diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2020-09-25 17:15:42 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2020-09-25 21:33:02 -0400 |
| commit | 29f5db8ef81fac4db8e66e5f06fdf1d469e8161c (patch) | |
| tree | 03b825c6057813e07f1546c7efa8ea3acf6fbaea /gcc | |
| parent | cdd8f031c7edf0fcbf5f20bf5fbd1526a64461d5 (diff) | |
| download | gcc-29f5db8ef81fac4db8e66e5f06fdf1d469e8161c.zip gcc-29f5db8ef81fac4db8e66e5f06fdf1d469e8161c.tar.gz gcc-29f5db8ef81fac4db8e66e5f06fdf1d469e8161c.tar.bz2 | |
analyzer: fix ICEs treeifying offset_region [PR96646, PR96841]
gcc/analyzer/ChangeLog:
PR analyzer/96646
PR analyzer/96841
* region-model.cc (region_model::get_representative_path_var):
When handling offset_region, wrap the MEM_REF's first argument in
an ADDR_EXPR of pointer type, rather than simply using the tree
for the parent region. Require the MEM_REF's second argument to
be an integer constant.
gcc/testsuite/ChangeLog:
PR analyzer/96646
PR analyzer/96841
* gcc.dg/analyzer/pr96646.c: New test.
* gcc.dg/analyzer/pr96841.c: New test.
Diffstat (limited to 'gcc')
| -rw-r--r-- | gcc/analyzer/region-model.cc | 7 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/pr96646.c | 24 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/pr96841.c | 23 |
3 files changed, 52 insertions, 2 deletions
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 981fb77..a88a295 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -2140,11 +2140,14 @@ region_model::get_representative_path_var (const region *reg, path_var offset_pv = get_representative_path_var (offset_reg->get_byte_offset (), visited); - if (!offset_pv) + if (!offset_pv || TREE_CODE (offset_pv.m_tree) != INTEGER_CST) return path_var (NULL_TREE, 0); + tree addr_parent = build1 (ADDR_EXPR, + build_pointer_type (reg->get_type ()), + parent_pv.m_tree); return path_var (build2 (MEM_REF, reg->get_type (), - parent_pv.m_tree, offset_pv.m_tree), + addr_parent, offset_pv.m_tree), parent_pv.m_stack_depth); } diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96646.c b/gcc/testsuite/gcc.dg/analyzer/pr96646.c new file mode 100644 index 0000000..2ac5a03 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pr96646.c @@ -0,0 +1,24 @@ +/* { dg-additional-options "-O1" } */ + +struct zx { + struct zx *b4, *g0; +}; + +struct oo { + void *ph; + struct zx el; +}; + +inline void +k7 (struct zx *xj) +{ + xj->b4->g0 = 0; /* { dg-warning "dereference of NULL" } */ + xj->b4 = 0; +} + +void +n8 (struct oo *yx) +{ + k7 (&yx->el); + n8 (yx); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96841.c b/gcc/testsuite/gcc.dg/analyzer/pr96841.c new file mode 100644 index 0000000..d9d35f3 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pr96841.c @@ -0,0 +1,23 @@ +/* { dg-additional-options "-O1 -Wno-builtin-declaration-mismatch" } */ + +int +l8 (void); + +__SIZE_TYPE__ +malloc (__SIZE_TYPE__); + +void +th (int *); + +void +bv (__SIZE_TYPE__ ny) +{ + int ***mf; + + while (l8 ()) + { + *mf = 0; + (*mf)[ny] = (int *) malloc (sizeof (int)); + th ((*mf)[ny]); /* { dg-warning "leak" } */ + } +} |