From 358dab90186b30a5d287710f13625c327210218d Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Mon, 21 Nov 2022 19:08:17 -0500
Subject: [PATCH] analyzer: fix ICE on writes to errno [PR107777]

gcc/analyzer/ChangeLog:
	PR analyzer/107777
	* call-summary.cc
	(call_summary_replay::convert_region_from_summary_1): Handle
	RK_THREAD_LOCAL and RK_ERRNO in switch.
	* region-model.cc (region_model::get_representative_path_var_1):
	Likewise.

gcc/testsuite/ChangeLog:
	PR analyzer/107777
	* gcc.dg/analyzer/call-summaries-errno.c: New test.
	* gcc.dg/analyzer/errno-pr107777.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/call-summary.cc                         |  2 ++
 gcc/analyzer/region-model.cc                         |  2 ++
 gcc/testsuite/gcc.dg/analyzer/call-summaries-errno.c | 17 +++++++++++++++++
 gcc/testsuite/gcc.dg/analyzer/errno-pr107777.c       | 20 ++++++++++++++++++++
 4 files changed, 41 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/call-summaries-errno.c
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/errno-pr107777.c

diff --git a/gcc/analyzer/call-summary.cc b/gcc/analyzer/call-summary.cc
index ebc7b50..4c4694b 100644
--- a/gcc/analyzer/call-summary.cc
+++ b/gcc/analyzer/call-summary.cc
@@ -575,6 +575,7 @@ call_summary_replay::convert_region_from_summary_1 (const region *summary_reg)
     case RK_CODE:
     case RK_STACK:
     case RK_HEAP:
+    case RK_THREAD_LOCAL:
     case RK_ROOT:
       /* These should never be pointed to by a region_svalue.  */
       gcc_unreachable ();
@@ -582,6 +583,7 @@ call_summary_replay::convert_region_from_summary_1 (const region *summary_reg)
     case RK_FUNCTION:
     case RK_LABEL:
     case RK_STRING:
+    case RK_ERRNO:
     case RK_UNKNOWN:
       /* We can reuse these regions directly.  */
       return summary_reg;
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 81f58a5..1d5b09a 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4754,6 +4754,7 @@ region_model::get_representative_path_var_1 (const region *reg,
     case RK_CODE:
     case RK_HEAP:
     case RK_STACK:
+    case RK_THREAD_LOCAL:
     case RK_ROOT:
        /* Regions that represent memory spaces are not expressible as trees.  */
       return path_var (NULL_TREE, 0);
@@ -4873,6 +4874,7 @@ region_model::get_representative_path_var_1 (const region *reg,
       }
 
     case RK_VAR_ARG:
+    case RK_ERRNO:
     case RK_UNKNOWN:
       return path_var (NULL_TREE, 0);
     }
diff --git a/gcc/testsuite/gcc.dg/analyzer/call-summaries-errno.c b/gcc/testsuite/gcc.dg/analyzer/call-summaries-errno.c
new file mode 100644
index 0000000..e4333b3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/call-summaries-errno.c
@@ -0,0 +1,17 @@
+/* { dg-additional-options "-fanalyzer-call-summaries" } */
+
+#include <errno.h>
+#include "analyzer-decls.h"
+
+void sets_errno (int x)
+{
+  errno = x;
+}
+
+void test_sets_errno (int y)
+{
+  sets_errno (y);
+  sets_errno (y);
+
+  __analyzer_eval (errno == y); /* { dg-warning "TRUE" } */  
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/errno-pr107777.c b/gcc/testsuite/gcc.dg/analyzer/errno-pr107777.c
new file mode 100644
index 0000000..6568739
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/errno-pr107777.c
@@ -0,0 +1,20 @@
+int *
+__errno_location (void);
+
+long int
+read (int, void *, unsigned long int);
+
+struct IOBUF {
+  int fd;
+};
+
+void
+do_getline_end_data (struct IOBUF *iop, int tree)
+{
+  char end_data;
+
+  if (tree)
+    *__errno_location () = 0;
+
+  read (iop->fd, &end_data, sizeof end_data);
+}
-- 
2.7.4