From 5e10b9a28be9061b9b0c4aa3cfabe6d478e444e0 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Mon, 3 Feb 2020 08:30:54 -0500 Subject: [PATCH] analyzer: fix ICE merging models containing label pointers (PR 93546) PR analyzer/93546 reports an ICE within region_model::add_region_for_type when merging two region_models each containing a label pointer. The two labels are stored as pointers to symbolic_regions, but these regions were created with NULL type, leading to an assertion failure when a merged copy is created. The labels themselves have void (but not NULL) type. This patch updates make_region_for_type to use the type of the decl when creating such regions, rather than implicitly setting the region's type to NULL, fixing the ICE. gcc/analyzer/ChangeLog: PR analyzer/93546 * region-model.cc (region_model::on_call_pre): Update for new param of symbolic_region ctor. (region_model::deref_rvalue): Likewise. (region_model::add_new_malloc_region): Likewise. (make_region_for_type): Likewise, preserving type. * region-model.h (symbolic_region::symbolic_region): Add "type" param and pass it to base class ctor. gcc/testsuite/ChangeLog: PR analyzer/93546 * gcc.dg/analyzer/pr93546.c: New test. --- gcc/analyzer/ChangeLog | 11 +++++++++++ gcc/analyzer/region-model.cc | 8 ++++---- gcc/analyzer/region-model.h | 4 ++-- gcc/testsuite/ChangeLog | 5 +++++ gcc/testsuite/gcc.dg/analyzer/pr93546.c | 10 ++++++++++ 5 files changed, 32 insertions(+), 6 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93546.c diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog index ac6fc1a30fc..9229bb1e74a 100644 --- a/gcc/analyzer/ChangeLog +++ b/gcc/analyzer/ChangeLog @@ -1,3 +1,14 @@ +2020-02-03 David Malcolm + + PR analyzer/93546 + * region-model.cc (region_model::on_call_pre): Update for new + param of symbolic_region ctor. + (region_model::deref_rvalue): Likewise. + (region_model::add_new_malloc_region): Likewise. + (make_region_for_type): Likewise, preserving type. + * region-model.h (symbolic_region::symbolic_region): Add "type" + param and pass it to base class ctor. + 2020-02-03 David Malcolm PR analyzer/93547 diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 679479c8b5c..38cf3b93b28 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -4163,7 +4163,7 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt) { region_id frame_rid = get_current_frame_id (); region_id new_rid - = add_region (new symbolic_region (frame_rid, false)); + = add_region (new symbolic_region (frame_rid, NULL_TREE, false)); if (!lhs_rid.null_p ()) { svalue_id ptr_sid @@ -5113,7 +5113,7 @@ region_model::deref_rvalue (svalue_id ptr_sid, region_model_context *ctxt) We don't know if it on the heap, stack, or a global, so use the root region as parent. */ region_id new_rid - = add_region (new symbolic_region (m_root_rid, false)); + = add_region (new symbolic_region (m_root_rid, NULL_TREE, false)); /* We need to write the region back into the pointer, or we'll get a new, different region each time. @@ -5455,7 +5455,7 @@ region_model::add_new_malloc_region () { region_id heap_rid = get_root_region ()->ensure_heap_region (this); - return add_region (new symbolic_region (heap_rid, true)); + return add_region (new symbolic_region (heap_rid, NULL_TREE, true)); } /* Attempt to return a tree that represents SID, or return NULL_TREE. @@ -6006,7 +6006,7 @@ make_region_for_type (region_id parent_rid, tree type) /* If we have a void *, make a new symbolic region. */ if (VOID_TYPE_P (type)) - return new symbolic_region (parent_rid, false); + return new symbolic_region (parent_rid, type, false); gcc_unreachable (); } diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h index 70e3eb4c716..7768e45134f 100644 --- a/gcc/analyzer/region-model.h +++ b/gcc/analyzer/region-model.h @@ -1606,8 +1606,8 @@ namespace ana { class symbolic_region : public region { public: - symbolic_region (region_id parent_rid, bool possibly_null) - : region (parent_rid, svalue_id::null (), NULL_TREE), + symbolic_region (region_id parent_rid, tree type, bool possibly_null) + : region (parent_rid, svalue_id::null (), type), m_possibly_null (possibly_null) {} symbolic_region (const symbolic_region &other); diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index 94e83da480b..ca5dda58e7b 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,8 @@ +2020-02-03 David Malcolm + + PR analyzer/93546 + * gcc.dg/analyzer/pr93546.c: New test. + 2020-02-03 David Malcolm PR analyzer/93547 diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93546.c b/gcc/testsuite/gcc.dg/analyzer/pr93546.c new file mode 100644 index 00000000000..432a6433be5 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pr93546.c @@ -0,0 +1,10 @@ +/* { dg-do compile } */ + +void +ch (int x1) +{ + ({ bx: &&bx; }); + while (x1 == 0) + { + } +} -- 2.30.2