From 45a75fd3d31265e43aa3ce7a5e851083d534b00b Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Wed, 30 Nov 2022 21:26:41 -0500
Subject: analyzer: fix ICE on bind/connect with a constant fd [PR107928]

gcc/analyzer/ChangeLog:
	PR analyzer/107928
	* sm-fd.cc (fd_state_machine::on_bind): Handle m_constant_fd in
	the "success" outcome.
	(fd_state_machine::on_connect): Likewise.
	* sm-fd.dot: Add "constant_fd" state and its transitions.

gcc/testsuite/ChangeLog:
	PR analyzer/107928
	* gcc.dg/analyzer/fd-bind-pr107928.c: New test.
	* gcc.dg/analyzer/fd-connect-pr107928.c: New test.
	* gcc.dg/analyzer/fd-stream-socket-active-open.c
	(test_active_open_from_connect_constant): New, adapted from
	test_active_open_from_connect.
	* gcc.dg/analyzer/fd-stream-socket-passive-open.c
	(test_passive_open_from_bind_constant): New, adapted from
	test_passive_open_from_bind.
	(test_passive_open_from_listen_constant): New, adapted from
	test_passive_open_from_listen.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 .../gcc.dg/analyzer/fd-stream-socket-active-open.c | 31 ++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c')

diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c
index 841894c..89ea82e 100644
--- a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c
+++ b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c
@@ -74,3 +74,34 @@ void test_active_open_from_connect (int fd, const char *sockname, void *buf)
   close (fd);
   __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */
 }
+
+void test_active_open_from_connect_constant (const char *sockname, void *buf)
+{
+  const int fd = 42;
+  __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */
+
+  struct sockaddr_un addr;
+  memset (&addr, 0, sizeof (addr));
+  addr.sun_family = AF_UNIX;
+  strncpy (addr.sun_path, sockname, sizeof(addr.sun_path) - 1);
+
+  errno = 0;
+  if (connect (fd, (struct sockaddr *)&addr, sizeof (addr)) == -1)
+    {
+      __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */
+      __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */
+      close (fd);
+      __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */
+      return;
+    }
+
+  __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */
+  __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */
+  __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */
+
+  write (fd, "hello", 6);
+  read (fd, buf, 100);
+
+  close (fd);
+  __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */
+}
-- 
cgit v1.1