From: David Malcolm <dmalcolm@redhat.com>
Date: Mon, 10 Feb 2020 15:01:46 +0000 (-0500)
Subject: analyzer: fix ICE reporting NULL dereference (PR 93647)
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=e953f9588d4a7ea4183d14914f915329cc37941f;p=gcc.git

analyzer: fix ICE reporting NULL dereference (PR 93647)

gcc/analyzer/ChangeLog:
	PR analyzer/93647
	* diagnostic-manager.cc
	(diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
	VAR being constant.
	* region-model.cc (region_model::get_lvalue_1): Provide a better
	error message when encountering an unhandled tree code.

gcc/testsuite/ChangeLog:
	PR analyzer/93647
	* gcc.dg/analyzer/torture/pr93647.c: New test.
---

diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog
index e24976bbefd..0960a49eb62 100644
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@@ -1,3 +1,12 @@
+2020-02-10  David Malcolm  <dmalcolm@redhat.com>
+
+	PR analyzer/93647
+	* diagnostic-manager.cc
+	(diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
+	VAR being constant.
+	* region-model.cc (region_model::get_lvalue_1): Provide a better
+	error message when encountering an unhandled tree code.
+
 2020-02-10  David Malcolm  <dmalcolm@redhat.com>
 
 	PR analyzer/93405
diff --git a/gcc/analyzer/diagnostic-manager.cc b/gcc/analyzer/diagnostic-manager.cc
index 1a82d5f22ec..580152586f4 100644
--- a/gcc/analyzer/diagnostic-manager.cc
+++ b/gcc/analyzer/diagnostic-manager.cc
@@ -965,6 +965,12 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
 					     tree var,
 					     state_machine::state_t state) const
 {
+  /* If we have a constant (such as NULL), assume its state is also
+     constant, so as not to attempt to get its lvalue whilst tracking the
+     origin of the state.  */
+  if (var && CONSTANT_CLASS_P (var))
+    var = NULL_TREE;
+
   int idx = path->num_events () - 1;
   while (idx >= 0 && idx < (signed)path->num_events ())
     {
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 86a5b424911..a88a85d70ab 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4614,6 +4614,8 @@ region_model::get_lvalue_1 (path_var pv, region_model_context *ctxt)
   switch (TREE_CODE (expr))
     {
     default:
+      internal_error ("unhandled tree code in region_model::get_lvalue_1: %qs",
+		      get_tree_code_name (TREE_CODE (expr)));
       gcc_unreachable ();
 
     case ARRAY_REF:
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index d6d01129383..bb7ecda48e8 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2020-02-10  David Malcolm  <dmalcolm@redhat.com>
+
+	PR analyzer/93647
+	* gcc.dg/analyzer/torture/pr93647.c: New test.
+
 2020-02-10  Jakub Jelinek  <jakub@redhat.com>
 
 	PR target/93637
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c b/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
new file mode 100644
index 00000000000..fbfe570780b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
@@ -0,0 +1,14 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+
+int *tz;
+
+void
+ky (int);
+
+void
+wd (void)
+{
+  tz = 0;
+  ky (*tz); /* { dg-warning "dereference of NULL" } */
+}
+