PR analyzer/96611 reports an ICE within the handling for unknown
functions, when passing a pointer to something accessed via a
global pointer, after an unknown function has already been called.
The first unknown function leads to the store being flagged, so
the access to the global pointer leads to (*unknown_svalue) for
the base region of the argument to the 2nd function, and thus
*unknown_svalue being reachable by the 2nd unknown function,
triggering an assertion failure.
Handle this case by rejecting attempts to get a cluster for
the unknown pointer, fixing the ICE.
gcc/analyzer/ChangeLog:
PR analyzer/96611
* store.cc (store::mark_as_escaped): Reject attempts to
get a cluster for an unknown pointer.
gcc/testsuite/ChangeLog:
PR analyzer/96611
* gcc.dg/analyzer/pr96611.c: New test.
gcc_assert (base_reg);
gcc_assert (base_reg->get_base_region () == base_reg);
+ if (base_reg->symbolic_for_unknown_ptr_p ())
+ return;
+
binding_cluster *cluster = get_or_create_cluster (base_reg);
cluster->mark_as_escaped ();
}
--- /dev/null
+struct s { int a; } *ptr;
+void unknown_int_ptr (int *);
+void unknown_void (void);
+
+void test_1 ()
+{
+ unknown_int_ptr (&ptr->a);
+}
+
+void test_2 ()
+{
+ unknown_void ();
+ unknown_int_ptr (&ptr->a);
+}