From 391512ade5f6cda95456133296c8dcc42d5fbefd Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Tue, 8 Feb 2022 16:37:08 -0500
Subject: [PATCH] analyzer: fix hashing of bit_range_region::key_t [PR104452]

gcc/analyzer/ChangeLog:
	PR analyzer/104452
	* region-model.cc (selftest::test_bit_range_regions): New.
	(selftest::analyzer_region_model_cc_tests): Call it.
	* region.h (bit_range_region::key_t::hash): Fix hashing of m_bits
	to avoid using uninitialized data.

gcc/testsuite/ChangeLog:
	PR analyzer/104452
	* gcc.dg/analyzer/pr104452.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/region-model.cc             | 18 ++++++++++++++++++
 gcc/analyzer/region.h                    |  3 ++-
 gcc/testsuite/gcc.dg/analyzer/pr104452.c | 10 ++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr104452.c

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 6e7a21d..f8f1976 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4710,6 +4710,23 @@ test_descendent_of_p ()
   ASSERT_TRUE (cast_reg->descendent_of_p (x_reg));
 }
 
+/* Verify that bit_range_region works as expected.  */
+
+static void
+test_bit_range_regions ()
+{
+  tree x = build_global_decl ("x", integer_type_node);
+  region_model_manager mgr;
+  const region *x_reg = mgr.get_region_for_global (x);
+  const region *byte0
+    = mgr.get_bit_range (x_reg, char_type_node, bit_range (0, 8));
+  const region *byte1
+    = mgr.get_bit_range (x_reg, char_type_node, bit_range (8, 8));
+  ASSERT_TRUE (byte0->descendent_of_p (x_reg));
+  ASSERT_TRUE (byte1->descendent_of_p (x_reg));
+  ASSERT_NE (byte0, byte1);
+}
+
 /* Verify that simple assignments work as expected.  */
 
 static void
@@ -6009,6 +6026,7 @@ analyzer_region_model_cc_tests ()
   test_binop_svalue_folding ();
   test_sub_svalue_folding ();
   test_descendent_of_p ();
+  test_bit_range_regions ();
   test_assignment ();
   test_compound_assignment ();
   test_stack_frames ();
diff --git a/gcc/analyzer/region.h b/gcc/analyzer/region.h
index 206b157..5311217 100644
--- a/gcc/analyzer/region.h
+++ b/gcc/analyzer/region.h
@@ -1156,7 +1156,8 @@ public:
       inchash::hash hstate;
       hstate.add_ptr (m_parent);
       hstate.add_ptr (m_type);
-      hstate.add (&m_bits, sizeof (m_bits));
+      hstate.add_wide_int (m_bits.m_start_bit_offset);
+      hstate.add_wide_int (m_bits.m_size_in_bits);
       return hstate.end ();
     }
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr104452.c b/gcc/testsuite/gcc.dg/analyzer/pr104452.c
new file mode 100644
index 0000000..85eb82d
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr104452.c
@@ -0,0 +1,10 @@
+/* { dg-additional-options "-O" } */
+
+void
+test_1 (void)
+{
+  int __attribute__((__vector_size__ (16))) x;
+  for (unsigned i = 0; i < 4;)
+    if (x[i]) /* { dg-warning "use of uninitialized value" } */
+      __builtin_abort ();
+}
-- 
2.7.4