analyzer: fix ICE with OFFSET_TYPE [PR 93899]

PR analyzer/93899 reports an ICE within make_region_for_type when handling a param of type OFFSET_TYPE within exploded_graph::add_function_entry. This patch fixes the ICE by further generalizing the "give up on this tree code" logic from r10-6667-gf76a88eb for PR analyzer/93388 and r10-6695-g2e623393 for PR analyzer/93778 by replacing the gcc_unreachable in make_region_for_type with a return of NULL, and handling this in add_region_for_type by notifying the ctxt. Doing so means that numerous places that create regions now need to have a context passed to them, so most of the patch is churn involved in passing a context around to where it's needed. gcc/analyzer/ChangeLog: PR analyzer/93899 * engine.cc (impl_region_model_context::impl_region_model_context): Add logger param. * engine.cc (exploded_graph::add_function_entry): Create an impl_region_model_context and pass it to the push_frame call. Bail if the resulting state is invalid. (exploded_graph::build_initial_worklist): Likewise. (exploded_graph::build_initial_worklist): Handle the case where add_function_entry fails. * exploded-graph.h (impl_region_model_context::impl_region_model_context): Add logger param. * region-model.cc (map_region::get_or_create): Add ctxt param and pass it to add_region_for_type. (map_region::can_merge_p): Pass NULL as a ctxt to call to get_or_create. (array_region::get_element): Pass ctxt to call to get_or_create. (array_region::get_or_create): Add ctxt param and pass it to add_region_for_type. (root_region::push_frame): Pass ctxt to get_or_create calls. (region_model::get_lvalue_1): Likewise. (region_model::make_region_for_unexpected_tree_code): Assert that ctxt is non-NULL. (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl and get_svalue_for_label calls. (region_model::get_svalue_for_fndecl): Add ctxt param and pass it to get_region_for_fndecl. (region_model::get_region_for_fndecl): Add ctxt param and pass it to get_or_create. (region_model::get_svalue_for_label): Add ctxt param and pass it to get_region_for_label. (region_model::get_region_for_label): Add ctxt param and pass it to get_region_for_fndecl and get_or_create. (region_model::get_field_region): Add ctxt param and pass it to get_or_create_view and get_or_create. (make_region_for_type): Replace gcc_unreachable with return NULL. (region_model::add_region_for_type): Add ctxt param. Handle a return of NULL from make_region_for_type by calling make_region_for_unexpected_tree_code. (region_model::get_or_create_mem_ref): Pass ctxt to calls to get_or_create_view. (region_model::get_or_create_view): Add ctxt param and pass it to add_region_for_type. (selftest::test_state_merging): Pass ctxt to get_or_create_view. * region-model.h (region_model::get_or_create): Add ctxt param. (region_model::add_region_for_type): Likewise. (region_model::get_svalue_for_fndecl): Likewise. (region_model::get_svalue_for_label): Likewise. (region_model::get_region_for_fndecl): Likewise. (region_model::get_region_for_label): Likewise. (region_model::get_field_region): Likewise. (region_model::get_or_create_view): Likewise. gcc/testsuite/ChangeLog: PR analyzer/93899 * g++.dg/analyzer/pr93899.C: New test.

