analyzer: Fix ICE on MD builtin [PR101721]

The following testcase ICEs because DECL_FUNCTION_CODE asserts the builtin
is BUILT_IN_NORMAL, but it sees a backend (MD) builtin instead.
The FE, normal and MD builtin numbers overlap, so one should always
check what kind of builtin it is before looking at specific codes.

On the other side, region-model.cc has:
      if (fndecl_built_in_p (callee_fndecl, BUILT_IN_NORMAL)
          && gimple_builtin_call_types_compatible_p (call, callee_fndecl))
        switch (DECL_UNCHECKED_FUNCTION_CODE (callee_fndecl))
which IMO should use DECL_FUNCTION_CODE instead, it checked first it is
a normal builtin...

2021-08-03  Jakub Jelinek  <jakub@redhat.com>

	PR analyzer/101721
	* sm-malloc.cc (known_allocator_p): Only check DECL_FUNCTION_CODE on
	BUILT_IN_NORMAL builtins.

	* gcc.dg/analyzer/pr101721.c: New test.

2 files changed, 9 insertions, 1 deletions

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index 4f07d1f..74c6fee 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -1543,7 +1543,7 @@ known_allocator_p (const_tree fndecl, const gcall *call)
 
   /* ... or it is a builtin allocator that allocates objects freed with
      __builtin_free.  */
-  if (fndecl_built_in_p (fndecl))
+  if (fndecl_built_in_p (fndecl, BUILT_IN_NORMAL))
     switch (DECL_FUNCTION_CODE (fndecl))
       {
       case BUILT_IN_MALLOC:
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr101721.c b/gcc/testsuite/gcc.dg/analyzer/pr101721.c
new file mode 100644
index 0000000..07ef2d6
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr101721.c
@@ -0,0 +1,8 @@
+/* PR analyzer/101721 */
+/* { dg-do compile { target i?86-*-* x86_64-*-* } } */
+
+void
+foo ()
+{
+  __builtin_ia32_pause ();
+}