analyzer: fix ICE on certain longjmp calls [PR109094]

PR analyzer/109094 reports an ICE in the analyzer seen on qemu's
target/i386/tcg/translate.c

The issue turned out to be that when handling a longjmp, the code
to pop the frames was generating an svalue for the result_decl of any
popped frame that had a non-void return type (and discarding it) leading
to "uninit" poisoned_svalue_diagnostic instances being saved since the
result_decl is only set by the greturn stmt.  Later, when checking the
feasibility of the path to these diagnostics, m_check_expr was evaluated
in the context of the frame of the longjmp, leading to an attempt to
evaluate the result_decl of each intervening frames whilst in the
context of the topmost frame, leading to an assertion failure in
frame_region::get_region_for_local here:

919		case RESULT_DECL:
920		  gcc_assert (DECL_CONTEXT (expr) == m_fun->decl);
921		  break;

This patch updates the analyzer's longjmp implementation so that it
doesn't attempt to generate svalues for the result_decls when popping
frames, fixing the assertion failure (and presumably fixing "uninit"
false positives in a release build).

gcc/analyzer/ChangeLog:
	PR analyzer/109094
	* region-model.cc (region_model::on_longjmp): Pass false for
	new "eval_return_svalue" param of pop_frame.
	(region_model::pop_frame): Add new "eval_return_svalue" param and
	use it to suppress the call to get_rvalue on the result when
	needed by on_longjmp.
	* region-model.h (region_model::pop_frame): Add new
	"eval_return_svalue" param.

gcc/testsuite/ChangeLog:
	PR analyzer/109094
	* gcc.dg/analyzer/setjmp-pr109094.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

0 files changed, 0 insertions, 0 deletions