Hi! The following testcase ICEs because DECL_FUNCTION_CODE asserts the builtin is BUILT_IN_NORMAL, but it sees a backend (MD) builtin instead. The FE, normal and MD builtin numbers overlap, so one should always check what kind of builtin it is before looking at specific codes.
Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk? On the other side, region-model.cc has: if (fndecl_built_in_p (callee_fndecl, BUILT_IN_NORMAL) && gimple_builtin_call_types_compatible_p (call, callee_fndecl)) switch (DECL_UNCHECKED_FUNCTION_CODE (callee_fndecl)) which IMO should use DECL_FUNCTION_CODE instead, it checked first it is a normal builtin... 2021-08-03 Jakub Jelinek <ja...@redhat.com> PR analyzer/101721 * sm-malloc.cc (known_allocator_p): Only check DECL_FUNCTION_CODE on BUILT_IN_NORMAL builtins. * gcc.dg/analyzer/pr101721.c: New test. --- gcc/analyzer/sm-malloc.cc.jj 2021-07-29 13:24:42.664013344 +0200 +++ gcc/analyzer/sm-malloc.cc 2021-08-02 17:42:17.312821855 +0200 @@ -1543,7 +1543,7 @@ known_allocator_p (const_tree fndecl, co /* ... or it is a builtin allocator that allocates objects freed with __builtin_free. */ - if (fndecl_built_in_p (fndecl)) + if (fndecl_built_in_p (fndecl, BUILT_IN_NORMAL)) switch (DECL_FUNCTION_CODE (fndecl)) { case BUILT_IN_MALLOC: --- gcc/testsuite/gcc.dg/analyzer/pr101721.c.jj 2021-08-02 17:48:50.375370371 +0200 +++ gcc/testsuite/gcc.dg/analyzer/pr101721.c 2021-08-02 17:49:38.967696432 +0200 @@ -0,0 +1,8 @@ +/* PR analyzer/101721 */ +/* { dg-do compile { target i?86-*-* x86_64-*-* } } */ + +void +foo () +{ + __builtin_ia32_pause (); +} Jakub