[pushed] analyzer: fix ICE on certain pointer subtractions [PR110387]

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

* [pushed] analyzer: fix ICE on certain pointer subtractions [PR110387]
@ 2023-07-21  0:31 David Malcolm
  0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2023-07-21  0:31 UTC (permalink / raw)
  To: gcc-patches; +Cc: David Malcolm

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r14-2688-g5a0aff76a99804.

gcc/analyzer/ChangeLog:
	PR analyzer/110387
	* region.h (struct cast_region::key_t): Support "m_type" being
	null by using "m_original_region" for empty/deleted slots.

gcc/testsuite/ChangeLog:
	PR analyzer/110387
	* gcc.dg/analyzer/out-of-bounds-pr110387.c: New test.
---
 gcc/analyzer/region.h                         | 16 +++++++++++-----
 .../gcc.dg/analyzer/out-of-bounds-pr110387.c  | 19 +++++++++++++++++++
 2 files changed, 30 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/out-of-bounds-pr110387.c

diff --git a/gcc/analyzer/region.h b/gcc/analyzer/region.h
index 0c79490c9c0..2cbb9234728 100644
--- a/gcc/analyzer/region.h
+++ b/gcc/analyzer/region.h
@@ -1107,7 +1107,7 @@ public:
     key_t (const region *original_region, tree type)
     : m_original_region (original_region), m_type (type)
     {
-      gcc_assert (type);
+      gcc_assert (original_region);
     }
 
     hashval_t hash () const
@@ -1124,10 +1124,16 @@ public:
 	      && m_type == other.m_type);
     }
 
-    void mark_deleted () { m_type = reinterpret_cast<tree> (1); }
-    void mark_empty () { m_type = NULL_TREE; }
-    bool is_deleted () const { return m_type == reinterpret_cast<tree> (1); }
-    bool is_empty () const { return m_type == NULL_TREE; }
+    void mark_deleted ()
+    {
+      m_original_region = reinterpret_cast<const region *> (1);
+    }
+    void mark_empty () { m_original_region = nullptr; }
+    bool is_deleted () const
+    {
+      return m_original_region == reinterpret_cast<const region *> (1);
+    }
+    bool is_empty () const { return m_original_region == nullptr; }
 
     const region *m_original_region;
     tree m_type;
diff --git a/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-pr110387.c b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-pr110387.c
new file mode 100644
index 00000000000..a046659c83e
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-pr110387.c
@@ -0,0 +1,19 @@
+char a, b, c, d;
+long x;
+
+void
+_S_copy (long __n)
+{
+  __builtin_memcpy (&a, &d, __n); /* { dg-prune-output "-Wanalyzer-out-of-bounds" } */
+  /* This only warns on some targets; the purpose of the test is to verify that
+     we don't ICE.  */
+}
+
+void
+_M_construct ()
+{
+  x = &c - &b;
+  unsigned long __dnew = x;
+  if (__dnew > 1)
+    _S_copy (&c - &b);
+}
-- 
2.26.3


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-07-21  0:31 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-21  0:31 [pushed] analyzer: fix ICE on certain pointer subtractions [PR110387] David Malcolm

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).