[committed] analyzer: fix ICE reporting NULL dereference (PR 93647)
David Malcolm
dmalcolm@redhat.com
Mon Feb 10 23:16:00 GMT 2020
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r10-6566-ge953f9588d4a7ea4183d14914f915329cc37941f.
gcc/analyzer/ChangeLog:
PR analyzer/93647
* diagnostic-manager.cc
(diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
VAR being constant.
* region-model.cc (region_model::get_lvalue_1): Provide a better
error message when encountering an unhandled tree code.
gcc/testsuite/ChangeLog:
PR analyzer/93647
* gcc.dg/analyzer/torture/pr93647.c: New test.
---
gcc/analyzer/diagnostic-manager.cc | 6 ++++++
gcc/analyzer/region-model.cc | 2 ++
gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c | 14 ++++++++++++++
3 files changed, 22 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
diff --git a/gcc/analyzer/diagnostic-manager.cc b/gcc/analyzer/diagnostic-manager.cc
index 1a82d5f22ec..580152586f4 100644
--- a/gcc/analyzer/diagnostic-manager.cc
+++ b/gcc/analyzer/diagnostic-manager.cc
@@ -965,6 +965,12 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
tree var,
state_machine::state_t state) const
{
+ /* If we have a constant (such as NULL), assume its state is also
+ constant, so as not to attempt to get its lvalue whilst tracking the
+ origin of the state. */
+ if (var && CONSTANT_CLASS_P (var))
+ var = NULL_TREE;
+
int idx = path->num_events () - 1;
while (idx >= 0 && idx < (signed)path->num_events ())
{
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 0ae7536a032..fd82360cc6e 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4641,6 +4641,8 @@ region_model::get_lvalue_1 (path_var pv, region_model_context *ctxt)
switch (TREE_CODE (expr))
{
default:
+ internal_error ("unhandled tree code in region_model::get_lvalue_1: %qs",
+ get_tree_code_name (TREE_CODE (expr)));
gcc_unreachable ();
case ARRAY_REF:
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c b/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
new file mode 100644
index 00000000000..fbfe570780b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
@@ -0,0 +1,14 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+
+int *tz;
+
+void
+ky (int);
+
+void
+wd (void)
+{
+ tz = 0;
+ ky (*tz); /* { dg-warning "dereference of NULL" } */
+}
+
--
2.21.0
More information about the Gcc-patches
mailing list