analyzer: fix ICE reporting NULL dereference (PR 93647)

gcc/analyzer/ChangeLog: PR analyzer/93647 * diagnostic-manager.cc (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against VAR being constant. * region-model.cc (region_model::get_lvalue_1): Provide a better error message when encountering an unhandled tree code. gcc/testsuite/ChangeLog: PR analyzer/93647 * gcc.dg/analyzer/torture/pr93647.c: New test.
2020-02-10 10:01:46 -05:00 · 2020-02-10 10:01:46 -05:00 · e953f9588d
commit e953f9588d
parent f57aa9503f
5 changed files with 36 additions and 0 deletions
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@ -1,3 +1,12 @@
+2020-02-10  David Malcolm  <dmalcolm@redhat.com>
+
+	PR analyzer/93647
+	* diagnostic-manager.cc
+	(diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
+	VAR being constant.
+	* region-model.cc (region_model::get_lvalue_1): Provide a better
+	error message when encountering an unhandled tree code.
+
 2020-02-10  David Malcolm  <dmalcolm@redhat.com>

 	PR analyzer/93405
--- a/gcc/analyzer/diagnostic-manager.cc
+++ b/gcc/analyzer/diagnostic-manager.cc
@ -965,6 +965,12 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
 					     tree var,
 					     state_machine::state_t state) const
 {
+  /* If we have a constant (such as NULL), assume its state is also
+     constant, so as not to attempt to get its lvalue whilst tracking the
+     origin of the state.  */
+  if (var && CONSTANT_CLASS_P (var))
+    var = NULL_TREE;
+
  int idx = path->num_events () - 1;
  while (idx >= 0 && idx < (signed)path->num_events ())
    {
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@ -4614,6 +4614,8 @@ region_model::get_lvalue_1 (path_var pv, region_model_context *ctxt)
  switch (TREE_CODE (expr))
    {
    default:
+      internal_error ("unhandled tree code in region_model::get_lvalue_1: %qs",
+		      get_tree_code_name (TREE_CODE (expr)));
      gcc_unreachable ();

    case ARRAY_REF:
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@ -1,3 +1,8 @@
+2020-02-10  David Malcolm  <dmalcolm@redhat.com>
+
+	PR analyzer/93647
+	* gcc.dg/analyzer/torture/pr93647.c: New test.
+
 2020-02-10  Jakub Jelinek  <jakub@redhat.com>

 	PR target/93637
--- a/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
@ -0,0 +1,14 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+
+int *tz;
+
+void
+ky (int);
+
+void
+wd (void)
+{
+  tz = 0;
+  ky (*tz); /* { dg-warning "dereference of NULL" } */
+}
+