[gcc r13-3138] analyzer: fix another ICE in PR 107158

public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed

* [gcc r13-3138] analyzer: fix another ICE in PR 107158
@ 2022-10-06 19:48 David Malcolm
  0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2022-10-06 19:48 UTC (permalink / raw)
  To: gcc-cvs

https://gcc.gnu.org/g:629b4813e91aba0a8fc9b18434ec1808776a4b3d

commit r13-3138-g629b4813e91aba0a8fc9b18434ec1808776a4b3d
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Thu Oct 6 15:46:49 2022 -0400

    analyzer: fix another ICE in PR 107158
    
    I overreduced PR analyzer/107158 in r13-3096-gef878564140cbc, and there
    was another ICE in the original reproducer, which this patch fixes.
    
    gcc/analyzer/ChangeLog:
            PR analyzer/107158
            * store.cc (store::replay_call_summary_cluster): Eliminate
            special-casing of RK_HEAP_ALLOCATED in favor of sharing code with
            RK_DECL, avoiding an ICE due to attempting to bind a
            compound_svalue into a binding_cluster when an svalue in the
            summary cluster converts to a compound_svalue in the caller.
    
    gcc/testsuite/ChangeLog:
            PR analyzer/107158
            * gcc.dg/analyzer/call-summaries-pr107158-2.c: New test.
    
    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

Diff:
---
 gcc/analyzer/store.cc                              |  34 ++-----
 .../gcc.dg/analyzer/call-summaries-pr107158-2.c    | 108 +++++++++++++++++++++
 2 files changed, 114 insertions(+), 28 deletions(-)

diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc
index d2279b53249..2631ea25559 100644
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@@ -3238,6 +3238,8 @@ store::replay_call_summary_cluster (call_summary_replay &r,
 		   caller_sval, NULL /* uncertainty_t * */);
       }
       break;
+
+    case RK_HEAP_ALLOCATED:
     case RK_DECL:
       {
 	const region *caller_dest_reg
@@ -3246,6 +3248,10 @@ store::replay_call_summary_cluster (call_summary_replay &r,
 	  return;
 	const svalue *summary_sval
 	  = summary.get_any_binding (mgr, summary_base_reg);
+	if (!summary_sval)
+	  summary_sval = reg_mgr->get_or_create_compound_svalue
+	    (summary_base_reg->get_type (),
+	     summary_cluster->get_map ());
 	const svalue *caller_sval
 	  = r.convert_svalue_from_summary (summary_sval);
 	if (!caller_sval)
@@ -3255,34 +3261,6 @@ store::replay_call_summary_cluster (call_summary_replay &r,
 		   caller_sval, NULL /* uncertainty_t * */);
       }
       break;
-    case RK_HEAP_ALLOCATED:
-      {
-	const region *caller_dest_reg
-	  = r.convert_region_from_summary (summary_base_reg);
-	gcc_assert (caller_dest_reg);
-	binding_cluster *caller_cluster
-	  = get_or_create_cluster (caller_dest_reg);
-	auto_vec <const binding_key *> summary_keys;
-	for (auto kv : *summary_cluster)
-	  summary_keys.safe_push (kv.first);
-	summary_keys.qsort (binding_key::cmp_ptrs);
-	for (auto summary_key : summary_keys)
-	  {
-	    const binding_key *caller_key
-	      = r.convert_key_from_summary (summary_key);
-	    if (!caller_key)
-	      continue;
-	    const svalue *summary_sval
-	      = summary_cluster->get_map ().get (summary_key);
-	    const svalue *caller_sval
-	      = r.convert_svalue_from_summary (summary_sval);
-	    if (!caller_sval)
-	      caller_sval = reg_mgr->get_or_create_unknown_svalue
-		(summary_sval->get_type ());
-	    caller_cluster->bind_key (caller_key, caller_sval);
-	  }
-      }
-      break;
 
