Hi David, hi all, I was playing along with APIs from the Static Analyzer and encountered a segfault in gcc/tree.cc:5068 (i.e. in function build2 and failure is due to a gcc_assert call), after a call to ana::region_model::get_representative_tree.
>From my debugging of the problem, I realized that the svalue which I built with the SA API as the following from an element_region (C sample): const ana::region *base = elm_reg->get_base_region(); // base_ptr is the svalue passed to get_representative_tree const ana::svalue *base_ptr = base->get_ptr_svalue( TYPE_POINTER_TO(base->get_type), base); I realized that the SA resulting in the call to get_ptr_svalue has NULL_TREE as type (return by get_type on base_ptr). And this is because TYPE_POINTER_TO (base->get_type) is returning a NULL_TREE. I found my way around by calling build_pointer_type(base->get_type()) which is currently building the expecting type. But from this, two questions raised in my mind: 1. Is it coherent for the ana::region_model_manager::get_ptr_svalue to return a sval with a null type? 2. Can a tree view as a tree_type_common member have an uninitialized pointer_to member? I think, but definitely not sure) that the member is not initialized here by some part of the compiler, because I think that the inner type of regions and svalues are build by the SA by using the TREE_TYPE macro directly from the GIMPLE. I ask this question to know if this is a bug and I should try to do a minimal example out of it, or if it is a intended behavior for any reason from the compiler. Thank you for reading me, Pierrick
