[Bug analyzer/104029] internal compiler error with -fanalyzer-checker=taint

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104029

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
                 CC|                            |marxin at gcc dot gnu.org
   Last reconfirmed|                            |2022-01-14

--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Reduced test-case:

$ cat pr104029.c
char heapsort_size;

void
heapsort() { char abaseabase = -heapsort_size; }

$ gcc pr104029.c -fanalyzer -fanalyzer-checker=taint
during IPA pass: analyzer
pr104029.c: In function ‘heapsort’:
pr104029.c:4:19: internal compiler error: in alt_get_inherited_state, at
analyzer/sm-taint.cc:652
    4 | heapsort() { char abaseabase = -heapsort_size; }
      |                   ^~~~~~~~~~
0x81290a alt_get_inherited_state
        /home/marxin/Programming/gcc/gcc/analyzer/sm-taint.cc:652
0x12f081b ana::sm_state_map::get_state(ana::svalue const*, ana::extrinsic_state
const&) const
        /home/marxin/Programming/gcc/gcc/analyzer/program-state.cc:424
0x12f299f ana::program_state::can_purge_p(ana::extrinsic_state const&,
ana::svalue const*) const
        /home/marxin/Programming/gcc/gcc/analyzer/program-state.h:254
0x12f299f ana::program_state::prune_for_point(ana::exploded_graph&,
ana::program_point const&, ana::exploded_node*, ana::uncertainty_t*) const
        /home/marxin/Programming/gcc/gcc/analyzer/program-state.cc:1151
0x12e03e4 ana::exploded_graph::process_node(ana::exploded_node*)
        /home/marxin/Programming/gcc/gcc/analyzer/engine.cc:3719
0x12e0ffa ana::exploded_graph::process_worklist()
        /home/marxin/Programming/gcc/gcc/analyzer/engine.cc:3137
0x12e331e ana::impl_run_checkers(ana::logger*)
        /home/marxin/Programming/gcc/gcc/analyzer/engine.cc:5716
0x12e4333 ana::run_checkers()
        /home/marxin/Programming/gcc/gcc/analyzer/engine.cc:5787
0x12d414c execute
        /home/marxin/Programming/gcc/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.