[committed] analyzer: fix ICE in "__analyzer_dump_exploded_nodes" on non-empty worklist (PR 93669)

Message ID 20200211184212.5316-1-dmalcolm@redhat.com
State New
Headers show
Series
  • [committed] analyzer: fix ICE in "__analyzer_dump_exploded_nodes" on non-empty worklist (PR 93669)
Related show

Commit Message

David Malcolm Feb. 11, 2020, 6:42 p.m.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r10-6581-ga0e4929b0461226722d6d08b1fdc2852b9100b75.

gcc/analyzer/ChangeLog:
	PR analyzer/93669
	* engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
	case of STATUS_WORKLIST in implementation of
	"__analyzer_dump_exploded_nodes".

gcc/testsuite/ChangeLog:
	PR analyzer/93669
	* gcc.dg/analyzer/pr93669.c: New test.
---
 gcc/analyzer/engine.cc                  | 17 +++++++++++++----
 gcc/testsuite/gcc.dg/analyzer/pr93669.c | 25 +++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 4 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93669.c

-- 
2.21.0

Patch

diff --git a/gcc/analyzer/engine.cc b/gcc/analyzer/engine.cc
index 63579da953a..8d5f9c69724 100644
--- a/gcc/analyzer/engine.cc
+++ b/gcc/analyzer/engine.cc
@@ -3197,15 +3197,15 @@  exploded_graph::dump_exploded_nodes () const
 
   /* Emit a warning at any call to "__analyzer_dump_exploded_nodes",
      giving the number of processed exploded nodes for "before-stmt",
-     and the IDs of processed and merger enodes.
+     and the IDs of processed, merger, and worklist enodes.
 
      We highlight the count of *processed* enodes since this is of most
      interest in DejaGnu tests for ensuring that state merger has
      happened.
 
-     We don't show the count of merger enodes, as this is more of an
-     implementation detail of the merging that we don't want to bake
-     into our expected DejaGnu messages.  */
+     We don't show the count of merger and worklist enodes, as this is
+     more of an implementation detail of the merging/worklist that we
+     don't want to bake into our expected DejaGnu messages.  */
 
   unsigned i;
   exploded_node *enode;
@@ -3225,6 +3225,7 @@  exploded_graph::dump_exploded_nodes () const
 
 	      auto_vec<exploded_node *> processed_enodes;
 	      auto_vec<exploded_node *> merger_enodes;
+	      auto_vec<exploded_node *> worklist_enodes;
 	      /* This is O(N^2).  */
 	      unsigned j;
 	      exploded_node *other_enode;
@@ -3237,6 +3238,9 @@  exploded_graph::dump_exploded_nodes () const
 		      {
 		      default:
 			gcc_unreachable ();
+		      case exploded_node::STATUS_WORKLIST:
+			worklist_enodes.safe_push (other_enode);
+			break;
 		      case exploded_node::STATUS_PROCESSED:
 			processed_enodes.safe_push (other_enode);
 			break;
@@ -3254,6 +3258,11 @@  exploded_graph::dump_exploded_nodes () const
 		  pp_string (&pp, "] merger(s): [");
 		  print_enode_indices (&pp, merger_enodes);
 		}
+	      if (worklist_enodes.length () > 0)
+		{
+		  pp_string (&pp, "] worklist: [");
+		  print_enode_indices (&pp, worklist_enodes);
+		}
 	      pp_character (&pp, ']');
 
 	      warning_n (stmt->location, 0, processed_enodes.length (),
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93669.c b/gcc/testsuite/gcc.dg/analyzer/pr93669.c
new file mode 100644
index 00000000000..01e266dd3f2
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr93669.c
@@ -0,0 +1,25 @@ 
+/* { dg-additional-options "--param analyzer-max-enodes-per-program-point=2 -Wno-analyzer-too-complex" }  */
+
+#include "analyzer-decls.h"
+
+int test (int a)
+{
+  if (a != 42 && a != 113) {
+    return (-2);
+  }
+
+  __analyzer_dump_exploded_nodes (0); /* { dg-warning "1 processed enode" } */
+
+  return 0;
+}
+
+int test_2 (int a)
+{
+  if (a != 42 && a != 113 && a != 666) {
+    return (-2);
+  }
+
+  __analyzer_dump_exploded_nodes (0); /* { dg-warning "1 processed enode" } */
+
+  return 0;
+}