analyzer: fix ICE due to type mismatch when replaying call summary [PR114473]

gcc/analyzer/ChangeLog:
	PR analyzer/114473
	* call-summary.cc
	(call_summary_replay::convert_svalue_from_summary): Assert that
	the types match.
	(call_summary_replay::convert_region_from_summary): Likewise.
	(call_summary_replay::convert_region_from_summary_1): Add missing
	cast for the deref of RK_SYMBOLIC case.

gcc/testsuite/ChangeLog:
	PR analyzer/114473
	* gcc.dg/analyzer/call-summaries-pr114473.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

diff --git a/gcc/analyzer/call-summary.cc b/gcc/analyzer/call-summary.cc
index a569bb94cec560ef05a3441412b4caf34608de91..c2c9c71f79b49a1eacf196881c22ff5089d0b0f8 100644 (file)
--- a/gcc/analyzer/call-summary.cc
+++ b/gcc/analyzer/call-summary.cc
@@ -235,6 +235,11 @@ call_summary_replay::convert_svalue_from_summary (const svalue *summary_sval)
 
   const svalue *caller_sval = convert_svalue_from_summary_1 (summary_sval);
 
+  if (caller_sval)
+    if (summary_sval->get_type () && caller_sval->get_type ())
+      gcc_assert (types_compatible_p (summary_sval->get_type (),
+                                     caller_sval->get_type ()));
+
   /* Add to cache.  */
   add_svalue_mapping (summary_sval, caller_sval);
 
@@ -552,6 +557,11 @@ call_summary_replay::convert_region_from_summary (const region *summary_reg)
 
   const region *caller_reg = convert_region_from_summary_1 (summary_reg);
 
+  if (caller_reg)
+    if (summary_reg->get_type () && caller_reg->get_type ())
+      gcc_assert (types_compatible_p (summary_reg->get_type (),
+                                     caller_reg->get_type ()));
+
   /* Add to cache.  */
   add_region_mapping (summary_reg, caller_reg);
 
@@ -603,6 +613,8 @@ call_summary_replay::convert_region_from_summary_1 (const region *summary_reg)
          = get_caller_model ()->deref_rvalue (caller_ptr_sval,
                                               NULL_TREE,
                                               get_ctxt ());
+       caller_reg = mgr->get_cast_region (caller_reg,
+                                          summary_reg->get_type ());
        return caller_reg;
       }
       break;

diff --git a/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr114473.c b/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr114473.c
new file mode 100644 (file)
index 0000000..4598840
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr114473.c
@@ -0,0 +1,31 @@
+/* { dg-additional-options "-fanalyzer-call-summaries" } */
+
+int a;
+extern int *q[];
+
+int *
+baz (int *src)
+{
+  while (a)
+    {
+      src && a;
+      return src;
+    }
+}
+
+void
+bar (int **src)
+{
+  for (unsigned j = 0; j;)
+    a = 0;
+  while (a)
+    baz (src[0]);
+}
+
+void
+foo (void)
+{
+  bar (q);
+  baz (&a);
+  bar (q);
+}