PR analyzer/93288 reports an ICE in a C++ testcase when calling a
constructor.
The issue is that when building the supergraph, we encounter the
cgraph edge to "__ct_comp ", the DECL_COMPLETE_CONSTRUCTOR_P, and
this node's DECL_STRUCT_FUNCTION has a NULL CFG, which the analyzer
reads through, leading to the ICE.
This patch reworks function and fndecl lookup at calls throughout the
analyzer so that it looks for the ultimate_alias_target of the callee.
In the case above, this means using the "__ct_base " for the ctor,
which has a CFG, fixing the ICE.
Getting this right allows for some simple C++ cases involving ctors to
work, so the patch also adds some test coverage for that.
gcc/analyzer/ChangeLog:
PR analyzer/93288
* analysis-plan.cc (analysis_plan::use_summary_p): Look through
the ultimate_alias_target when getting the called function.
* engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
"sm_ctxt". Use the region_model's get_fndecl_for_call rather than
gimple_call_fndecl.
* region-model.cc (region_model::get_fndecl_for_call): Use
ultimate_alias_target on fndecl.
* supergraph.cc (get_ultimate_function_for_cgraph_edge): New
function.
(supergraph_call_edge): Use it when rejecting edges without
functions.
(supergraph::supergraph): Use it to get the function for the
cgraph_edge when building interprocedural superedges.
(callgraph_superedge::get_callee_function): Use it.
* supergraph.h (supergraph::get_num_snodes): Make param const.
(supergraph::function_to_num_snodes_t): Make first type param
const.
gcc/testsuite/ChangeLog:
PR analyzer/93288
* g++.dg/analyzer/malloc.C: Add test coverage for a double-free
called in a constructor.
* g++.dg/analyzer/pr93288.C: New test.
