From 45b999f642a531c083c982dda79fa6ad65730a7c Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 21 Jan 2022 09:56:56 -0500 Subject: analyzer: fix ICE on vector casts [PR104159] PR analyzer/104159 describes an ICE attempting to convert a vector_cst, which occurs when symbolically executing within a recursive call on: _4 = BIT_FIELD_REF ; _1 = VIEW_CONVERT_EXPR(_4); where the BIT_FIELD_REF leads to a get_or_create_cast from VEC to VEC which get_code_for_cast erroneously picks NOP_EXPR for the cast, leading to a bogus input to the VIEW_CONVERT_EXPR. This patch fixes the issue by giving up on attempts to cast symbolic values of vector types, treating the result of such casts as unknowable. gcc/analyzer/ChangeLog: PR analyzer/104159 * region-model-manager.cc (region_model_manager::get_or_create_cast): Bail out if the types are the same. Don't attempt to handle casts involving vector types. gcc/testsuite/ChangeLog: PR analyzer/104159 * gcc.dg/analyzer/torture/pr104159.c: New test. Signed-off-by: David Malcolm --- gcc/analyzer/region-model-manager.cc | 11 +++++++++++ gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc index bb93526..e765e7f 100644 --- a/gcc/analyzer/region-model-manager.cc +++ b/gcc/analyzer/region-model-manager.cc @@ -497,6 +497,17 @@ const svalue * region_model_manager::get_or_create_cast (tree type, const svalue *arg) { gcc_assert (type); + + /* No-op if the types are the same. */ + if (type == arg->get_type ()) + return arg; + + /* Don't attempt to handle casts involving vector types for now. */ + if (TREE_CODE (type) == VECTOR_TYPE + || (arg->get_type () + && TREE_CODE (arg->get_type ()) == VECTOR_TYPE)) + return get_or_create_unknown_svalue (type); + enum tree_code op = get_code_for_cast (type, arg->get_type ()); return get_or_create_unaryop (type, op, arg); } diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c b/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c new file mode 100644 index 0000000..1346b4b --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c @@ -0,0 +1,18 @@ +/* { dg-additional-options "-Wno-analyzer-use-of-uninitialized-value" } */ + +typedef int __attribute__((__vector_size__(4))) T; +typedef unsigned __attribute__((__vector_size__(4))) U; +typedef unsigned __attribute__((__vector_size__(16))) V; +typedef unsigned long __attribute__((__vector_size__(16))) W; + +U u; +T t; + +void +foo(W w) { + U u = __builtin_shufflevector((V)w, u, 0); + t = (T){} + u + u; + foo((W){}); + for (;;) + ; +} -- cgit v1.1