projects / platform / upstream / gcc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e62503)
analyzer: fix ICE on escaped unknown pointers [PR96611]
authorDavid Malcolm <dmalcolm@redhat.com>
Fri, 14 Aug 2020 14:48:30 +0000 (10:48 -0400)
committerDavid Malcolm <dmalcolm@redhat.com>
Fri, 14 Aug 2020 20:56:28 +0000 (16:56 -0400)
PR analyzer/96611 reports an ICE within the handling for unknown
functions, when passing a pointer to something accessed via a
global pointer, after an unknown function has already been called.

The first unknown function leads to the store being flagged, so
the access to the global pointer leads to (*unknown_svalue) for
the base region of the argument to the 2nd function, and thus
*unknown_svalue being reachable by the 2nd unknown function,
triggering an assertion failure.

Handle this case by rejecting attempts to get a cluster for
the unknown pointer, fixing the ICE.

gcc/analyzer/ChangeLog:
PR analyzer/96611
* store.cc (store::mark_as_escaped): Reject attempts to
get a cluster for an unknown pointer.

gcc/testsuite/ChangeLog:
PR analyzer/96611
* gcc.dg/analyzer/pr96611.c: New test.

gcc/analyzer/store.cc patch | blob | history
gcc/testsuite/gcc.dg/analyzer/pr96611.c [new file with mode: 0644] patch | blob

diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc
index 5fef27c..950a778 100644 (file)
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@@ -1691,6 +1691,9 @@ store::mark_as_escaped (const region *base_reg)
   gcc_assert (base_reg);
   gcc_assert (base_reg->get_base_region () == base_reg);
 
+  if (base_reg->symbolic_for_unknown_ptr_p ())
+    return;
+
   binding_cluster *cluster = get_or_create_cluster (base_reg);
   cluster->mark_as_escaped ();
 }
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96611.c b/gcc/testsuite/gcc.dg/analyzer/pr96611.c
new file mode 100644 (file)
index 0000000..4f75023
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96611.c
@@ -0,0 +1,14 @@
+struct s { int a; } *ptr;
+void unknown_int_ptr (int *);
+void unknown_void (void);
+
+void test_1 ()
+{
+  unknown_int_ptr (&ptr->a);
+}
+
+void test_2 ()
+{
+  unknown_void ();
+  unknown_int_ptr (&ptr->a);
+}
Domain: System / Toolchain;