analyzer: fix ICE with OFFSET_TYPE [PR 93899]
PR analyzer/93899 reports an ICE within make_region_for_type when handling a param of type OFFSET_TYPE within exploded_graph::add_function_entry. This patch fixes the ICE by further generalizing the "give up on this tree code" logic from r10-6667-gf76a88eb for PR analyzer/93388 and r10-6695-g2e623393 for PR analyzer/93778 by replacing the gcc_unreachable in make_region_for_type with a return of NULL, and handling this in add_region_for_type by notifying the ctxt. Doing so means that numerous places that create regions now need to have a context passed to them, so most of the patch is churn involved in passing a context around to where it's needed. gcc/analyzer/ChangeLog: PR analyzer/93899 * engine.cc (impl_region_model_context::impl_region_model_context): Add logger param. * engine.cc (exploded_graph::add_function_entry): Create an impl_region_model_context and pass it to the push_frame call. Bail if the resulting state is invalid. (exploded_graph::build_initial_worklist): Likewise. (exploded_graph::build_initial_worklist): Handle the case where add_function_entry fails. * exploded-graph.h (impl_region_model_context::impl_region_model_context): Add logger param. * region-model.cc (map_region::get_or_create): Add ctxt param and pass it to add_region_for_type. (map_region::can_merge_p): Pass NULL as a ctxt to call to get_or_create. (array_region::get_element): Pass ctxt to call to get_or_create. (array_region::get_or_create): Add ctxt param and pass it to add_region_for_type. (root_region::push_frame): Pass ctxt to get_or_create calls. (region_model::get_lvalue_1): Likewise. (region_model::make_region_for_unexpected_tree_code): Assert that ctxt is non-NULL. (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl and get_svalue_for_label calls. (region_model::get_svalue_for_fndecl): Add ctxt param and pass it to get_region_for_fndecl. (region_model::get_region_for_fndecl): Add ctxt param and pass it to get_or_create. (region_model::get_svalue_for_label): Add ctxt param and pass it to get_region_for_label. (region_model::get_region_for_label): Add ctxt param and pass it to get_region_for_fndecl and get_or_create. (region_model::get_field_region): Add ctxt param and pass it to get_or_create_view and get_or_create. (make_region_for_type): Replace gcc_unreachable with return NULL. (region_model::add_region_for_type): Add ctxt param. Handle a return of NULL from make_region_for_type by calling make_region_for_unexpected_tree_code. (region_model::get_or_create_mem_ref): Pass ctxt to calls to get_or_create_view. (region_model::get_or_create_view): Add ctxt param and pass it to add_region_for_type. (selftest::test_state_merging): Pass ctxt to get_or_create_view. * region-model.h (region_model::get_or_create): Add ctxt param. (region_model::add_region_for_type): Likewise. (region_model::get_svalue_for_fndecl): Likewise. (region_model::get_svalue_for_label): Likewise. (region_model::get_region_for_fndecl): Likewise. (region_model::get_region_for_label): Likewise. (region_model::get_field_region): Likewise. (region_model::get_or_create_view): Likewise. gcc/testsuite/ChangeLog: PR analyzer/93899 * g++.dg/analyzer/pr93899.C: New test.
3a25f345 · David Malcolm · a4dbb9b2 · 3a25f345 · 3a25f345 · 3a25f345
Commit 3a25f345 authored Feb 24, 2020 by David Malcolm
7 changed files
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
 2020-02-24  David Malcolm  <dmalcolm@redhat.com>
+	PR analyzer/93899
+	* engine.cc
+	(impl_region_model_context::impl_region_model_context): Add logger
+	param.
+	* engine.cc (exploded_graph::add_function_entry): Create an
+	impl_region_model_context and pass it to the push_frame call.
+	Bail if the resulting state is invalid.
+	(exploded_graph::build_initial_worklist): Likewise.
+	(exploded_graph::build_initial_worklist): Handle the case where
+	add_function_entry fails.
+	* exploded-graph.h
+	(impl_region_model_context::impl_region_model_context): Add logger
+	param.
+	* region-model.cc (map_region::get_or_create): Add ctxt param and
+	pass it to add_region_for_type.
+	(map_region::can_merge_p): Pass NULL as a ctxt to call to
+	get_or_create.
+	(array_region::get_element): Pass ctxt to call to get_or_create.
+	(array_region::get_or_create): Add ctxt param and pass it to
+	add_region_for_type.
+	(root_region::push_frame): Pass ctxt to get_or_create calls.
+	(region_model::get_lvalue_1): Likewise.
+	(region_model::make_region_for_unexpected_tree_code): Assert that
+	ctxt is non-NULL.
+	(region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
+	and get_svalue_for_label calls.
+	(region_model::get_svalue_for_fndecl): Add ctxt param and pass it
+	to get_region_for_fndecl.
+	(region_model::get_region_for_fndecl): Add ctxt param and pass it
+	to get_or_create.
+	(region_model::get_svalue_for_label): Add ctxt param and pass it
+	to get_region_for_label.
+	(region_model::get_region_for_label): Add ctxt param and pass it
+	to get_region_for_fndecl and get_or_create.
+	(region_model::get_field_region): Add ctxt param and pass it to
+	get_or_create_view and get_or_create.
+	(make_region_for_type): Replace gcc_unreachable with return NULL.
+	(region_model::add_region_for_type): Add ctxt param.  Handle a
+	return of NULL from make_region_for_type by calling
+	make_region_for_unexpected_tree_code.
+	(region_model::get_or_create_mem_ref): Pass ctxt to calls to
+	get_or_create_view.
+	(region_model::get_or_create_view): Add ctxt param and pass it to
+	add_region_for_type.
+	(selftest::test_state_merging): Pass ctxt to get_or_create_view.
+	* region-model.h (region_model::get_or_create): Add ctxt param.
+	(region_model::add_region_for_type): Likewise.
+	(region_model::get_svalue_for_fndecl): Likewise.
+	(region_model::get_svalue_for_label): Likewise.
+	(region_model::get_region_for_fndecl): Likewise.
+	(region_model::get_region_for_label): Likewise.
+	(region_model::get_field_region): Likewise.
+	(region_model::get_or_create_view): Likewise.
+2020-02-24  David Malcolm  <dmalcolm@redhat.com>
 	* checker-path.cc (superedge_event::should_filter_p): Update
 	filter for empty descriptions to cover verbosity level 3 as well
 	as 2.

