From patchwork Wed Aug 26 01:43:44 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Malcolm <dmalcolm@redhat.com>
X-Patchwork-Id: 1351590
Return-Path: <gcc-patches-bounces@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org
 (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org;
 envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=gcc.gnu.org
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256
 header.s=default header.b=SVCcwFUw;
	dkim-atps=neutral
Received: from sourceware.org (server2.sourceware.org
 [IPv6:2620:52:3:1:0:246e:9693:128c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BbpYh02sBz9sSJ
	for <incoming@patchwork.ozlabs.org>; Wed, 26 Aug 2020 11:44:07 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 350B938618EB;
	Wed, 26 Aug 2020 01:44:05 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 350B938618EB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1598406245;
	bh=UqtAynfT9hm9TTmz5DIBXEiL4Qj3eMpbuxqYpENYDB4=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=SVCcwFUwjDHWNSBI7DqXUCdLnJPY109RkhgeNZfFNVWzkjc1A3os8ltr9YH354ozj
	 A8+wNMCdwlNiq12971zx5wEVgHhdlCsWktOCxfaAT45Z9J75BbhdOD8KU4pqRDvu0N
	 PKqJQFHWHBawDgC/7bjrEry0TbZVwTnl19wD4N+Q=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by sourceware.org (Postfix) with ESMTP id 31D8F385782E
 for <gcc-patches@gcc.gnu.org>; Wed, 26 Aug 2020 01:44:02 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 31D8F385782E
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-149-_zK8EFLFMmCmY_EoTNEvJg-1; Tue, 25 Aug 2020 21:43:47 -0400
X-MC-Unique: _zK8EFLFMmCmY_EoTNEvJg-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2D6BB801ADD
 for <gcc-patches@gcc.gnu.org>; Wed, 26 Aug 2020 01:43:46 +0000 (UTC)
Received: from t470.redhat.com (ovpn-113-239.phx2.redhat.com [10.3.113.239])
 by smtp.corp.redhat.com (Postfix) with ESMTP id C823E709D2;
 Wed, 26 Aug 2020 01:43:45 +0000 (UTC)
To: gcc-patches@gcc.gnu.org
Subject: [committed] analyzer: fix ICE on initializers for unsized array
 fields [PR96777]
Date: Tue, 25 Aug 2020 21:43:44 -0400
Message-Id: <20200826014344.10527-1-dmalcolm@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Mimecast-Spam-Score: 0.001
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-13.6 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: David Malcolm via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: David Malcolm <dmalcolm@redhat.com>
Reply-To: David Malcolm <dmalcolm@redhat.com>
Errors-To: gcc-patches-bounces@gcc.gnu.org
Sender: "Gcc-patches" <gcc-patches-bounces@gcc.gnu.org>

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2854-gd88c8df70342fcd6817e23f243ff38d0fe42fc6b.

gcc/analyzer/ChangeLog:
	PR analyzer/96777
	* region-model.h (class compound_svalue): Document that all keys
	must be concrete.
	(compound_svalue::compound_svalue): Move definition to svalue.cc.
	* store.cc (binding_map::apply_ctor_to_region): Handle
	initializers for trailing arrays with incomplete size.
	* svalue.cc (compound_svalue::compound_svalue): Move definition
	here from region-model.h.  Add assertion that all keys are
	concrete.

gcc/testsuite/ChangeLog:
	PR analyzer/96777
	* gcc.dg/analyzer/pr96777.c: New test.
---
 gcc/analyzer/region-model.h             |  9 ++++-----
 gcc/analyzer/store.cc                   | 25 +++++++++++++++++++++++++
 gcc/analyzer/svalue.cc                  | 14 ++++++++++++++
 gcc/testsuite/gcc.dg/analyzer/pr96777.c | 12 ++++++++++++
 4 files changed, 55 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr96777.c

diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h
index 79d739e3a7b..f325a8b8381 100644
--- a/gcc/analyzer/region-model.h
+++ b/gcc/analyzer/region-model.h
@@ -1109,6 +1109,9 @@ namespace ana {
    mapping, but are required to use an svalue, such as when handling
    compound assignments and compound return values.
 