     case RK_ALLOCA:
       /* Ignore bindings of alloca regions in the summary.  */
diff --git a/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr107158-2.c b/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr107158-2.c
new file mode 100644
index 00000000000..c2e9e2ba9f2
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr107158-2.c
@@ -0,0 +1,108 @@
+/* { dg-additional-options "-fanalyzer-call-summaries -Wno-analyzer-too-complex" } */
+
+typedef __SIZE_TYPE__ size_t;
+typedef struct _IO_FILE FILE;
+extern char *fgets(char *__restrict __s, int __n, FILE *__restrict __stream)
+    __attribute__((__access__(__write_only__, 1, 2)));
+extern void perror(const char *__s);
+enum {
+  _ISspace = ((5) < 8 ? ((1 << (5)) << 8) : ((1 << (5)) >> 8)),
+};
+extern const unsigned short int **__ctype_b_loc(void)
+    __attribute__((__nothrow__, __leaf__)) __attribute__((__const__));
+extern void *malloc(size_t __size) __attribute__((__nothrow__, __leaf__))
+__attribute__((__malloc__)) __attribute__((__alloc_size__(1)));
+extern void exit(int __status) __attribute__((__nothrow__, __leaf__))
+__attribute__((__noreturn__));
+extern char *strcpy(char *__restrict __dest, const char *__restrict __src)
+    __attribute__((__nothrow__, __leaf__)) __attribute__((__nonnull__(1, 2)));
+extern size_t strlen(const char *__s) __attribute__((__nothrow__, __leaf__))
+__attribute__((__pure__)) __attribute__((__nonnull__(1)));
+
+struct mydata {
+  struct mydata *link;
+  char *name;
+  char *type;
+};
+
+static struct mydata *all_data;
+static int line_no;
+
+_Noreturn static void failed(const char *message) {
+  perror(message);
+  exit(1);
+}
+
+static char *string_dup(const char *string) {
+  char *buf;
+
+  if ((buf = malloc(strlen(string) + 1)) == ((void *)0))
+    failed("malloc() failed");
+
+  return strcpy(buf, string);
+}
+
+static void store_data(const char *name, const char *type) {
+  struct mydata *p, *q;
+
+  if ((p = (struct mydata *)malloc(sizeof(struct mydata))) == ((void *)0))
+    failed("malloc() failed");
+
+  p->link = ((void *)0);
+  p->name = string_dup(name);
+  p->type = string_dup(type);
+
+  if ((q = all_data) == ((void *)0))
+    all_data = p;
+  else {
+    while (q->link != ((void *)0))
+      q = q->link;
+    q->link = p;
+  }
+}
+
+static void parse_tbl(char *buffer) {
+  char *s = buffer;
+  char *t = s + strlen(s);
+
+  do {
+    t--;
+    if (((*__ctype_b_loc())[(int)(((int)*t))] & (unsigned short int)_ISspace))
+      *t = '\0';
+    else
+      break;
+  } while (t > s);
+  while (((*__ctype_b_loc())[(int)(((int)*s))] & (unsigned short int)_ISspace))
+    s++;
+  buffer = s;
+
+  line_no++;
+  if (*buffer != ';' && *buffer != '\0') {
+    if (*buffer == '#') {
+      store_data(buffer, ""); /* { dg-bogus "leak" "PR analyzer/107158" { xfail *-*-* } } */
+    } else {
+
+      while (*s && !((*__ctype_b_loc())[(int)(((int)*s))] &
+                     (unsigned short int)_ISspace))
+        s++;
+      while (
+          ((*__ctype_b_loc())[(int)(((int)*s))] & (unsigned short int)_ISspace))
+        *s++ = '\0';
+      store_data(buffer, s); /* { dg-bogus "leak" "PR analyzer/107158" { xfail *-*-* } } */
+    }
+  }
+}
+
+/* [...snip...] */
+
+static void makecfg(FILE *ifp, FILE *ofp, FILE *ofp2) {
+  char buffer[8192];
+
+  /* [...snip...] */
+
+  line_no = 0;
+  while (fgets(buffer, sizeof(buffer) - 1, ifp))
+    parse_tbl(buffer);
+
+  /* [...snip...] */
+}

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-10-06 19:48 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-06 19:48 [gcc r13-3138] analyzer: fix another ICE in PR 107158 David Malcolm

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).