[Bug analyzer/93438] ICE in operator[], at vec.h:867
cvs-commit at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Fri Jan 31 19:27:00 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93438
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:455f58ec50465aed9d92dc31d68708a05e499388
commit r10-6382-g455f58ec50465aed9d92dc31d68708a05e499388
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Jan 31 09:20:38 2020 -0500
analyzer: fix ICE with pointers between stack frames (PR 93438)
PR analyzer/93438 reports an ICE when merging two region_models
in which an older stack frame has a local pointing to a local in
a more recent stack frame.
stack
older frame
int *: "ow" --+
|
newer frame |
int: "pk" <---+
The root cause is that the state-merging code assumes that all frame
regions in the merged model have already been created.
stack_region::can_merge_p iterates through the frames, creating
and populating each merged frame in turn, so when it attempts to
populate the older frame, it attempts to reference the newer frame in
the merged model, which doesn't exist yet.
This patch reworks stack_region::can_merge_p to use a two-pass approach
in which all frames in the merged model are created first, and then
are all populated, fixing the bug.
gcc/analyzer/ChangeLog:
PR analyzer/93438
* region-model.cc (stack_region::can_merge_p): Split into a two
pass approach, creating all stack regions first, then populating
them.
(selftest::test_state_merging): Add test coverage for (a) the case
of self-merging a model in which a local in an older stack frame
points to a local in a more recent stack frame (which previously
would ICE), and (b) the case of self-merging a model in which a
local points to a global (which previously worked OK).
gcc/testsuite/ChangeLog:
PR analyzer/93438
* gcc.dg/analyzer/torture/pr93438.c: New test.
* gcc.dg/analyzer/torture/pr93438-2.c: New test.
More information about the Gcc-bugs
mailing list