+   All keys within the underlying binding_map are required to be concrete,
+   not symbolic.
+
    Instances of this class shouldn't be bound as-is into the store;
    instead they should be unpacked.  Similarly, they should not be
    nested.  */
@@ -1150,11 +1153,7 @@ public:
     const binding_map *m_map_ptr;
   };
 
-  compound_svalue (tree type, const binding_map &map)
-  : svalue (calc_complexity (map), type),
-    m_map (map)
-  {
-  }
+  compound_svalue (tree type, const binding_map &map);
 
   enum svalue_kind get_kind () const FINAL OVERRIDE { return SK_COMPOUND; }
   const compound_svalue *dyn_cast_compound_svalue () const { return this; }
diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc
index 298088f6ef9..8439366f0b5 100644
--- a/gcc/analyzer/store.cc
+++ b/gcc/analyzer/store.cc
@@ -429,6 +429,31 @@ binding_map::apply_ctor_to_region (const region *parent_reg, tree ctor,
 	  const binding_key *k
 	    = binding_key::make (mgr->get_store_manager (), child_reg,
 				 BK_direct);
+	  /* Handle the case where we have an unknown size for child_reg
+	     (e.g. due to it being a trailing field with incomplete array
+	     type.  */
+	  if (!k->concrete_p ())
+	    {
+	      /* Assume that sval has a well-defined size for this case.  */
+	      tree sval_type = sval->get_type ();
+	      gcc_assert (sval_type);
+	      HOST_WIDE_INT sval_byte_size = int_size_in_bytes (sval_type);
+	      gcc_assert (sval_byte_size != -1);
+	      bit_size_t sval_bit_size = sval_byte_size * BITS_PER_UNIT;
+	      /* Get offset of child relative to base region.  */
+	      region_offset child_base_offset = child_reg->get_offset ();
+	      gcc_assert (!child_base_offset.symbolic_p ());
+	      /* Convert to an offset relative to the parent region.  */
+	      region_offset parent_base_offset = parent_reg->get_offset ();
+	      gcc_assert (!parent_base_offset.symbolic_p ());
+	      bit_offset_t child_parent_offset
+		= (child_base_offset.get_bit_offset ()
+		   - parent_base_offset.get_bit_offset ());
+	      /* Create a concrete key for the child within the parent.  */
+	      k = mgr->get_store_manager ()->get_concrete_binding
+		(child_parent_offset, sval_bit_size, BK_direct);
+	    }
+	  gcc_assert (k->concrete_p ());
 	  put (k, sval);
 	}
     }
diff --git a/gcc/analyzer/svalue.cc b/gcc/analyzer/svalue.cc
index eabb13affcb..99b5507a43c 100644
--- a/gcc/analyzer/svalue.cc
+++ b/gcc/analyzer/svalue.cc
@@ -910,6 +910,20 @@ unmergeable_svalue::implicitly_live_p (const svalue_set &live_svalues,
 
 /* class compound_svalue : public svalue.  */
 
+compound_svalue::compound_svalue (tree type, const binding_map &map)
+: svalue (calc_complexity (map), type), m_map (map)
+{
+  /* All keys within the underlying binding_map are required to be concrete,
+     not symbolic.  */
+#if CHECKING_P
+  for (iterator_t iter = begin (); iter != end (); ++iter)
+    {
+      const binding_key *key = (*iter).first;
+      gcc_assert (key->concrete_p ());
+    }
+#endif
+}
+
 /* Implementation of svalue::dump_to_pp vfunc for compound_svalue.  */
 
 void
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96777.c b/gcc/testsuite/gcc.dg/analyzer/pr96777.c
new file mode 100644
index 00000000000..2bb2a4e0be3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96777.c
@@ -0,0 +1,12 @@
+struct ge {
+  char au;
+  char pz[];
+};
+
+struct ge tr = { 'X', 'X', };
+
+int
+main (void)
+{
+  return tr.pz[0] == 'X';
+}