* [committed] analyzer: fix ICE on escaped unknown pointers [PR96611]
@ 2020-08-14 20:59 David Malcolm
0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2020-08-14 20:59 UTC (permalink / raw)
To: gcc-patches
PR analyzer/96611 reports an ICE within the handling for unknown
functions, when passing a pointer to something accessed via a
global pointer, after an unknown function has already been called.
The first unknown function leads to the store being flagged, so
the access to the global pointer leads to (*unknown_svalue) for
the base region of the argument to the 2nd function, and thus
*unknown_svalue being reachable by the 2nd unknown function,
triggering an assertion failure.
Handle this case by rejecting attempts to get a cluster for
the unknown pointer, fixing the ICE.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2707-gee88b536069db8f870c444c441182a9c76ec5bba.
gcc/analyzer/ChangeLog:
PR analyzer/96611
* store.cc (store::mark_as_escaped): Reject attempts to
get a cluster for an unknown pointer.
gcc/testsuite/ChangeLog:
PR analyzer/96611
* gcc.dg/analyzer/pr96611.c: New test.
---
gcc/analyzer/store.cc | 3 +++
gcc/testsuite/gcc.dg/analyzer/pr96611.c | 14 ++++++++++++++
2 files changed, 17 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr96611.c
diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc
index 5fef27c8bd2..950a7784542 100644
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@@ -1691,6 +1691,9 @@ store::mark_as_escaped (const region *base_reg)
gcc_assert (base_reg);
gcc_assert (base_reg->get_base_region () == base_reg);
+ if (base_reg->symbolic_for_unknown_ptr_p ())
+ return;
+
binding_cluster *cluster = get_or_create_cluster (base_reg);
cluster->mark_as_escaped ();
}
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96611.c b/gcc/testsuite/gcc.dg/analyzer/pr96611.c
new file mode 100644
index 00000000000..4f7502361cb
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96611.c
@@ -0,0 +1,14 @@
+struct s { int a; } *ptr;
+void unknown_int_ptr (int *);
+void unknown_void (void);
+
+void test_1 ()
+{
+ unknown_int_ptr (&ptr->a);
+}
+
+void test_2 ()
+{
+ unknown_void ();
+ unknown_int_ptr (&ptr->a);
+}
--
2.26.2
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-08-14 20:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-14 20:59 [committed] analyzer: fix ICE on escaped unknown pointers [PR96611] David Malcolm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).