2021-08-02 1:17 ` Paul Eggert [this message]
2021-08-07 13:03 ` [PATCH 03/27] dfa: " Bruno Haible
2021-08-02 1:17 ` [PATCH 04/27] dirname: " Paul Eggert
2021-08-07 13:13 ` Bruno Haible
2021-08-02 1:17 ` [PATCH 05/27] exclude: " Paul Eggert
2021-08-02 1:18 ` [PATCH 06/27] filenamecat-lgpl: " Paul Eggert
2021-08-02 1:18 ` [PATCH 07/27] malloca: " Paul Eggert
2021-08-07 13:20 ` Bruno Haible
2021-08-02 1:18 ` [PATCH 08/27] modechange: " Paul Eggert
2021-08-02 1:18 ` [PATCH 09/27] mountlist: " Paul Eggert
2021-08-02 1:18 ` [PATCH 10/27] pagalign_alloc: " Paul Eggert
2021-08-02 1:18 ` [PATCH 11/27] quotearg: " Paul Eggert
2021-08-07 13:25 ` Bruno Haible
2021-08-02 1:18 ` [PATCH 12/27] readutmp: " Paul Eggert
2021-08-02 1:18 ` [PATCH 13/27] savedir: " Paul Eggert
2021-08-02 1:18 ` [PATCH 14/27] sh-quote: " Paul Eggert
2021-08-02 1:18 ` [PATCH 15/27] system-quote: " Paul Eggert
2021-08-02 1:18 ` [PATCH 16/27] trim: " Paul Eggert
2021-08-02 1:18 ` [PATCH 17/27] xgetcwd: " Paul Eggert
2021-08-02 1:18 ` [PATCH 18/27] xgethostname: " Paul Eggert
2021-08-02 1:18 ` [PATCH 19/27] xmalloca: " Paul Eggert
2021-08-02 1:18 ` [PATCH 20/27] xreadlink: " Paul Eggert
2021-08-02 1:18 ` [PATCH 21/27] xstriconv: " Paul Eggert
2021-08-02 1:18 ` [PATCH 22/27] xvasprintf: " Paul Eggert
2021-08-02 1:18 ` [PATCH 23/27] vasnprintf: " Paul Eggert
2021-08-02 1:18 ` [PATCH 24/27] argmatch-tests: " Paul Eggert
2021-08-02 1:18 ` [PATCH 25/27] manywarnings: " Paul Eggert
2021-08-02 1:18 ` [PATCH 26/27] sigsegv-tests: make more things static Paul Eggert
2021-08-07 13:47 ` Bruno Haible
2021-08-02 1:18 ` [PATCH 27/27] * lib/quotarg.c: remove wrong, unneeded comment Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210802011821.1057057-3-eggert@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=bug-gnulib@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).