diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2020-01-22 09:37:18 -0500 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2020-01-22 21:06:45 -0500 |
| commit | 591b59ebfcd48319452ebbd954267c9a05ba4b78 (patch) | |
| tree | d88634f931c2c79ee54704f59c8f9e86e6ef82f1 /gcc/go | |
| parent | c9c8aef474f4030e9d11d7fb81ad77de2eb5bf3b (diff) | |
| download | gcc-591b59ebfcd48319452ebbd954267c9a05ba4b78.zip gcc-591b59ebfcd48319452ebbd954267c9a05ba4b78.tar.gz gcc-591b59ebfcd48319452ebbd954267c9a05ba4b78.tar.bz2 | |
analyzer: fix ICE due to sm-state origin being purged (PR 93382)
The ICE in PR analyzer/93382 is a validation error.
The global variable "idx" acquires a "tainted" state from local array
n1[0]. When the frame is popped, the svalue for n1[0] is purged, but
the "taint" sm_state_map's entry for "idx" has a svalue_id referencing
the now-purged svalue. This is caught by program_state::validate as an
assertion failure.
This patch fixes the issue by resetting the origin id within
sm_state_map entries for the case where the origin id has been purged.
gcc/analyzer/ChangeLog:
PR analyzer/93382
* program-state.cc (sm_state_map::on_svalue_purge): If the
entry survives, but the origin is being purged, then reset the
origin to null.
gcc/testsuite/ChangeLog:
PR analyzer/93382
* gcc.dg/analyzer/pr93382.c: New test.
Diffstat (limited to 'gcc/go')
0 files changed, 0 insertions, 0 deletions