projects / gcc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cdd8f03)
analyzer: fix ICEs treeifying offset_region [PR96646, PR96841]
authorDavid Malcolm <dmalcolm@redhat.com>
Fri, 25 Sep 2020 21:15:42 +0000 (17:15 -0400)
committerDavid Malcolm <dmalcolm@redhat.com>
Sat, 26 Sep 2020 01:33:02 +0000 (21:33 -0400)
gcc/analyzer/ChangeLog:
PR analyzer/96646
PR analyzer/96841
* region-model.cc (region_model::get_representative_path_var):
When handling offset_region, wrap the MEM_REF's first argument in
an ADDR_EXPR of pointer type, rather than simply using the tree
for the parent region.  Require the MEM_REF's second argument to
be an integer constant.

gcc/testsuite/ChangeLog:
PR analyzer/96646
PR analyzer/96841
* gcc.dg/analyzer/pr96646.c: New test.
* gcc.dg/analyzer/pr96841.c: New test.

gcc/analyzer/region-model.cc patch | blob | history
gcc/testsuite/gcc.dg/analyzer/pr96646.c [new file with mode: 0644] patch | blob
gcc/testsuite/gcc.dg/analyzer/pr96841.c [new file with mode: 0644] patch | blob

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 981fb779df21ba07acf40ef95f455208f8c91461..a88a295a24177b273a5ecd94813e010f4d5afdd8 100644 (file)
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -2140,11 +2140,14 @@ region_model::get_representative_path_var (const region *reg,
        path_var offset_pv
          = get_representative_path_var (offset_reg->get_byte_offset (),
                                         visited);
-       if (!offset_pv)
+       if (!offset_pv || TREE_CODE (offset_pv.m_tree) != INTEGER_CST)
          return path_var (NULL_TREE, 0);
+       tree addr_parent = build1 (ADDR_EXPR,
+                                  build_pointer_type (reg->get_type ()),
+                                  parent_pv.m_tree);
        return path_var (build2 (MEM_REF,
                                 reg->get_type (),
-                                parent_pv.m_tree, offset_pv.m_tree),
+                                addr_parent, offset_pv.m_tree),
                         parent_pv.m_stack_depth);
       }
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96646.c b/gcc/testsuite/gcc.dg/analyzer/pr96646.c
new file mode 100644 (file)
index 0000000..2ac5a03
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96646.c
@@ -0,0 +1,24 @@
+/* { dg-additional-options "-O1" } */
+
+struct zx {
+  struct zx *b4, *g0;
+};
+
+struct oo {
+  void *ph;
+  struct zx el;
+};
+
+inline void
+k7 (struct zx *xj)
+{
+  xj->b4->g0 = 0; /* { dg-warning "dereference of NULL" } */
+  xj->b4 = 0;
+}
+
+void
+n8 (struct oo *yx)
+{
+  k7 (&yx->el);
+  n8 (yx);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96841.c b/gcc/testsuite/gcc.dg/analyzer/pr96841.c
new file mode 100644 (file)
index 0000000..d9d35f3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96841.c
@@ -0,0 +1,23 @@
+/* { dg-additional-options "-O1 -Wno-builtin-declaration-mismatch" } */
+
+int
+l8 (void);
+
+__SIZE_TYPE__
+malloc (__SIZE_TYPE__);
+
+void
+th (int *);
+
+void
+bv (__SIZE_TYPE__ ny)
+{
+  int ***mf;
+
+  while (l8 ())
+    {
+      *mf = 0;
+      (*mf)[ny] = (int *) malloc (sizeof (int));
+      th ((*mf)[ny]); /* { dg-warning "leak" } */
+    }
+}