--- a/gcc/analyzer/engine.cc
+++ b/gcc/analyzer/engine.cc
@@ -90,8 +90,9 @@ impl_region_model_context (exploded_graph &eg,
 impl_region_model_context::
 impl_region_model_context (program_state *state,
 			   state_change *change,
-			   const extrinsic_state &ext_state)
+			   const extrinsic_state &ext_state,
-: m_eg (NULL), m_logger (NULL), m_enode_for_diag (NULL),
+			   logger *logger)
+: m_eg (NULL), m_logger (logger), m_enode_for_diag (NULL),
  m_old_state (NULL),
  m_new_state (state),
  m_change (change),
@@ -1829,7 +1830,11 @@ exploded_graph::add_function_entry (function *fun)
 {
  program_point point = program_point::from_function_entry (m_sg, fun);
  program_state state (m_ext_state);
-  state.m_region_model->push_frame (fun, NULL, NULL);
+  impl_region_model_context ctxt (&state, NULL, m_ext_state, get_logger ());
+  state.m_region_model->push_frame (fun, NULL, &ctxt);
+  if (!state.m_valid)
+    return NULL;
  exploded_node *enode = get_or_create_node (point, state, NULL);
  /* We should never fail to add such a node.  */
@@ -2150,8 +2155,13 @@ exploded_graph::build_initial_worklist ()
      continue;
    exploded_node *enode = add_function_entry (fun);
    if (logger)
-      logger->log ("created EN %i for %qE entrypoint",
+      {
-		   enode->m_index, fun->decl);
+	if (enode)
+	  logger->log ("created EN %i for %qE entrypoint",
+		       enode->m_index, fun->decl);
+	else
+	  logger->log ("did not create enode for %qE entrypoint", fun->decl);
+      }
  }
 }

--- a/gcc/analyzer/exploded-graph.h
+++ b/gcc/analyzer/exploded-graph.h
@@ -43,7 +43,8 @@ class impl_region_model_context : public region_model_context
  impl_region_model_context (program_state *state,
 			     state_change *change,
-			     const extrinsic_state &ext_state);
+			     const extrinsic_state &ext_state,
+			     logger *logger = NULL);
  void warn (pending_diagnostic *d) FINAL OVERRIDE;

--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
--- a/gcc/analyzer/region-model.h
+++ b/gcc/analyzer/region-model.h
@@ -978,7 +978,8 @@ public:
  region_id get_or_create (region_model *model,
 			   region_id this_rid,
-			   tree expr, tree type);
+			   tree expr, tree type,
+			   region_model_context *ctxt);
  void unbind (tree expr);
  region_id *get (tree expr);
@@ -1374,7 +1375,8 @@ public:
  region_id get_or_create (region_model *model,
 			   region_id this_rid,
-			   key_t key, tree type);
+			   key_t key, tree type,
+			   region_model_context *ctxt);
 //  void unbind (int expr);
  region_id *get (key_t key);
@@ -1719,7 +1721,8 @@ class region_model
  region_id add_region (region *r);
-  region_id add_region_for_type (region_id parent_rid, tree type);
+  region_id add_region_for_type (region_id parent_rid, tree type,
+				 region_model_context *ctxt);
  svalue *get_svalue (svalue_id sval_id) const;
  region *get_region (region_id rid) const;
@@ -1740,16 +1743,19 @@ class region_model
  svalue_id get_or_create_ptr_svalue (tree ptr_type, region_id id);
  svalue_id get_or_create_constant_svalue (tree cst_expr);
-  svalue_id get_svalue_for_fndecl (tree ptr_type, tree fndecl);
+  svalue_id get_svalue_for_fndecl (tree ptr_type, tree fndecl,
-  svalue_id get_svalue_for_label (tree ptr_type, tree label);
+				   region_model_context *ctxt);
+  svalue_id get_svalue_for_label (tree ptr_type, tree label,
+				  region_model_context *ctxt);
-  region_id get_region_for_fndecl (tree fndecl);
+  region_id get_region_for_fndecl (tree fndecl, region_model_context *ctxt);
-  region_id get_region_for_label (tree label);
+  region_id get_region_for_label (tree label, region_model_context *ctxt);
  svalue_id maybe_cast (tree type, svalue_id sid, region_model_context *ctxt);
  svalue_id maybe_cast_1 (tree type, svalue_id sid);
-  region_id get_field_region (region_id rid, tree field);
+  region_id get_field_region (region_id rid, tree field,
+			      region_model_context *ctxt);
  region_id deref_rvalue (svalue_id ptr_sid, region_model_context *ctxt);
  region_id deref_rvalue (tree ptr, region_model_context *ctxt);
@@ -1826,7 +1832,8 @@ class region_model
 					     svalue_id ptr_sid,
 					     svalue_id offset_sid,
 					     region_model_context *ctxt);
-  region_id get_or_create_view (region_id raw_rid, tree type);
+  region_id get_or_create_view (region_id raw_rid, tree type,
+				region_model_context *ctxt);
  tree get_fndecl_for_call (const gcall *call,
 			    region_model_context *ctxt);

--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2020-02-24  David Malcolm  <dmalcolm@redhat.com>
+	PR analyzer/93899
+	* g++.dg/analyzer/pr93899.C: New test.
 2020-02-24  Martin Sebor  <msebor@redhat.com>
 	PR c++/93804

--- a/gcc/testsuite/g++.dg/analyzer/pr93899.C
+++ b/gcc/testsuite/g++.dg/analyzer/pr93899.C
+// { dg-do compile { target c++11 } }
+#include "../abi/mangle55.C"