[pushed] analyzer: fix ICE on certain pointer subtractions [PR110387]
Checks
Commit Message
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r14-2688-g5a0aff76a99804.
gcc/analyzer/ChangeLog:
PR analyzer/110387
* region.h (struct cast_region::key_t): Support "m_type" being
null by using "m_original_region" for empty/deleted slots.
gcc/testsuite/ChangeLog:
PR analyzer/110387
* gcc.dg/analyzer/out-of-bounds-pr110387.c: New test.
---
gcc/analyzer/region.h | 16 +++++++++++-----
.../gcc.dg/analyzer/out-of-bounds-pr110387.c | 19 +++++++++++++++++++
2 files changed, 30 insertions(+), 5 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/out-of-bounds-pr110387.c
@@ -1107,7 +1107,7 @@ public:
key_t (const region *original_region, tree type)
: m_original_region (original_region), m_type (type)
{
- gcc_assert (type);
+ gcc_assert (original_region);
}
hashval_t hash () const
@@ -1124,10 +1124,16 @@ public:
&& m_type == other.m_type);
}
- void mark_deleted () { m_type = reinterpret_cast<tree> (1); }
- void mark_empty () { m_type = NULL_TREE; }
- bool is_deleted () const { return m_type == reinterpret_cast<tree> (1); }
- bool is_empty () const { return m_type == NULL_TREE; }
+ void mark_deleted ()
+ {
+ m_original_region = reinterpret_cast<const region *> (1);
+ }
+ void mark_empty () { m_original_region = nullptr; }
+ bool is_deleted () const
+ {
+ return m_original_region == reinterpret_cast<const region *> (1);
+ }
+ bool is_empty () const { return m_original_region == nullptr; }
const region *m_original_region;
tree m_type;
new file mode 100644
@@ -0,0 +1,19 @@
+char a, b, c, d;
+long x;
+
+void
+_S_copy (long __n)
+{
+ __builtin_memcpy (&a, &d, __n); /* { dg-prune-output "-Wanalyzer-out-of-bounds" } */
+ /* This only warns on some targets; the purpose of the test is to verify that
+ we don't ICE. */
+}
+
+void
+_M_construct ()
+{
+ x = &c - &b;
+ unsigned long __dnew = x;
+ if (__dnew > 1)
+ _S_copy (&c - &b);
+}