From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dmalcolm@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2209)
	id 0023E3856188; Mon, 24 Oct 2022 20:49:23 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0023E3856188
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1666644564;
	bh=iy9V6mKWG+TyH3Jl0LtcSBqooQ7NdxgkMw1ukzrYs5Y=;
	h=From:To:Subject:Date:From;
	b=utPg6oq5EmPufiQG6JLDiMWr2d3gOZmGG5xF8e64QYlNbmx7leqvPjviCX64v8/9S
	 H/KmL/l1/zIMYD1sQHmVv8kyzvdS5P6rLUxjxIarWCrbFGhXfSWeuLlMV3gsngqiGv
	 vA4UFyAkF5f7yEYl2hyFQMkkh7062eJRKLhe3Mls=
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
From: David Malcolm <dmalcolm@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r13-3470] analyzer: fix ICE on va_copy [PR107349]
X-Act-Checkin: gcc
X-Git-Author: David Malcolm <dmalcolm@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 2e8a0553918adc919f98ac5c0224fc6ce1fef68d
X-Git-Newrev: 687d11fd74e7de724d46d3e0c58eb012db93ec2b
Message-Id: <20221024204924.0023E3856188@sourceware.org>
Date: Mon, 24 Oct 2022 20:49:23 +0000 (GMT)
List-Id: <gcc-cvs.sourceware.org>

https://gcc.gnu.org/g:687d11fd74e7de724d46d3e0c58eb012db93ec2b

commit r13-3470-g687d11fd74e7de724d46d3e0c58eb012db93ec2b
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Mon Oct 24 16:41:09 2022 -0400

    analyzer: fix ICE on va_copy [PR107349]
    
    gcc/analyzer/ChangeLog:
            PR analyzer/107349
            * varargs.cc (get_va_copy_arg): Fix the non-pointer case.
    
    gcc/testsuite/ChangeLog:
            PR analyzer/107349
            * gcc.dg/analyzer/stdarg-1-ms_abi.c (pr107349): New.
            * gcc.dg/analyzer/stdarg-1-sysv_abi.c (pr107349): New.
            * gcc.dg/analyzer/stdarg-1.c (pr107349): New.
    
    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

Diff:
---
 gcc/analyzer/varargs.cc                           | 5 ++---
 gcc/testsuite/gcc.dg/analyzer/stdarg-1-ms_abi.c   | 6 ++++++
 gcc/testsuite/gcc.dg/analyzer/stdarg-1-sysv_abi.c | 6 ++++++
 gcc/testsuite/gcc.dg/analyzer/stdarg-1.c          | 6 ++++++
 4 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/gcc/analyzer/varargs.cc b/gcc/analyzer/varargs.cc
index 20c83dbbadc..e4dbad79f42 100644
--- a/gcc/analyzer/varargs.cc
+++ b/gcc/analyzer/varargs.cc
@@ -171,9 +171,8 @@ get_va_copy_arg (const region_model *model,
   const svalue *arg_sval = model->get_rvalue (arg, ctxt);
   if (const svalue *cast = arg_sval->maybe_undo_cast ())
     arg_sval = cast;
-  /* Expect a POINTER_TYPE; does it point to an array type?  */
-  gcc_assert (TREE_CODE (TREE_TYPE (arg)) == POINTER_TYPE);
-  if (TREE_CODE (TREE_TYPE (TREE_TYPE (arg))) == ARRAY_TYPE)
+  if (TREE_CODE (TREE_TYPE (arg)) == POINTER_TYPE
+      && TREE_CODE (TREE_TYPE (TREE_TYPE (arg))) == ARRAY_TYPE)
     {
       /* va_list_arg_type_node is a pointer to a va_list;
 	 return *ARG_SVAL.  */
diff --git a/gcc/testsuite/gcc.dg/analyzer/stdarg-1-ms_abi.c b/gcc/testsuite/gcc.dg/analyzer/stdarg-1-ms_abi.c
index b0143a7d3e3..e55f10de66b 100644
--- a/gcc/testsuite/gcc.dg/analyzer/stdarg-1-ms_abi.c
+++ b/gcc/testsuite/gcc.dg/analyzer/stdarg-1-ms_abi.c
@@ -435,3 +435,9 @@ void test_va_arg_after_return (void)
   __analyzer_called_by_test_va_arg_after_return (42, 1066);
   i = __builtin_va_arg (global_ap, int); /* { dg-warning "dereferencing pointer 'global_ap' to within stale stack frame" } */
 }
+
+void pr107349 (void)
+{
+  __builtin_ms_va_list x,y;
+  __builtin_ms_va_copy(x,y); /* { dg-warning "use of uninitialized value 'y'" } */
+} /* { dg-warning "missing call to 'va_end'" } */
diff --git a/gcc/testsuite/gcc.dg/analyzer/stdarg-1-sysv_abi.c b/gcc/testsuite/gcc.dg/analyzer/stdarg-1-sysv_abi.c
index 1dc97ea3a44..fb49b3584e2 100644
--- a/gcc/testsuite/gcc.dg/analyzer/stdarg-1-sysv_abi.c
+++ b/gcc/testsuite/gcc.dg/analyzer/stdarg-1-sysv_abi.c
@@ -435,3 +435,9 @@ void test_va_arg_after_return (void)
   __analyzer_called_by_test_va_arg_after_return (42, 1066);
   i = __builtin_va_arg (global_ap, int); /* { dg-warning "dereferencing pointer 'global_ap' to within stale stack frame" } */
 }
+
+void pr107349 (void)
+{
+  __builtin_sysv_va_list x,y;
+  __builtin_sysv_va_copy(x,y); /* { dg-warning "use of uninitialized value 'y'" } */
+} /* { dg-warning "missing call to 'va_end'" } */
diff --git a/gcc/testsuite/gcc.dg/analyzer/stdarg-1.c b/gcc/testsuite/gcc.dg/analyzer/stdarg-1.c
index f23d28c5b89..f2766a50522 100644
--- a/gcc/testsuite/gcc.dg/analyzer/stdarg-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/stdarg-1.c
@@ -431,3 +431,9 @@ void test_va_arg_after_return (void)
   __analyzer_called_by_test_va_arg_after_return (42, 1066);
   i = __builtin_va_arg (global_ap, int); /* { dg-warning "dereferencing pointer 'global_ap' to within stale stack frame" } */
 }
+
+void pr107349 (void)
+{
+  __builtin_va_list x,y;
+  __builtin_va_copy(x,y); /* { dg-warning "use of uninitialized value 'y'" } */
+} /* { dg-warning "missing call to 'va_end'" } */