analyzer: restore input_location (PR 93349)

PR analyzer/93349 reports an ICE in IPA pass: simdclone for
some input files when -fanalyzer is supplied, with:
  error: location references block not in block tree

The root cause is that the analyzer touches input_location in some
places (to make it easier to track down which source construct the
analyzer can't handle in the case of an analyzer ICE) and fails to reset
it.  For the ICE in question, this sets input_location to a location_t
that references some arbitrary block (specifically, that of the last
statement to be analyzed, within the original CFG of whichever is the
last such function to be analyzed).

Later, within omp-simd-clone.c, input_location is used by gimplify_expr
(called via gimplify_and_add), which has:

14492	      if (!gimple_seq_empty_p (*pre_p))
14493		annotate_all_with_location_after (*pre_p, pre_last_gsi, input_location);

thus using whatever the value of input_location is, leading
to statements that reference some arbitrary block in the original CFG.
For the reproducer, this happens to be a block in the CFG for the
original function, rather than that of the clone, but in general it
could be some arbitrary other function in the TU.

This code appears to assume that input_location has some arbitrary
value *not* in the block tree, which is potentially violated by the
analyzer's changes to input_location.

This patch adds a save and restore of input_location at the top-level
function of the analyzer, fixing the ICE.

gcc/analyzer/ChangeLog:
	PR analyzer/93349
	* engine.cc (run_checkers): Save and restore input_location.

gcc/testsuite/ChangeLog:
	PR analyzer/93349
	* gcc.dg/analyzer/torture/pr93349.c: New test.

diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog
index 4a99c3f..3a2d179 100644 (file)
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@@ -1,5 +1,10 @@
 2020-01-27  David Malcolm  <dmalcolm@redhat.com>
 
+       PR analyzer/93349
+       * engine.cc (run_checkers): Save and restore input_location.
+
+2020-01-27  David Malcolm  <dmalcolm@redhat.com>
+
        * call-string.cc (call_string::cmp_1): Delete, moving body to...
        (call_string::cmp): ...here.
        * call-string.h (call_string::cmp_1): Delete decl.

diff --git a/gcc/analyzer/engine.cc b/gcc/analyzer/engine.cc
index 8961c55..2bc0aff 100644 (file)
--- a/gcc/analyzer/engine.cc
+++ b/gcc/analyzer/engine.cc
@@ -3589,6 +3589,9 @@ impl_run_checkers (logger *logger)
 void
 run_checkers ()
 {
+  /* Save input_location.  */
+  location_t saved_input_location = input_location;
+
   /* Handle -fdump-analyzer and -fdump-analyzer-stderr.  */
   FILE *dump_fout = NULL;
   /* Track if we're responsible for closing dump_fout.  */
@@ -3619,6 +3622,11 @@ run_checkers ()
 
   if (owns_dump_fout)
     fclose (dump_fout);
+
+  /* Restore input_location.  Subsequent passes may assume that input_location
+     is some arbitrary value *not* in the block tree, which might be violated
+     if we didn't restore it.  */
+  input_location = saved_input_location;
 }
 
 } // namespace ana

diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 56acbd9..b4f298a 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,5 +1,10 @@
 2020-01-27  David Malcolm  <dmalcolm@redhat.com>
 
+       PR analyzer/93349
+       * gcc.dg/analyzer/torture/pr93349.c: New test.
+
+2020-01-27  David Malcolm  <dmalcolm@redhat.com>
+
        PR analyzer/93291
        * gcc.dg/analyzer/pattern-test-2.c: Remove include of stdlib.h.
        (test_2): Rewrite to explicitly perform a bitwise-or of two

diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/pr93349.c b/gcc/testsuite/gcc.dg/analyzer/torture/pr93349.c
new file mode 100644 (file)
index 0000000..a9d0636
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr93349.c
@@ -0,0 +1,4 @@
+__attribute__ ((simd)) void
+test (void)
+{
+}