From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nathan@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1059)
 id CCAE0394D8BE; Thu, 27 Aug 2020 18:15:02 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CCAE0394D8BE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
 s=default; t=1598552102;
 bh=c5gMZn7xAINGnLqXtUcNrCMJevQEXYbYysDdf42iJLw=;
 h=From:To:Subject:Date:From;
 b=y4BfJgjxnjSDcZikfUR1zieAb2wMAYfYu3NtRBkxYCSsLmiAylCKIV+8A0Npgk/eL
 Cuc56x7cSHEoyIe7pnrqu0I2bdFKYFa8KykLKzkDgy0kMFwxgxV7dgMkm0LXAcSu5r
 TTFfn072omP4e/dhF4j2LRBprXQ3AvayqMO2njKk=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Nathan Sidwell <nathan@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc/devel/c++-modules] analyzer: fix ICE with negative bit offsets
 [PR96648]
X-Act-Checkin: gcc
X-Git-Author: David Malcolm <dmalcolm@redhat.com>
X-Git-Refname: refs/heads/devel/c++-modules
X-Git-Oldrev: 5c265693bfa8e5f205e81c0452d54800334c32a9
X-Git-Newrev: 400abebf48a90d0797718ab7c3864de331e85b70
Message-Id: <20200827181502.CCAE0394D8BE@sourceware.org>
Date: Thu, 27 Aug 2020 18:15:02 +0000 (GMT)
X-BeenThere: gcc-cvs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-cvs mailing list <gcc-cvs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-cvs/>
List-Help: <mailto:gcc-cvs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2020 18:15:02 -0000

https://gcc.gnu.org/g:400abebf48a90d0797718ab7c3864de331e85b70

commit 400abebf48a90d0797718ab7c3864de331e85b70
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Mon Aug 17 21:12:35 2020 -0400

    analyzer: fix ICE with negative bit offsets [PR96648]
    
    PR analyzer/96648 reports an ICE within get_field_at_bit_offset due
    to a negative bit offset, arising due to pointer arithmetic.
    
    This patch replaces an assertion with handling for this case, fixing the
    ICE.
    
    gcc/analyzer/ChangeLog:
            PR analyzer/96648
            * region.cc (get_field_at_bit_offset): Gracefully handle negative
            values for bit_offset.
    
    gcc/testsuite/ChangeLog:
            PR analyzer/96648
            * gcc.dg/analyzer/pr96648.c: New test.

Diff:
---
 gcc/analyzer/region.cc                  |  3 ++-
 gcc/testsuite/gcc.dg/analyzer/pr96648.c | 36 +++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/gcc/analyzer/region.cc b/gcc/analyzer/region.cc
index eab1f2771cf..770e2cb849e 100644
--- a/gcc/analyzer/region.cc
+++ b/gcc/analyzer/region.cc
@@ -226,7 +226,8 @@ static tree
 get_field_at_bit_offset (tree record_type, bit_offset_t bit_offset)
 {
   gcc_assert (TREE_CODE (record_type) == RECORD_TYPE);
-  gcc_assert (bit_offset >= 0);
+  if (bit_offset < 0)
+    return NULL;
 
   /* Find the first field that has an offset > BIT_OFFSET,
      then return the one preceding it.
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96648.c b/gcc/testsuite/gcc.dg/analyzer/pr96648.c
new file mode 100644
index 00000000000..a6b0c727287
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96648.c
@@ -0,0 +1,36 @@
+/* { dg-additional-options "-O1" } */
+
+struct vd {
+  struct vd *rs;
+};
+
+struct fh {
+  struct vd cl;
+};
+
+struct i3 {
+  struct fh *h4;
+};
+
+struct fh *
+gm (void);
+
+void
+j7 (struct vd *);
+
+inline void
+mb (struct vd *e7)
+{
+  j7 (e7->rs);
+}
+
+void
+po (struct i3 *d2)
+{
+  struct i3 *s2;
+
+  d2->h4 = gm ();
+  mb (&d2->h4->cl);
+  s2 = ({ d2 - 1; });
+  po (s2);
+}