From: David Malcolm Date: Fri, 21 Jan 2022 14:56:56 +0000 (-0500) Subject: analyzer: fix ICE on vector casts [PR104159] X-Git-Tag: basepoints/gcc-13~1496 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45b999f642a531c083c982dda79fa6ad65730a7c;p=thirdparty%2Fgcc.git analyzer: fix ICE on vector casts [PR104159] PR analyzer/104159 describes an ICE attempting to convert a vector_cst, which occurs when symbolically executing within a recursive call on: _4 = BIT_FIELD_REF ; _1 = VIEW_CONVERT_EXPR(_4); where the BIT_FIELD_REF leads to a get_or_create_cast from VEC to VEC which get_code_for_cast erroneously picks NOP_EXPR for the cast, leading to a bogus input to the VIEW_CONVERT_EXPR. This patch fixes the issue by giving up on attempts to cast symbolic values of vector types, treating the result of such casts as unknowable. gcc/analyzer/ChangeLog: PR analyzer/104159 * region-model-manager.cc (region_model_manager::get_or_create_cast): Bail out if the types are the same. Don't attempt to handle casts involving vector types. gcc/testsuite/ChangeLog: PR analyzer/104159 * gcc.dg/analyzer/torture/pr104159.c: New test. Signed-off-by: David Malcolm --- diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc index bb93526807f1..e765e7f484f3 100644 --- a/gcc/analyzer/region-model-manager.cc +++ b/gcc/analyzer/region-model-manager.cc @@ -497,6 +497,17 @@ const svalue * region_model_manager::get_or_create_cast (tree type, const svalue *arg) { gcc_assert (type); + + /* No-op if the types are the same. */ + if (type == arg->get_type ()) + return arg; + + /* Don't attempt to handle casts involving vector types for now. */ + if (TREE_CODE (type) == VECTOR_TYPE + || (arg->get_type () + && TREE_CODE (arg->get_type ()) == VECTOR_TYPE)) + return get_or_create_unknown_svalue (type); + enum tree_code op = get_code_for_cast (type, arg->get_type ()); return get_or_create_unaryop (type, op, arg); } diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c b/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c new file mode 100644 index 000000000000..1346b4b60639 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/torture/pr104159.c @@ -0,0 +1,18 @@ +/* { dg-additional-options "-Wno-analyzer-use-of-uninitialized-value" } */ + +typedef int __attribute__((__vector_size__(4))) T; +typedef unsigned __attribute__((__vector_size__(4))) U; +typedef unsigned __attribute__((__vector_size__(16))) V; +typedef unsigned long __attribute__((__vector_size__(16))) W; + +U u; +T t; + +void +foo(W w) { + U u = __builtin_shufflevector((V)w, u, 0); + t = (T){} + u + u; + foo((W){}); + for (;;) + ; +}