analyzer: fix ICE getting void return value (PR 93379)

PR analyzer/93379 reports an ICE within region_model::update_for_return_superedge when writing the returned svalue_id to the lhs of the call_stmt The root cause is that this analyzer code assumed that for any call with a non-NULL gimple_call_lhs, the called fndecl would have non-void return type, and thus that a non-null svalue_id would be returned from region_model::pop_frame. This isn't the case e.g. for a call with conflicting types where the callee returns void but the caller assumes int. This patch fixes the ICE by moving the check for null result so that it also guards setting the lhs. gcc/analyzer/ChangeLog: PR analyzer/93379 * region-model.cc (region_model::update_for_return_superedge): Move check for null result so that it also guards setting the lhs. gcc/testsuite/ChangeLog: PR analyzer/93379 * gcc.dg/analyzer/torture/pr93379-2.c: New test. * gcc.dg/analyzer/torture/pr93379.c: New test.
2025-03-23 07:00:27 +08:00 · 2020-01-31 12:05:03 -05:00 · 2020-01-31 12:05:03 -05:00 · f1c807e887
commit f1c807e887
parent 455f58ec50
5 changed files with 30 additions and 1 deletions
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@ -1,3 +1,10 @@
+2020-01-31  David Malcolm  <dmalcolm@redhat.com>
+
+	PR analyzer/93379
+	* region-model.cc (region_model::update_for_return_superedge):
+	Move check for null result so that it also guards setting the
+	lhs.
+
 2020-01-31  David Malcolm  <dmalcolm@redhat.com>

 	PR analyzer/93438
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@ -5694,12 +5694,15 @@ region_model::update_for_return_superedge (const return_superedge &return_edge,
  svalue_id result_sid = pop_frame (true, &stats, ctxt);
  // TODO: do something with the stats?

+  if (result_sid.null_p ())
+    return;
+
  /* Set the result of the call, within the caller frame.  */
  const gcall *call_stmt = return_edge.get_call_stmt ();
  tree lhs = gimple_call_lhs (call_stmt);
  if (lhs)
    set_value (get_lvalue (lhs, ctxt), result_sid, ctxt);
-  else if (!result_sid.null_p ())
+  else
    {
      /* This could be a leak; try purging again, but this time,
 	 don't special-case the result_sid.  */
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@ -1,3 +1,9 @@
+2020-01-31  David Malcolm  <dmalcolm@redhat.com>
+
+	PR analyzer/93379
+	* gcc.dg/analyzer/torture/pr93379-2.c: New test.
+	* gcc.dg/analyzer/torture/pr93379.c: New test.
+
 2020-01-31  David Malcolm  <dmalcolm@redhat.com>

 	PR analyzer/93438
--- a/gcc/testsuite/gcc.dg/analyzer/torture/pr93379-2.c
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr93379-2.c
@ -0,0 +1,11 @@
+/* { dg-do compile } */
+/* { dg-additional-options "-Wno-implicit-function-declaration" } */
+
+void foo (void)
+{
+  int i = actually_returns_void ();
+}
+
+void actually_returns_void (void) /* { dg-warning "conflicting types" } */
+{
+}
--- a/gcc/testsuite/gcc.dg/analyzer/torture/pr93379.c
+++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr93379.c
@ -0,0 +1,2 @@
+/* { dg-do compile } */
+#include "../../torture/pr57330.c"