[PATCH 14/21] analyzer: fix skipping of debug stmts [PR113253]

[David Malcolm <dmalcolm@redhat.com>]

PR analyzer/113253 reports a case where the analyzer output varied
with and without -g enabled.

The root cause was that debug stmts were in the
FOR_EACH_IMM_USE_FAST list for SSA names, leading to the analyzer's
state purging logic differing between the -g and non-debugging cases,
and thus leading to differences in the exploration of the user's code.

Fix by skipping such stmts in the state-purging logic, and removing
debug stmts when constructing the supergraph.

gcc/analyzer/ChangeLog:
	PR analyzer/113253
	* region-model.cc (region_model::on_stmt_pre): Add gcc_unreachable
	for debug statements.
	* state-purge.cc
	(state_purge_per_ssa_name::state_purge_per_ssa_name): Skip any
	debug stmts in the FOR_EACH_IMM_USE_FAST list.
	* supergraph.cc (supergraph::supergraph): Don't add debug stmts
	to the supernodes.

gcc/testsuite/ChangeLog:
	PR analyzer/113253
	* gcc.dg/analyzer/deref-before-check-pr113253.c: New test.

(cherry picked from commit r14-8670-gcc7aebff74d896)

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/region-model.cc                  |   5 +
 gcc/analyzer/state-purge.cc                   |   9 +
 gcc/analyzer/supergraph.cc                    |   4 +
 .../analyzer/deref-before-check-pr113253.c    | 154 ++++++++++++++++++
 4 files changed, 172 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr113253.c

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index c98b09d5322..7e42fcdfd55 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1237,6 +1237,11 @@ region_model::on_stmt_pre (const gimple *stmt,
       /* No-op for now.  */
       break;
 
+    case GIMPLE_DEBUG:
+      /* We should have stripped these out when building the supergraph.  */
+      gcc_unreachable ();
+      break;
+
     case GIMPLE_ASSIGN:
       {
 	const gassign *assign = as_a <const gassign *> (stmt);
diff --git a/gcc/analyzer/state-purge.cc b/gcc/analyzer/state-purge.cc
index 3a73146d928..31a207436f0 100644
--- a/gcc/analyzer/state-purge.cc
+++ b/gcc/analyzer/state-purge.cc
@@ -329,6 +329,15 @@ state_purge_per_ssa_name::state_purge_per_ssa_name (const state_purge_map &map,
 	      map.log ("used by stmt: %s", pp_formatted_text (&pp));
 	    }
 
+	  if (is_gimple_debug (use_stmt))
+	    {
+	      /* We skipped debug stmts when building the supergraph,
+		 so ignore them now.  */
+	      if (map.get_logger ())
+		map.log ("skipping debug stmt");
+	      continue;
+	    }
+
 	  const supernode *snode
 	    = map.get_sg ().get_supernode_for_stmt (use_stmt);
 
