analyzer: fix ICE reporting NULL dereference (PR 93647)

author David Malcolm <dmalcolm@redhat.com>

Mon, 10 Feb 2020 15:01:46 +0000 (10:01 -0500)

committer David Malcolm <dmalcolm@redhat.com>

Mon, 10 Feb 2020 22:56:45 +0000 (17:56 -0500)
author David Malcolm <dmalcolm@redhat.com>
Mon, 10 Feb 2020 15:01:46 +0000 (10:01 -0500)
committer David Malcolm <dmalcolm@redhat.com>
Mon, 10 Feb 2020 22:56:45 +0000 (17:56 -0500)
diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog

index e24976bbefd7f43d1982e594b50a471b2c5741bb..0960a49eb62cdb2be0946caff9fe3b776f5a67a4 100644 (file)
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@@ -1,3 +1,12 @@
+2020-02-10  David Malcolm  <dmalcolm@redhat.com>
+
+       PR analyzer/93647
+       * diagnostic-manager.cc
+       (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
+       VAR being constant.
+       * region-model.cc (region_model::get_lvalue_1): Provide a better
+       error message when encountering an unhandled tree code.
+
  2020-02-10  David Malcolm  <dmalcolm@redhat.com>
  
         PR analyzer/93405
diff --git a/gcc/analyzer/diagnostic-manager.cc b/gcc/analyzer/diagnostic-manager.cc

index 1a82d5f22ec0bc97d20e4b5c69601a3dd2b89d14..580152586f4004469de0b69210ffe4cfe5d3a6d9 100644 (file)
--- a/gcc/analyzer/diagnostic-manager.cc
+++ b/gcc/analyzer/diagnostic-manager.cc
@@ -965,6 +965,12 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
                                              tree var,
                                              state_machine::state_t state) const
  {
+  /* If we have a constant (such as NULL), assume its state is also
+     constant, so as not to attempt to get its lvalue whilst tracking the
+     origin of the state.  */
+  if (var && CONSTANT_CLASS_P (var))
+    var = NULL_TREE;
+
    int idx = path->num_events () - 1;
    while (idx >= 0 && idx < (signed)path->num_events ())
      {
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc

index 86a5b424911690070348b5c200e5dd48fba487e6..a88a85d70ab5d4edb7ccca9f377055a42d10c224 100644 (file)
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4614,6 +4614,8 @@ region_model::get_lvalue_1 (path_var pv, region_model_context *ctxt)
    switch (TREE_CODE (expr))
      {
      default:
+      internal_error ("unhandled tree code in region_model::get_lvalue_1: %qs",
+                     get_tree_code_name (TREE_CODE (expr)));
        gcc_unreachable ();
  
      case ARRAY_REF:
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog

index d6d011293834965256c832d8b82f093a64e5e70f..bb7ecda48e8b680221477f25ebadd13f22cc75ba 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2020-02-10  David Malcolm  <dmalcolm@redhat.com>
+
+       PR analyzer/93647
+       * gcc.dg/analyzer/torture/pr93647.c: New test.
+
  2020-02-10  Jakub Jelinek  <jakub@redhat.com>
  
         PR target/93637
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c b/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c

new file mode 100644 (file)

index 0000000..fbfe570
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
@@ -0,0 +1,14 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+
+int *tz;
+
+void
+ky (int);
+
+void
+wd (void)
+{
+  tz = 0;
+  ky (*tz); /* { dg-warning "dereference of NULL" } */
+}
+
author	David Malcolm <dmalcolm@redhat.com>
	Mon, 10 Feb 2020 15:01:46 +0000 (10:01 -0500)
committer	David Malcolm <dmalcolm@redhat.com>
	Mon, 10 Feb 2020 22:56:45 +0000 (17:56 -0500)
gcc/analyzer/ChangeLog		patch \| blob \| history
gcc/analyzer/diagnostic-manager.cc		patch \| blob \| history
gcc/analyzer/region-model.cc		patch \| blob \| history
gcc/testsuite/ChangeLog		patch \| blob \| history
gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c	[new file with mode: 0644]	patch \| blob