[Bug analyzer/93288] ICE in supergraph.cc:180

Tue, 11 Feb 2020 18:09:26 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288

--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>:

https://gcc.gnu.org/g:91f993b7e31ce85676148dca180bc0d827d4245e

commit r10-6590-g91f993b7e31ce85676148dca180bc0d827d4245e
Author: David Malcolm <dmalc...@redhat.com>
Date:   Wed Feb 5 21:29:04 2020 -0500

    analyzer: use ultimate alias target at calls (PR 93288)

    PR analyzer/93288 reports an ICE in a C++ testcase when calling a
    constructor.

    The issue is that when building the supergraph, we encounter the
    cgraph edge to "__ct_comp ", the DECL_COMPLETE_CONSTRUCTOR_P, and
    this node's DECL_STRUCT_FUNCTION has a NULL CFG, which the analyzer
    reads through, leading to the ICE.

    This patch reworks function and fndecl lookup at calls throughout the
    analyzer so that it looks for the ultimate_alias_target of the callee.
    In the case above, this means using the "__ct_base " for the ctor,
    which has a CFG, fixing the ICE.

    Getting this right allows for some simple C++ cases involving ctors to
    work, so the patch also adds some test coverage for that.

    gcc/analyzer/ChangeLog:
        PR analyzer/93288
        * analysis-plan.cc (analysis_plan::use_summary_p): Look through
        the ultimate_alias_target when getting the called function.
        * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
        "sm_ctxt".  Use the region_model's get_fndecl_for_call rather than
        gimple_call_fndecl.
        * region-model.cc (region_model::get_fndecl_for_call): Use
        ultimate_alias_target on fndecl.
        * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
        function.
        (supergraph_call_edge): Use it when rejecting edges without
        functions.
        (supergraph::supergraph): Use it to get the function for the
        cgraph_edge when building interprocedural superedges.
        (callgraph_superedge::get_callee_function):  Use it.
        * supergraph.h (supergraph::get_num_snodes): Make param const.
        (supergraph::function_to_num_snodes_t): Make first type param
        const.

    gcc/testsuite/ChangeLog:
        PR analyzer/93288
        * g++.dg/analyzer/malloc.C: Add test coverage for a double-free
        called in a constructor.
        * g++.dg/analyzer/pr93288.C: New test.

Reply via email to