diff --git a/gcc/analyzer/supergraph.cc b/gcc/analyzer/supergraph.cc
index a23ff15ece4..f07d68c60b8 100644
--- a/gcc/analyzer/supergraph.cc
+++ b/gcc/analyzer/supergraph.cc
@@ -182,6 +182,10 @@ supergraph::supergraph (logger *logger)
 	  for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi); gsi_next (&gsi))
 	    {
 	      gimple *stmt = gsi_stmt (gsi);
+	      /* Discard debug stmts here, so we don't have to check for
+		 them anywhere within the analyzer.  */
+	      if (is_gimple_debug (stmt))
+		continue;
 	      node_for_stmts->m_stmts.safe_push (stmt);
 	      m_stmt_to_node_t.put (stmt, node_for_stmts);
 	      m_stmt_uids.make_uid_unique (stmt);
diff --git a/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr113253.c b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr113253.c
new file mode 100644
index 00000000000..d9015accd6a
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/deref-before-check-pr113253.c
@@ -0,0 +1,154 @@
+/* Regression test for PR analyzer/113253 which was showing analyzer
+   differences with and without -g.
+
+   C only: reduced reproducer doesn't easily work with C++.  */
+
+/* { dg-additional-options "-O2 -g" } */
+
+typedef long int ptrdiff_t;
+typedef unsigned long int uintptr_t;
+typedef long int EMACS_INT;
+enum
+{
+  EMACS_INT_WIDTH = 64,
+  VALBITS = EMACS_INT_WIDTH - 3,
+};
+typedef struct Lisp_X* Lisp_Word;
+enum Lisp_Type
+{
+  Lisp_Symbol = 0,
+  Lisp_Vectorlike = 5,
+};
+typedef Lisp_Word Lisp_Object;
+static inline EMACS_INT(XLI)(Lisp_Object o)
+{
+  return ((EMACS_INT)(o));
+}
+static inline void*(XLP)(Lisp_Object o)
+{
+  return ((void*)(o));
+}
+struct Lisp_Symbol
+{};
+typedef uintptr_t Lisp_Word_tag;
+extern struct Lisp_Symbol lispsym[1608];
+union vectorlike_header
+{
+  ptrdiff_t size;
+};
+enum pvec_type
+{
+  PVEC_MARKER,
+};
+enum More_Lisp_Bits
+{
+  PSEUDOVECTOR_SIZE_BITS = 12,
+  PSEUDOVECTOR_REST_BITS = 12,
+  PSEUDOVECTOR_AREA_BITS = PSEUDOVECTOR_SIZE_BITS + PSEUDOVECTOR_REST_BITS,
+  PVEC_TYPE_MASK = 0x3f << PSEUDOVECTOR_AREA_BITS
+};
+static inline _Bool
+PSEUDOVECTORP(Lisp_Object a, int code)
+{
+  return (
+    ((((union vectorlike_header*)((uintptr_t)XLP((a)) -
+                                  (uintptr_t)(
+                                    (Lisp_Word_tag)(Lisp_Vectorlike)
+                                    << (((0x7fffffffffffffffL >> (3 - 1)) / 2 <
+                                         (9223372036854775807L))
+                                          ? 0
+                                          : VALBITS))))
+        ->size &
+      (((9223372036854775807L) - (9223372036854775807L) / 2) |
+       PVEC_TYPE_MASK)) ==
+     (((9223372036854775807L) - (9223372036854775807L) / 2) |
+      ((code) << PSEUDOVECTOR_AREA_BITS))));
+}
+static inline Lisp_Object
+make_lisp_symbol(struct Lisp_Symbol* sym)
+{
+  Lisp_Object a = ((Lisp_Word)(
+    ((Lisp_Word_tag)(Lisp_Symbol)
+     << (((0x7fffffffffffffffL >> (3 - 1)) / 2 < (9223372036854775807L))
+           ? 0
+           : VALBITS))));
+  return a;
+}
+static inline Lisp_Object
+builtin_lisp_symbol(int index)
+{
+  return make_lisp_symbol(&lispsym[index]);
+}
+static inline _Bool(BASE_EQ)(Lisp_Object x, Lisp_Object y)
+{
+  return (XLI(x) == XLI(y));
+}
+static inline _Bool(NILP)(Lisp_Object x)
+{
+  return BASE_EQ(x, builtin_lisp_symbol(0));
+}
+struct thread_state
+{
+  struct buffer* m_current_buffer;
+};
+extern struct thread_state* current_thread;
+struct Lisp_Marker
+{
+  struct buffer* buffer;
+};
+static inline _Bool
+MARKERP(Lisp_Object x)
+{
+  return PSEUDOVECTORP(x, PVEC_MARKER);
+}
+static inline struct Lisp_Marker*
+XMARKER(Lisp_Object a)
+{
+  return ((
+    struct Lisp_Marker*)((uintptr_t)XLP(a) -
+                         (uintptr_t)((Lisp_Word_tag)(Lisp_Vectorlike)
+                                     << (((0x7fffffffffffffffL >> (3 - 1)) / 2 <
+                                          (9223372036854775807L))
+                                           ? 0
+                                           : VALBITS))));
+}
+extern void
+unchain_marker();
+struct buffer
+{
+  Lisp_Object name_;
+};
+static inline struct buffer*
+XBUFFER(Lisp_Object a)
+{
+  return (
+    (struct buffer*)((uintptr_t)XLP(a) -
+                     (uintptr_t)((Lisp_Word_tag)(Lisp_Vectorlike)
+                                 << (((0x7fffffffffffffffL >> (3 - 1)) / 2 <
+                                      (9223372036854775807L))
+                                       ? 0
+                                       : VALBITS))));
+}
+static inline _Bool
+BUFFER_LIVE_P(struct buffer* b)
+{
+  return !NILP(((b)->name_));
+}
+static inline struct buffer*
+decode_buffer(Lisp_Object b)
+{
+  return NILP(b) ? (current_thread->m_current_buffer) : (XBUFFER(b));
+}
+static struct buffer*
+live_buffer(Lisp_Object buffer)
+{
+  struct buffer* b = decode_buffer(buffer);
+  return BUFFER_LIVE_P(b) ? b : ((void*)0);
+}
+Lisp_Object
+set_marker_internal(Lisp_Object position, Lisp_Object buffer)
+{
+  struct buffer* b = live_buffer(buffer);
+  if (NILP(position) || (MARKERP(position) && !XMARKER(position)->buffer) || !b) /* { dg-bogus "Wanalyzer-deref-before-check" } */
+    unchain_marker();
+}
-- 
2.26.3