From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dmalcolm@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2209)
	id 68A993846993; Wed, 14 Dec 2022 21:04:48 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 68A993846993
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1671051888;
	bh=RbjA5SwhTTrHOel7/8LdAlbDEqN0Mcf0XRNGSiDogeE=;
	h=From:To:Subject:Date:From;
	b=OGG3Pjq1Ku0vtou/xN0GzYBZ+ELtMIk3vD30qODeEF+ndbGTsADRtI6HcyC6ynD2K
	 M/mh9bSHKTJaAtY7a6+xoeD419v8iRGC7xf5vMsd67fwS5orGynRvI31xpVMeNVkNY
	 qZwam5kHNYPlL1yQpzm9M8LN59is2mnucTM46whE=
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
From: David Malcolm <dmalcolm@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r13-4710] analyzer: don't call binding_key::make on empty
 regions [PR108065]
X-Act-Checkin: gcc
X-Git-Author: David Malcolm <dmalcolm@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 70b303049e45c180236a4114f844311652bad002
X-Git-Newrev: 41faa1d7beb90b235858c8a692be926642ad5559
Message-Id: <20221214210448.68A993846993@sourceware.org>
Date: Wed, 14 Dec 2022 21:04:48 +0000 (GMT)
List-Id: <gcc-cvs.sourceware.org>

https://gcc.gnu.org/g:41faa1d7beb90b235858c8a692be926642ad5559

commit r13-4710-g41faa1d7beb90b235858c8a692be926642ad5559
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Dec 14 16:03:30 2022 -0500

    analyzer: don't call binding_key::make on empty regions [PR108065]
    
    gcc/analyzer/ChangeLog:
            PR analyzer/108065
            * region.cc (decl_region::get_svalue_for_initializer): Bail out to
            avoid calling binding_key::make with an empty region.
            * store.cc (binding_map::apply_ctor_val_to_range): Likewise.
            (binding_map::apply_ctor_pair_to_child_region): Likewise.
            (binding_cluster::bind): Likewise.
            (binding_cluster::purge_region): Likewise.
            (binding_cluster::maybe_get_compound_binding): Likewise.
            (binding_cluster::maybe_get_simple_value): Likewise.
    
    gcc/testsuite/ChangeLog:
            PR analyzer/108065
            * gfortran.dg/analyzer/pr108065.f90: New test.
    
    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

Diff:
---
 gcc/analyzer/region.cc                          |  3 +++
 gcc/analyzer/store.cc                           | 14 ++++++++++++++
 gcc/testsuite/gfortran.dg/analyzer/pr108065.f90 | 17 +++++++++++++++++
 3 files changed, 34 insertions(+)

diff --git a/gcc/analyzer/region.cc b/gcc/analyzer/region.cc
index 67ba9486980..83809d6e1c3 100644
--- a/gcc/analyzer/region.cc
+++ b/gcc/analyzer/region.cc
@@ -1208,6 +1208,9 @@ decl_region::get_svalue_for_initializer (region_model_manager *mgr) const
       if (DECL_EXTERNAL (m_decl))
 	return NULL;
 
+      if (empty_p ())
+	return NULL;
+
       /* Implicit initialization to zero; use a compound_svalue for it.
 	 Doing so requires that we have a concrete binding for this region,
 	 which can fail if we have a region with unknown size
diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc
index dd8ebaa7374..f3b500c50a0 100644
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@@ -911,6 +911,8 @@ binding_map::apply_ctor_val_to_range (const region *parent_reg,
     return false;
   bit_offset_t start_bit_offset = min_offset.get_bit_offset ();
   store_manager *smgr = mgr->get_store_manager ();
+  if (max_element->empty_p ())
+    return false;
   const binding_key *max_element_key = binding_key::make (smgr, max_element);
   if (max_element_key->symbolic_p ())
     return false;
@@ -950,6 +952,8 @@ binding_map::apply_ctor_pair_to_child_region (const region *parent_reg,
   else
     {
       const svalue *sval = get_svalue_for_ctor_val (val, mgr);
+      if (child_reg->empty_p ())
+	return false;
       const binding_key *k
 	= binding_key::make (mgr->get_store_manager (), child_reg);
       /* Handle the case where we have an unknown size for child_reg
@@ -1347,6 +1351,8 @@ binding_cluster::bind (store_manager *mgr,
       return;
     }
 
+  if (reg->empty_p ())
+    return;
   const binding_key *binding = binding_key::make (mgr, reg);
   bind_key (binding, sval);
 }
@@ -1419,6 +1425,8 @@ void
 binding_cluster::purge_region (store_manager *mgr, const region *reg)
 {
   gcc_assert (reg->get_kind () == RK_DECL);
+  if (reg->empty_p ())
+    return;
   const binding_key *binding
     = binding_key::make (mgr, const_cast<region *> (reg));
   m_map.remove (binding);
@@ -1666,6 +1674,9 @@ binding_cluster::maybe_get_compound_binding (store_manager *mgr,
   if (reg_offset.symbolic_p ())
     return NULL;
 
+  if (reg->empty_p ())
+    return NULL;
+
   region_model_manager *sval_mgr = mgr->get_svalue_manager ();
 
   /* We will a build the result map in two parts:
@@ -2162,6 +2173,9 @@ binding_cluster::maybe_get_simple_value (store_manager *mgr) const
   if (m_map.elements () != 1)
     return NULL;
 
+  if (m_base_region->empty_p ())
+    return NULL;
+
   const binding_key *key = binding_key::make (mgr, m_base_region);
   return get_any_value (key);
 }
diff --git a/gcc/testsuite/gfortran.dg/analyzer/pr108065.f90 b/gcc/testsuite/gfortran.dg/analyzer/pr108065.f90
new file mode 100644
index 00000000000..86ba4d4f9aa
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/analyzer/pr108065.f90
@@ -0,0 +1,17 @@
+! { dg-do compile }
+! { dg-additional-options "-fcheck=bounds -Wno-analyzer-malloc-leak" }
+! Copy of gfortran.dg/bounds_check_23.f90
+! as a regression test for ICE with -fanalyzer (PR analyzer/108065)
+
+program test
+  implicit none
+  call sub('Lorem ipsum')
+contains
+  subroutine sub( text )
+    character(len=*), intent(in)  :: text
+    character(len=1), allocatable :: c(:)
+    integer :: i
+    c = [ ( text(i:i), i = 1, len(text) ) ]
+    if (c(1) /= 'L') stop 1
+  end subroutine sub
+end program test