From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-519292-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 52692 invoked by alias); 10 Feb 2020 23:16:21 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 52684 invoked by uid 89); 10 Feb 2020 23:16:21 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-23.3 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=whilst
X-HELO: us-smtp-delivery-1.mimecast.com
Received: from us-smtp-1.mimecast.com (HELO us-smtp-delivery-1.mimecast.com) (207.211.31.81) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 10 Feb 2020 23:16:19 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;	s=mimecast20190719; t=1581376578;	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:	 content-transfer-encoding:content-transfer-encoding;	bh=6rzx/PsbGIRz99O0b1gaYFYKb0cOZsvUCo85/LyS9Zc=;	b=S2DWE/nTWIWDAOjh8R0HaYcthQkXFwI/8d7mBQhJFngL7ogLqFTdiFI1Vj0JTM4r0sqA4U	uVd+/vV5ToHhjrCbq0SeqlRmtoORyfMuY8dfV1JCWBLb3oMyJ9Qgi3+r0T5j2Ggub7uttG	bwgKP0A8jbnjVFG5puF7bKKC8JLU2Bo=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-155-15TqQ7nuN_2CegrrpFovwA-1; Mon, 10 Feb 2020 18:16:14 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B34C88017CC	for <gcc-patches@gcc.gnu.org>; Mon, 10 Feb 2020 23:16:13 +0000 (UTC)
Received: from t470.redhat.com (ovpn-116-56.phx2.redhat.com [10.3.116.56])	by smtp.corp.redhat.com (Postfix) with ESMTP id 4BEED5C1D4;	Mon, 10 Feb 2020 23:16:13 +0000 (UTC)
From: David Malcolm <dmalcolm@redhat.com>
To: gcc-patches@gcc.gnu.org
Cc: David Malcolm <dmalcolm@redhat.com>
Subject: [committed] analyzer: fix ICE reporting NULL dereference (PR 93647)
Date: Mon, 10 Feb 2020 23:16:00 -0000
Message-Id: <20200210231611.32044-1-dmalcolm@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
X-IsSubscribed: yes
X-SW-Source: 2020-02/txt/msg00602.txt.bz2

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r10-6566-ge953f9588d4a7ea4183d14914f915329cc37941f.

gcc/analyzer/ChangeLog:
	PR analyzer/93647
	* diagnostic-manager.cc
	(diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
	VAR being constant.
	* region-model.cc (region_model::get_lvalue_1): Provide a better
	error message when encountering an unhandled tree code.

gcc/testsuite/ChangeLog:
	PR analyzer/93647
	* gcc.dg/analyzer/torture/pr93647.c: New test.
---
 gcc/analyzer/diagnostic-manager.cc              |  6 ++++++
 gcc/analyzer/region-model.cc                    |  2 ++
 gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c | 14 ++++++++++++++
 3 files changed, 22 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c

diff --git a/gcc/analyzer/diagnostic-manager.cc b/gcc/analyzer/diagnostic-m=
anager.cc
index 1a82d5f22ec..580152586f4 100644
--- a/gcc/analyzer/diagnostic-manager.cc
+++ b/gcc/analyzer/diagnostic-manager.cc
@@ -965,6 +965,12 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_p=
ath *path,
 					     tree var,
 					     state_machine::state_t state) const
 {
+  /* If we have a constant (such as NULL), assume its state is also
+     constant, so as not to attempt to get its lvalue whilst tracking the
+     origin of the state.  */
+  if (var && CONSTANT_CLASS_P (var))
+    var =3D NULL_TREE;
+
   int idx =3D path->num_events () - 1;
   while (idx >=3D 0 && idx < (signed)path->num_events ())
     {
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 0ae7536a032..fd82360cc6e 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4641,6 +4641,8 @@ region_model::get_lvalue_1 (path_var pv, region_model=
_context *ctxt)
   switch (TREE_CODE (expr))
     {
     default:
+      internal_error ("unhandled tree code in region_model::get_lvalue_1: =
%qs",
+		      get_tree_code_name (TREE_CODE (expr)));
       gcc_unreachable ();
=20
     case ARRAY_REF:
diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c b/gcc/testsuit=
e/gcc.dg/analyzer/torture/pr93647.c
new file mode 100644
index 00000000000..fbfe570780b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr93647.c
@@ -0,0 +1,14 @@
+/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
+
+int *tz;
+
+void
+ky (int);
+
+void
+wd (void)
+{
+  tz =3D 0;
+  ky (*tz); /* { dg-warning "dereference of NULL" } */
+}
+
--=20
2.21.0