From d8cde6f9c223f1b6d4f4e4e07088f08a629b7c2a Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Mon, 17 Feb 2020 03:06:14 -0500
Subject: [PATCH] analyzer: fix ICE on function pointer casts [PR 93775]

PR analyzer/93775 reports an ICE in cgraph_node::get when -fanalyzer is
used on code that calls a function pointer that was generated via a cast
from a non-function.

This patch fixes it by bulletproofing region_model::get_fndecl_for_call
for the case where the code_region's get_tree_for_child_region returns
NULL.

gcc/analyzer/ChangeLog:
	PR analyzer/93775
	* region-model.cc (region_model::get_fndecl_for_call): Handle the
	case where the code_region's get_tree_for_child_region returns
	NULL.

gcc/testsuite/ChangeLog:
	PR analyzer/93775
	* gcc.dg/analyzer/20020129-1.c: New test.
---
 gcc/analyzer/ChangeLog                     | 7 +++++++
 gcc/analyzer/region-model.cc               | 2 ++
 gcc/testsuite/ChangeLog                    | 5 +++++
 gcc/testsuite/gcc.dg/analyzer/20020129-1.c | 2 ++
 4 files changed, 16 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/20020129-1.c

diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog
index d669c989ac1..f9fd80c1cf5 100644
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@@ -1,3 +1,10 @@
+2020-02-17  David Malcolm  <dmalcolm@redhat.com>
+
+	PR analyzer/93775
+	* region-model.cc (region_model::get_fndecl_for_call): Handle the
+	case where the code_region's get_tree_for_child_region returns
+	NULL.
+
 2020-02-17  David Malcolm  <dmalcolm@redhat.com>
 
 	PR analyzer/93388
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index b67660cf864..deb201546f3 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -6693,6 +6693,8 @@ region_model::get_fndecl_for_call (const gcall *call,
       if (code)
 	{
 	  tree fn_decl = code->get_tree_for_child_region (fn_rid);
+	  if (!fn_decl)
+	    return NULL_TREE;
 	  const cgraph_node *ultimate_node
 	    = cgraph_node::get (fn_decl)->ultimate_alias_target ();
 	  if (ultimate_node)
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 2e8d92221db..0e7d7bcc4b8 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2020-02-17  David Malcolm  <dmalcolm@redhat.com>
+
+	PR analyzer/93775
+	* gcc.dg/analyzer/20020129-1.c: New test.
+
 2020-02-17  Alexandre Oliva <oliva@adacore.com>
 
 	* gcc.dg/tls/emutls-3.c: New, combining emutls-2.c and
diff --git a/gcc/testsuite/gcc.dg/analyzer/20020129-1.c b/gcc/testsuite/gcc.dg/analyzer/20020129-1.c
new file mode 100644
index 00000000000..7d49519bc40
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/20020129-1.c
@@ -0,0 +1,2 @@
+/* { dg-require-effective-target indirect_calls } */
+#include "../../gcc.c-torture/compile/20020129-1.c"
-- 
2.30.2