https://gcc.gnu.org/g:810d35a7e054bcbb5b66d2e5924428e445f5fba9
commit r13-8757-g810d35a7e054bcbb5b66d2e5924428e445f5fba9
Author: David Malcolm <dmalc...@redhat.com>
Date: Thu May 9 13:09:31 2024 -0400
analyzer: fix ICE due to type mismatch when replaying call summary
[PR114473]
gcc/analyzer/ChangeLog:
PR analyzer/114473
* call-summary.cc
(call_summary_replay::convert_svalue_from_summary): Assert that
the types match.
(call_summary_replay::convert_region_from_summary): Likewise.
(call_summary_replay::convert_region_from_summary_1): Add missing
cast for the deref of RK_SYMBOLIC case.
gcc/testsuite/ChangeLog:
PR analyzer/114473
* gcc.dg/analyzer/call-summaries-pr114473.c: New test.
(cherry picked from commit r14-9697-gfdd59818e2abf6)
Signed-off-by: David Malcolm <dmalc...@redhat.com>
Diff:
---
gcc/analyzer/call-summary.cc | 12 +++++++++
.../gcc.dg/analyzer/call-summaries-pr114473.c | 31 ++++++++++++++++++++++
2 files changed, 43 insertions(+)
diff --git a/gcc/analyzer/call-summary.cc b/gcc/analyzer/call-summary.cc
index a18a1b1b40a7..836dcd4318d4 100644
--- a/gcc/analyzer/call-summary.cc
+++ b/gcc/analyzer/call-summary.cc
@@ -234,6 +234,11 @@ call_summary_replay::convert_svalue_from_summary (const
svalue *summary_sval)
const svalue *caller_sval = convert_svalue_from_summary_1 (summary_sval);
+ if (caller_sval)
+ if (summary_sval->get_type () && caller_sval->get_type ())
+ gcc_assert (types_compatible_p (summary_sval->get_type (),
+ caller_sval->get_type ()));
+
/* Add to cache. */
add_svalue_mapping (summary_sval, caller_sval);
@@ -551,6 +556,11 @@ call_summary_replay::convert_region_from_summary (const
region *summary_reg)
const region *caller_reg = convert_region_from_summary_1 (summary_reg);
+ if (caller_reg)
+ if (summary_reg->get_type () && caller_reg->get_type ())
+ gcc_assert (types_compatible_p (summary_reg->get_type (),
+ caller_reg->get_type ()));
+
/* Add to cache. */
add_region_mapping (summary_reg, caller_reg);
@@ -601,6 +611,8 @@ call_summary_replay::convert_region_from_summary_1 (const
region *summary_reg)
= get_caller_model ()->deref_rvalue (caller_ptr_sval,
NULL_TREE,
get_ctxt ());
+ caller_reg = mgr->get_cast_region (caller_reg,
+ summary_reg->get_type ());
return caller_reg;
}
break;
diff --git a/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr114473.c
b/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr114473.c
new file mode 100644
index 000000000000..4598840f0dff
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/call-summaries-pr114473.c
@@ -0,0 +1,31 @@
+/* { dg-additional-options "-fanalyzer-call-summaries" } */
+
+int a;
+extern int *q[];
+
+int *
+baz (int *src)
+{
+ while (a)
+ {
+ src && a;
+ return src;
+ }
+}
+
+void
+bar (int **src)
+{
+ for (unsigned j = 0; j;)
+ a = 0;
+ while (a)
+ baz (src[0]);
+}
+
+void
+foo (void)
+{
+ bar (q);
+ baz (&a);
+ bar (q);
+}
