In a few cases, we also check if value state is pinned. When it is not,

qinsoon · qinsoon · commit 5d3408665878 · 2024-05-29T02:40:57.000Z
we try find ways to figure out if it is actually pinned.
diff --git a/src/clangsa/GCChecker.cpp b/src/clangsa/GCChecker.cpp
@@ -49,7 +49,7 @@ static const Stmt *getStmtForDiagnostics(const ExplodedNode *N)
 }
 
 // Turn on/off the log here
-#define DEBUG_LOG 1
+#define DEBUG_LOG 0
 
 class GCChecker
     : public Checker<
@@ -1980,7 +1980,7 @@ void GCChecker::checkBind(SVal LVal, SVal RVal, const clang::Stmt *S,
     } else {
       logWithDump("- Found ValState for Sym", RValState);
       validateValue(RValState, C, Sym, "Trying to root value which may have been");
-      if (!RValState->isRooted() ||
+      if (!RValState->isRooted() || !RValState->isPinnedByAnyway() ||
           RValState->RootDepth > RootState->RootedAtDepth) {
         auto NewVS = getRootedFromRegion(R, State->get<GCPinMap>(R), RootState->RootedAtDepth);
         logWithDump("- getRootedFromRegion", NewVS);
@@ -2059,7 +2059,7 @@ void GCChecker::checkLocation(SVal SLoc, bool IsLoad, const Stmt *S,
       const ValueState *ValS = State->get<GCValueMap>(LoadedSym);
       logWithDump("- IsLoad, LoadedSym", LoadedSym);
       logWithDump("- IsLoad, ValS", ValS);
-      if (!ValS || !ValS->isRooted() || ValS->RootDepth > RS->RootedAtDepth) {
+      if (!ValS || !ValS->isRooted() || !ValS->isPinnedByAnyway() || ValS->RootDepth > RS->RootedAtDepth) {
         auto NewVS = getRootedFromRegion(SLoc.getAsRegion(), State->get<GCPinMap>(SLoc.getAsRegion()), RS->RootedAtDepth);
         logWithDump("- IsLoad, NewVS", NewVS);
         DidChange = true;
diff --git a/test/clangsa/MissingPinning.c b/test/clangsa/MissingPinning.c
@@ -144,3 +144,38 @@ void hoist_load_before_safepoint(jl_tupletype_t *t) {
     jl_value_t *a1 = jl_svecref(params, 1); //expected-warning{{Argument value may have been moved}}
                                             //expected-note@-1{{Argument value may have been moved}}
 }
+
+// We tpin a local var, and later rebind a value to the local val. The value should be considered as pinned.
+void rebind_tpin(jl_method_instance_t *mi, size_t world) {
+    jl_code_info_t *src = NULL;
+    JL_GC_PUSH1(&src);
+    jl_value_t *ci = jl_rettype_inferred(mi, world, world);
+    jl_code_instance_t *codeinst = (ci == jl_nothing ? NULL : (jl_code_instance_t*)ci);
+    if (codeinst) {
+        PTR_PIN(mi->def.method);
+        PTR_PIN(codeinst);
+        src = (jl_code_info_t*)jl_atomic_load_relaxed(&codeinst->inferred);
+        src = jl_uncompress_ir(mi->def.method, codeinst, (jl_array_t*)src);
+        PTR_UNPIN(codeinst);
+        PTR_UNPIN(mi->def.method);
+    }
+    JL_GC_POP();
+}
+
+void rebind_tpin_simple1() {
+    jl_value_t *t = NULL;
+    JL_GC_PUSH1(&t);
+    jl_svec_t *v = jl_svec1(NULL);
+    t = (jl_value_t*)v;
+    look_at_value(t);
+    JL_GC_POP();
+}
+
+void rebind_tpin_simple2() {
+    jl_value_t *t = NULL;
+    JL_GC_PUSH1(&t);
+    jl_svec_t *v = jl_svec1(NULL);
+    t = (jl_value_t*)v;
+    look_at_value(v);
+    JL_GC_POP();
+}
