From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2209) id 43F803858D37; Sat, 22 Jan 2022 15:27:23 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 43F803858D37 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" From: David Malcolm To: gcc-cvs@gcc.gnu.org Subject: [gcc r12-6817] analyzer: fix ICE on vector casts [PR104159] X-Act-Checkin: gcc X-Git-Author: David Malcolm X-Git-Refname: refs/heads/master X-Git-Oldrev: 6c1a93102b41a558f3ad49a7c66015257535c747 X-Git-Newrev: 45b999f642a531c083c982dda79fa6ad65730a7c Message-Id: <20220122152723.43F803858D37@sourceware.org> Date: Sat, 22 Jan 2022 15:27:23 +0000 (GMT) X-BeenThere: gcc-cvs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-cvs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2022 15:27:23 -0000 https://gcc.gnu.org/g:45b999f642a531c083c982dda79fa6ad65730a7c commit r12-6817-g45b999f642a531c083c982dda79fa6ad65730a7c Author: David Malcolm Date: Fri Jan 21 09:56:56 2022 -0500 analyzer: fix ICE on vector casts [PR104159] PR analyzer/104159 describes an ICE attempting to convert a vector_cst, which occurs when symbolically executing within a recursive call on: _4 = BIT_FIELD_REF ; _1 = VIEW_CONVERT_EXPR(_4); where the BIT_FIELD_REF leads to a get_or_create_cast from VEC to VEC which get_code_for_cast erroneously picks NOP_EXPR for the cast, leading to a bogus input to the VIEW_CONVERT_EXPR. This patch fixes the issue by giving up on attempts to cast symbolic values of vector types, treating the result of such casts as unknowable. gcc/analyzer/ChangeLog: PR analyzer/104159 * region-model-manager.cc (region_model_manager::get_or_create_cast): Bail out if the types are the same. Don't attempt to handle casts involving vector types. gcc/testsuite/ChangeLog: PR analyzer/104159 * gcc.dg/analyzer/torture/pr104159.c: New test. Signed-off-by: David Malcolm Diff: --- gcc/analyzer/region-model-manager.cc | 11 +++++++++++ gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc index bb93526807f..e765e7f484f 100644 --- a/gcc/analyzer/region-model-manager.cc +++ b/gcc/analyzer/region-model-manager.cc @@ -497,6 +497,17 @@ const svalue * region_model_manager::get_or_create_cast (tree type, const svalue *arg) { gcc_assert (type); + + /* No-op if the types are the same. */ + if (type == arg->get_type ()) + return arg; + + /* Don't attempt to handle casts involving vector types for now. */ + if (TREE_CODE (type) == VECTOR_TYPE + || (arg->get_type () + && TREE_CODE (arg->get_type ()) == VECTOR_TYPE)) + return get_or_create_unknown_svalue (type); + enum tree_code op = get_code_for_cast (type, arg->get_type ()); return get_or_create_unaryop (type, op, arg); } diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c b/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c new file mode 100644 index 00000000000..1346b4b6063 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c @@ -0,0 +1,18 @@ +/* { dg-additional-options "-Wno-analyzer-use-of-uninitialized-value" } */ + +typedef int __attribute__((__vector_size__(4))) T; +typedef unsigned __attribute__((__vector_size__(4))) U; +typedef unsigned __attribute__((__vector_size__(16))) V; +typedef unsigned long __attribute__((__vector_size__(16))) W; + +U u; +T t; + +void +foo(W w) { + U u = __builtin_shufflevector((V)w, u, 0); + t = (T){} + u + u; + foo((W){}); + for (;;) + ; +}