review.tizen.org Git - test

author	David Malcolm <dmalcolm@redhat.com>
	Fri, 25 Mar 2022 20:50:51 +0000 (16:50 -0400)
committer	David Malcolm <dmalcolm@redhat.com>
	Sat, 26 Mar 2022 13:05:30 +0000 (09:05 -0400)
commit	8c8993c75309901e03418eba1d6239b9a39a43b7
tree	2365a0f835c6b1a8ad5ae48c0de9c4f044bb8db7	tree \| snapshot
parent	f0fdd92e9dae17b543b089dac753211298b04c78	commit \| diff

analyzer: fix ICE on memset of untracked region [PR105057]

In r12-7809-g5f6197d7c197f9d2b7fb2e1a19dac39a023755e8 I added an
optimization to avoid tracking the state of certain memory regions
in the store.

Unfortunately, I didn't cover every way in which
store::get_or_create_cluster can be called for a base region, leading
to assertion failure ICEs in -fanalyzer on certain function calls
with certain params.

I've worked through all uses of store::get_or_create_cluster and found
four places where the assertion could fire.

This patch fixes them, and adds regression tests where possible.

gcc/analyzer/ChangeLog:
PR analyzer/105057
* store.cc (binding_cluster::make_unknown_relative_to): Reject
attempts to create a cluster for untracked base regions.
(store::set_value): Likewise.
(store::fill_region): Likewise.
(store::mark_region_as_unknown): Likewise.

gcc/testsuite/ChangeLog:
PR analyzer/105057
* gcc.dg/analyzer/fread-2.c: New test, as a regression test for
ICE in store::set_value on untracked base region.
* gcc.dg/analyzer/memset-2.c: Likewise, for ICE in
store::fill_region.
* gcc.dg/analyzer/strcpy-2.c: Likewise, for ICE in
store::mark_region_as_unknown.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

gcc/analyzer/store.cc		diff \| blob \| history
gcc/testsuite/gcc.dg/analyzer/fread-2.c	[new file with mode: 0644]	blob
gcc/testsuite/gcc.dg/analyzer/memset-2.c	[new file with mode: 0644]	blob
gcc/testsuite/gcc.dg/analyzer/strcpy-2.c	[new file with mode: 0644]	blob