Merge pull request #5659 from tautschnig/value-sets-empty

value sets: do not try to access components of an empty struct/union

Author: tautschnig

regression/cbmc/empty_compound_type1/main.c

@@ -0,0 +1,19 @@
+union a {
+};
+struct
+{
+  union a;
+} b;
+struct c
+{
+  int cli;
+};
+void e(struct c *f)
+{
+  int a = f->cli;
+}
+main()
+{
+  // pass a pointer to an incompatible type
+  e(&b);
+}

regression/cbmc/empty_compound_type1/test.desc

@@ -0,0 +1,14 @@
+CORE
+main.c
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
+--
+First observed on SV-COMP's
+linux-4.2-rc1.tar.xz-32_7a-drivers--staging--lustre--lustre--mdc--mdc.ko-entry_point.cil.out.i:
+accessing an empty union (or struct) in pointer dereferencing involving
+incompatible pointers resulted in a segmentation fault. This test was generated
+using C-Reduce plus some further manual simplification.

src/pointer-analysis/value_set.cpp

@@ -425,14 +425,17 @@ optionalt<irep_idt> value_sett::get_index_of_symbol(
     const struct_union_typet &struct_union_type =
       to_struct_union_type(followed_type);
 
-    const irep_idt &first_component_name =
-      struct_union_type.components().front().get_name();
-
-    index =
-      id2string(identifier) + "." + id2string(first_component_name) + suffix;
-    entry = find_entry(index);
-    if(entry)
-      return std::move(index);
+    if(!struct_union_type.components().empty())
+    {
+      const irep_idt &first_component_name =
+        struct_union_type.components().front().get_name();
+
+      index =
+        id2string(identifier) + "." + id2string(first_component_name) + suffix;
+      entry = find_entry(index);
+      if(entry)
+        return std::move(index);
+    }
   }
 
   // not found? try without suffix