From 29f5db8ef81fac4db8e66e5f06fdf1d469e8161c Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 25 Sep 2020 17:15:42 -0400 Subject: [PATCH] analyzer: fix ICEs treeifying offset_region [PR96646, PR96841] gcc/analyzer/ChangeLog: PR analyzer/96646 PR analyzer/96841 * region-model.cc (region_model::get_representative_path_var): When handling offset_region, wrap the MEM_REF's first argument in an ADDR_EXPR of pointer type, rather than simply using the tree for the parent region. Require the MEM_REF's second argument to be an integer constant. gcc/testsuite/ChangeLog: PR analyzer/96646 PR analyzer/96841 * gcc.dg/analyzer/pr96646.c: New test. * gcc.dg/analyzer/pr96841.c: New test. --- gcc/analyzer/region-model.cc | 7 +++++-- gcc/testsuite/gcc.dg/analyzer/pr96646.c | 24 ++++++++++++++++++++++++ gcc/testsuite/gcc.dg/analyzer/pr96841.c | 23 +++++++++++++++++++++++ 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr96646.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr96841.c diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 981fb77..a88a295 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -2140,11 +2140,14 @@ region_model::get_representative_path_var (const region *reg, path_var offset_pv = get_representative_path_var (offset_reg->get_byte_offset (), visited); - if (!offset_pv) + if (!offset_pv || TREE_CODE (offset_pv.m_tree) != INTEGER_CST) return path_var (NULL_TREE, 0); + tree addr_parent = build1 (ADDR_EXPR, + build_pointer_type (reg->get_type ()), + parent_pv.m_tree); return path_var (build2 (MEM_REF, reg->get_type (), - parent_pv.m_tree, offset_pv.m_tree), + addr_parent, offset_pv.m_tree), parent_pv.m_stack_depth); } diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96646.c b/gcc/testsuite/gcc.dg/analyzer/pr96646.c new file mode 100644 index 0000000..2ac5a03 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pr96646.c @@ -0,0 +1,24 @@ +/* { dg-additional-options "-O1" } */ + +struct zx { + struct zx *b4, *g0; +}; + +struct oo { + void *ph; + struct zx el; +}; + +inline void +k7 (struct zx *xj) +{ + xj->b4->g0 = 0; /* { dg-warning "dereference of NULL" } */ + xj->b4 = 0; +} + +void +n8 (struct oo *yx) +{ + k7 (&yx->el); + n8 (yx); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96841.c b/gcc/testsuite/gcc.dg/analyzer/pr96841.c new file mode 100644 index 0000000..d9d35f3 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pr96841.c @@ -0,0 +1,23 @@ +/* { dg-additional-options "-O1 -Wno-builtin-declaration-mismatch" } */ + +int +l8 (void); + +__SIZE_TYPE__ +malloc (__SIZE_TYPE__); + +void +th (int *); + +void +bv (__SIZE_TYPE__ ny) +{ + int ***mf; + + while (l8 ()) + { + *mf = 0; + (*mf)[ny] = (int *) malloc (sizeof (int)); + th ((*mf)[ny]); /* { dg-warning "leak" } */ + } +} -- 2.7.4