analyzer: fix ICE on deref_rvalue on SK_COMPOUND [PR96643]

gcc/analyzer/ChangeLog:
	PR analyzer/96643
	* region-model.cc (region_model::deref_rvalue): Rather than
	attempting to handle all svalue kinds in the switch, only cover
	the special cases, and move symbolic-region handling to after
	the switch, thus implicitly handling the missing case SK_COMPOUND.

gcc/testsuite/ChangeLog:
	PR analyzer/96643
	* g++.dg/analyzer/pr96643.C: New test.

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 5b08e48..8a5e74e 100644 (file)
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1369,7 +1369,7 @@ region_model::deref_rvalue (const svalue *ptr_sval, tree ptr_tree,
   switch (ptr_sval->get_kind ())
     {
     default:
-      gcc_unreachable ();
+      break;
 
     case SK_REGION:
       {
@@ -1395,17 +1395,10 @@ region_model::deref_rvalue (const svalue *ptr_sval, tree ptr_tree,
              return m_mgr->get_offset_region (parent_region, type, offset);
            }
          default:
-           goto create_symbolic_region;
+           break;
          }
       }
-
-    case SK_CONSTANT:
-    case SK_INITIAL:
-    case SK_UNARYOP:
-    case SK_SUB:
-    case SK_WIDENING:
-    case SK_CONJURED:
-      goto create_symbolic_region;
+      break;
 
     case SK_POISONED:
       {
@@ -1425,20 +1418,11 @@ region_model::deref_rvalue (const svalue *ptr_sval, tree ptr_tree,
                ctxt->warn (new poisoned_value_diagnostic (ptr, pkind));
              }
          }
-       goto create_symbolic_region;
       }
-
-    case SK_UNKNOWN:
-      {
-      create_symbolic_region:
-       return m_mgr->get_symbolic_region (ptr_sval);
-      }
-
-    case SK_SETJMP:
-      goto create_symbolic_region;
+      break;
     }
 
-  gcc_unreachable ();
+  return m_mgr->get_symbolic_region (ptr_sval);
 }
 
 /* Set the value of the region given by LHS_REG to the value given

diff --git a/gcc/testsuite/g++.dg/analyzer/pr96643.C b/gcc/testsuite/g++.dg/analyzer/pr96643.C
new file mode 100644 (file)
index 0000000..2d0a248
--- /dev/null
+++ b/gcc/testsuite/g++.dg/analyzer/pr96643.C
@@ -0,0 +1,26 @@
+/* { dg-additional-options "-O1" } */
+
+int l0;
+
+class qv {
+public:
+  int operator[] (int b1) const { return k2[b1]; }
+
+private:
+  int *k2;
+};
+
+class g0 {
+  qv nf, v6;
+
+  void
+  iq ();
+};
+
+void
+g0::iq ()
+{
+  for (;;)
+    if (nf[0] == 0)
+      ++l0;
+}