analyzer: Fix ICE on MD builtin [PR101721]

The following testcase ICEs because DECL_FUNCTION_CODE asserts the builtin
is BUILT_IN_NORMAL, but it sees a backend (MD) builtin instead.
The FE, normal and MD builtin numbers overlap, so one should always
check what kind of builtin it is before looking at specific codes.

On the other side, region-model.cc has:
      if (fndecl_built_in_p (callee_fndecl, BUILT_IN_NORMAL)
          && gimple_builtin_call_types_compatible_p (call, callee_fndecl))
        switch (DECL_UNCHECKED_FUNCTION_CODE (callee_fndecl))
which IMO should use DECL_FUNCTION_CODE instead, it checked first it is
a normal builtin...

2021-08-03  Jakub Jelinek  <jakub@redhat.com>

	PR analyzer/101721
	* sm-malloc.cc (known_allocator_p): Only check DECL_FUNCTION_CODE on
	BUILT_IN_NORMAL builtins.

	* gcc.dg/analyzer/pr101721.c: New test.

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index 4f07d1f9257c345f4cc1c1524073c986d1fabbd6..74c6fee263821b647a5dde516dca74e889b668a7 100644 (file)
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -1543,7 +1543,7 @@ known_allocator_p (const_tree fndecl, const gcall *call)
 
   /* ... or it is a builtin allocator that allocates objects freed with
      __builtin_free.  */
-  if (fndecl_built_in_p (fndecl))
+  if (fndecl_built_in_p (fndecl, BUILT_IN_NORMAL))
     switch (DECL_FUNCTION_CODE (fndecl))
       {
       case BUILT_IN_MALLOC:

diff --git a/gcc/testsuite/gcc.dg/analyzer/pr101721.c b/gcc/testsuite/gcc.dg/analyzer/pr101721.c
new file mode 100644 (file)
index 0000000..07ef2d6
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr101721.c
@@ -0,0 +1,8 @@
+/* PR analyzer/101721 */
+/* { dg-do compile { target i?86-*-* x86_64-*-* } } */
+
+void
+foo ()
+{
+  __builtin_ia32_pause ();
+}