Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-3471-g29f5db8ef81fac4db8e66e5f06fdf1d469e8161c.

gcc/analyzer/ChangeLog:
        PR analyzer/96646
        PR analyzer/96841
        * region-model.cc (region_model::get_representative_path_var):
        When handling offset_region, wrap the MEM_REF's first argument in
        an ADDR_EXPR of pointer type, rather than simply using the tree
        for the parent region.  Require the MEM_REF's second argument to
        be an integer constant.

gcc/testsuite/ChangeLog:
        PR analyzer/96646
        PR analyzer/96841
        * gcc.dg/analyzer/pr96646.c: New test.
        * gcc.dg/analyzer/pr96841.c: New test.
---
 gcc/analyzer/region-model.cc            |  7 +++++--
 gcc/testsuite/gcc.dg/analyzer/pr96646.c | 24 ++++++++++++++++++++++++
 gcc/testsuite/gcc.dg/analyzer/pr96841.c | 23 +++++++++++++++++++++++
 3 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr96646.c
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr96841.c

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 981fb779df2..a88a295a241 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -2140,11 +2140,14 @@ region_model::get_representative_path_var (const region 
*reg,
        path_var offset_pv
          = get_representative_path_var (offset_reg->get_byte_offset (),
                                         visited);
-       if (!offset_pv)
+       if (!offset_pv || TREE_CODE (offset_pv.m_tree) != INTEGER_CST)
          return path_var (NULL_TREE, 0);
+       tree addr_parent = build1 (ADDR_EXPR,
+                                  build_pointer_type (reg->get_type ()),
+                                  parent_pv.m_tree);
        return path_var (build2 (MEM_REF,
                                 reg->get_type (),
-                                parent_pv.m_tree, offset_pv.m_tree),
+                                addr_parent, offset_pv.m_tree),
                         parent_pv.m_stack_depth);
       }
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96646.c 
b/gcc/testsuite/gcc.dg/analyzer/pr96646.c
new file mode 100644
index 00000000000..2ac5a03b0e5
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96646.c
@@ -0,0 +1,24 @@
+/* { dg-additional-options "-O1" } */
+
+struct zx {
+  struct zx *b4, *g0;
+};
+
+struct oo {
+  void *ph;
+  struct zx el;
+};
+
+inline void
+k7 (struct zx *xj)
+{
+  xj->b4->g0 = 0; /* { dg-warning "dereference of NULL" } */
+  xj->b4 = 0;
+}
+
+void
+n8 (struct oo *yx)
+{
+  k7 (&yx->el);
+  n8 (yx);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96841.c 
b/gcc/testsuite/gcc.dg/analyzer/pr96841.c
new file mode 100644
index 00000000000..d9d35f3dce8
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96841.c
@@ -0,0 +1,23 @@
+/* { dg-additional-options "-O1 -Wno-builtin-declaration-mismatch" } */
+
+int
+l8 (void);
+
+__SIZE_TYPE__
+malloc (__SIZE_TYPE__);
+
+void
+th (int *);
+
+void
+bv (__SIZE_TYPE__ ny)
+{
+  int ***mf;
+
+  while (l8 ())
+    {
+      *mf = 0;
+      (*mf)[ny] = (int *) malloc (sizeof (int));
+      th ((*mf)[ny]); /* { dg-warning "leak" } */
+    }
+}
-- 
2.26.2

Reply via email to