PR analyzer/93546 reports an ICE within region_model::add_region_for_type
when merging two region_models each containing a label pointer. The
two labels are stored as pointers to symbolic_regions, but these regions
were created with NULL type, leading to an assertion failure when a
merged copy is created.
The labels themselves have void (but not NULL) type.
This patch updates make_region_for_type to use the type of the decl when
creating such regions, rather than implicitly setting the region's type
to NULL, fixing the ICE.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r10-6410-g5e10b9a28be9061b9b0c4aa3cfabe6d478e444e0.
gcc/analyzer/ChangeLog:
PR analyzer/93546
* region-model.cc (region_model::on_call_pre): Update for new
param of symbolic_region ctor.
(region_model::deref_rvalue): Likewise.
(region_model::add_new_malloc_region): Likewise.
(make_region_for_type): Likewise, preserving type.
* region-model.h (symbolic_region::symbolic_region): Add "type"
param and pass it to base class ctor.
gcc/testsuite/ChangeLog:
PR analyzer/93546
* gcc.dg/analyzer/pr93546.c: New test.
---
gcc/analyzer/region-model.cc | 8 ++++----
gcc/analyzer/region-model.h | 4 ++--
gcc/testsuite/gcc.dg/analyzer/pr93546.c | 10 ++++++++++
3 files changed, 16 insertions(+), 6 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93546.c
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 679479c8b5c..38cf3b93b28 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4163,7 +4163,7 @@ region_model::on_call_pre (const gcall *call,
region_model_context *ctxt)
{
region_id frame_rid = get_current_frame_id ();
region_id new_rid
- = add_region (new symbolic_region (frame_rid, false));
+ = add_region (new symbolic_region (frame_rid, NULL_TREE, false));
if (!lhs_rid.null_p ())
{
svalue_id ptr_sid
@@ -5113,7 +5113,7 @@ region_model::deref_rvalue (svalue_id ptr_sid,
region_model_context *ctxt)
We don't know if it on the heap, stack, or a global,
so use the root region as parent. */
region_id new_rid
- = add_region (new symbolic_region (m_root_rid, false));
+ = add_region (new symbolic_region (m_root_rid, NULL_TREE, false));
/* We need to write the region back into the pointer,
or we'll get a new, different region each time.
@@ -5455,7 +5455,7 @@ region_model::add_new_malloc_region ()
{
region_id heap_rid
= get_root_region ()->ensure_heap_region (this);
- return add_region (new symbolic_region (heap_rid, true));
+ return add_region (new symbolic_region (heap_rid, NULL_TREE, true));
}
/* Attempt to return a tree that represents SID, or return NULL_TREE.
@@ -6006,7 +6006,7 @@ make_region_for_type (region_id parent_rid, tree type)
/* If we have a void *, make a new symbolic region. */
if (VOID_TYPE_P (type))
- return new symbolic_region (parent_rid, false);
+ return new symbolic_region (parent_rid, type, false);
gcc_unreachable ();
}
diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h
index 70e3eb4c716..7768e45134f 100644
--- a/gcc/analyzer/region-model.h
+++ b/gcc/analyzer/region-model.h
@@ -1606,8 +1606,8 @@ namespace ana {
class symbolic_region : public region
{
public:
- symbolic_region (region_id parent_rid, bool possibly_null)
- : region (parent_rid, svalue_id::null (), NULL_TREE),
+ symbolic_region (region_id parent_rid, tree type, bool possibly_null)
+ : region (parent_rid, svalue_id::null (), type),
m_possibly_null (possibly_null)
{}
symbolic_region (const symbolic_region &other);
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93546.c
b/gcc/testsuite/gcc.dg/analyzer/pr93546.c
new file mode 100644
index 00000000000..432a6433be5
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr93546.c
@@ -0,0 +1,10 @@
+/* { dg-do compile } */
+
+void
+ch (int x1)
+{
+ ({ bx: &&bx; });
+ while (x1 == 0)
+ {
+ }
+}
--
2.21.0
