https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93382
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:591b59ebfcd48319452ebbd954267c9a05ba4b78 commit r10-6164-g591b59ebfcd48319452ebbd954267c9a05ba4b78 Author: David Malcolm <dmalc...@redhat.com> Date: Wed Jan 22 09:37:18 2020 -0500 analyzer: fix ICE due to sm-state origin being purged (PR 93382) The ICE in PR analyzer/93382 is a validation error. The global variable "idx" acquires a "tainted" state from local array n1[0]. When the frame is popped, the svalue for n1[0] is purged, but the "taint" sm_state_map's entry for "idx" has a svalue_id referencing the now-purged svalue. This is caught by program_state::validate as an assertion failure. This patch fixes the issue by resetting the origin id within sm_state_map entries for the case where the origin id has been purged. gcc/analyzer/ChangeLog: PR analyzer/93382 * program-state.cc (sm_state_map::on_svalue_purge): If the entry survives, but the origin is being purged, then reset the origin to null. gcc/testsuite/ChangeLog: PR analyzer/93382 * gcc.dg/analyzer/pr93382.c: New test.
