analyzer: fix ICE on deref_rvalue on SK_COMPOUND [PR96643]

gcc/analyzer/ChangeLog:
	PR analyzer/96643
	* region-model.cc (region_model::deref_rvalue): Rather than
	attempting to handle all svalue kinds in the switch, only cover
	the special cases, and move symbolic-region handling to after
	the switch, thus implicitly handling the missing case SK_COMPOUND.

gcc/testsuite/ChangeLog:
	PR analyzer/96643
	* g++.dg/analyzer/pr96643.C: New test.

gcc/analyzer/region-model.cc

@@ -1369,7 +1369,7 @@ region_model::deref_rvalue (const svalue *ptr_sval, tree ptr_tree,
   switch (ptr_sval->get_kind ())
     {
     default:
-      gcc_unreachable ();
+      break;
 
     case SK_REGION:
       {
@@ -1395,17 +1395,10 @@ region_model::deref_rvalue (const svalue *ptr_sval, tree ptr_tree,
 	      return m_mgr->get_offset_region (parent_region, type, offset);
 	    }
 	  default:
-	    goto create_symbolic_region;
+	    break;
 	  }
       }
-
-    case SK_CONSTANT:
-    case SK_INITIAL:
-    case SK_UNARYOP:
-    case SK_SUB:
-    case SK_WIDENING:
-    case SK_CONJURED:
-      goto create_symbolic_region;
+      break;
 
     case SK_POISONED:
       {
@@ -1425,20 +1418,11 @@ region_model::deref_rvalue (const svalue *ptr_sval, tree ptr_tree,
 		ctxt->warn (new poisoned_value_diagnostic (ptr, pkind));
 	      }
 	  }
-	goto create_symbolic_region;
       }
-
-    case SK_UNKNOWN:
-      {
-      create_symbolic_region:
-	return m_mgr->get_symbolic_region (ptr_sval);
-      }
-
-    case SK_SETJMP:
-      goto create_symbolic_region;
+      break;
     }
 
-  gcc_unreachable ();
+  return m_mgr->get_symbolic_region (ptr_sval);
 }
 
 /* Set the value of the region given by LHS_REG to the value given

gcc/testsuite/g++.dg/analyzer/pr96643.C

@@ -0,0 +1,26 @@
+/* { dg-additional-options "-O1" } */
+
+int l0;
+
+class qv {
+public:
+  int operator[] (int b1) const { return k2[b1]; }
+
+private:
+  int *k2;
+};
+
+class g0 {
+  qv nf, v6;
+
+  void
+  iq ();
+};
+
+void
+g0::iq ()
+{
+  for (;;)
+    if (nf[0] == 0)
+      ++l0;
+}