public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/101503] New: [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557
@ 2021-07-19 6:16 asolokha at gmx dot com
2021-07-19 6:51 ` [Bug analyzer/101503] " rguenth at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: asolokha at gmx dot com @ 2021-07-19 6:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101503
Bug ID: 101503
Summary: [12 Regression] ICE in involves_p, at
analyzer/svalue.cc:557
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: asolokha at gmx dot com
Target Milestone: ---
gcc-12.0.0-alpha20210718 snapshot (g:6ae8aac19cdbdbd96d90f86e4d8505fe121bdf06)
ICEs when compiling the following testcase w/ -fanalyzer --param
analyzer-max-svalue-depth=0:
int val;
int
fn (void)
{
val = fn ();
return 0;
}
% gcc-12.0.0 -fanalyzer --param analyzer-max-svalue-depth=0 -c nllhdqtp.c
during IPA pass: analyzer
nllhdqtp.c: In function 'fn':
nllhdqtp.c:6:9: internal compiler error: in involves_p, at
analyzer/svalue.cc:557
6 | val = fn ();
| ^~~~~
0x76e65b ana::svalue::involves_p(ana::svalue const*) const
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/svalue.cc:557
0x124227e ana::binding_cluster::purge_state_involving(ana::svalue const*,
ana::region_model_manager*)
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/store.cc:1337
0x1244aaf ana::store::purge_state_involving(ana::svalue const*,
ana::region_model_manager*)
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/store.cc:2497
0x1215ee8 ana::region_model::purge_state_involving(ana::svalue const*,
ana::region_model_context*)
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/region-model.cc:1307
0x12160d0 ana::region_model::on_call_pre(gcall const*,
ana::region_model_context*, bool*)
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/region-model.cc:1074
0x1218e63 ana::region_model::on_stmt_pre(gimple const*, bool*, bool*,
ana::region_model_context*)
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/region-model.cc:1027
0x11e97bd ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*)
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/engine.cc:1223
0x11ebd52 ana::exploded_graph::process_node(ana::exploded_node*)
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/engine.cc:3098
0x11ec8ba ana::exploded_graph::process_worklist()
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/engine.cc:2684
0x11eed15 ana::impl_run_checkers(ana::logger*)
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/engine.cc:4972
0x11efbb0 ana::run_checkers()
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/engine.cc:5043
0x11e0c78 execute
/var/tmp/portage/sys-devel/gcc-12.0.0_alpha20210718/work/gcc-12-20210718/gcc/analyzer/analyzer-pass.cc:87
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/101503] [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557
2021-07-19 6:16 [Bug analyzer/101503] New: [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557 asolokha at gmx dot com
@ 2021-07-19 6:51 ` rguenth at gcc dot gnu.org
2021-07-19 15:00 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-07-19 6:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101503
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |12.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/101503] [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557
2021-07-19 6:16 [Bug analyzer/101503] New: [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557 asolokha at gmx dot com
2021-07-19 6:51 ` [Bug analyzer/101503] " rguenth at gcc dot gnu.org
@ 2021-07-19 15:00 ` dmalcolm at gcc dot gnu.org
2021-07-19 19:44 ` cvs-commit at gcc dot gnu.org
2021-07-19 19:47 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-07-19 15:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101503
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2021-07-19
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0 |1
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this bug.
Confirmed; am working on a fix.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/101503] [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557
2021-07-19 6:16 [Bug analyzer/101503] New: [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557 asolokha at gmx dot com
2021-07-19 6:51 ` [Bug analyzer/101503] " rguenth at gcc dot gnu.org
2021-07-19 15:00 ` dmalcolm at gcc dot gnu.org
@ 2021-07-19 19:44 ` cvs-commit at gcc dot gnu.org
2021-07-19 19:47 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-07-19 19:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101503
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:a113b14398f2a4ad2742e6e9c87e25cac60f263e
commit r12-2399-ga113b14398f2a4ad2742e6e9c87e25cac60f263e
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Jul 19 15:44:02 2021 -0400
analyzer: add svalue::can_have_associated_state_p [PR101503]
PR analyzer/101503 reports an assertion failure due to an unexpected
"UNKNOWN" value (due to using --param analyzer-max-svalue-depth=0).
This patch fixes this by rejecting attempts to purge state involving
unknown/poisoned svalues (in region_model::purge_state_involving),
as these svalues should not have state associated with them - they
are singletons w.r.t each type.
To be more systematic about this, the patch also introduces a new
svalue::can_have_associated_state_p which returns false for
unknown/poisoned svalues, so that we can reject adding constraints
or sm-state on them, or building various kinds of svalue in terms
of them (e.g. unary ops, binary ops, etc).
gcc/analyzer/ChangeLog:
PR analyzer/101503
* constraint-manager.cc (constraint_manager::add_constraint): Use
can_have_associated_state_p rather than testing for unknown.
(constraint_manager::get_or_add_equiv_class): Likewise.
* program-state.cc (sm_state_map::set_state): Likewise.
(sm_state_map::impl_set_state): Add assertion.
* region-model-manager.cc
(region_model_manager::maybe_fold_unaryop): Handle poisoned
values.
(region_model_manager::maybe_fold_binop): Move handling of unknown
values...
(region_model_manager::get_or_create_binop): ...to here, and
generalize to use can_have_associated_state_p.
(region_model_manager::maybe_fold_sub_svalue): Use
can_have_associated_state_p rather than testing for unknown.
(region_model_manager::maybe_fold_repeated_svalue): Use unknown
when the size or repeated value is "unknown"/"poisoned".
* region-model.cc (region_model::purge_state_involving): Reject
attempts to purge unknown/poisoned svalues, as these svalues
should not have state associated with them.
* svalue.cc (sub_svalue::sub_svalue): Assert that we're building
on top of an svalue with can_have_associated_state_p.
(repeated_svalue::repeated_svalue): Likewise.
(bits_within_svalue::bits_within_svalue): Likewise.
* svalue.h (svalue::can_have_associated_state_p): New.
(unknown_svalue::can_have_associated_state_p): New.
(poisoned_svalue::can_have_associated_state_p): New.
(unaryop_svalue::unaryop_svalue): Assert that we're building on
top of an svalue with can_have_associated_state_p.
(binop_svalue::binop_svalue): Likewise.
(widening_svalue::widening_svalue): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/101503
* gcc.dg/analyzer/pr101503.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/101503] [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557
2021-07-19 6:16 [Bug analyzer/101503] New: [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557 asolokha at gmx dot com
` (2 preceding siblings ...)
2021-07-19 19:44 ` cvs-commit at gcc dot gnu.org
@ 2021-07-19 19:47 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-07-19 19:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101503
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-07-19 19:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-19 6:16 [Bug analyzer/101503] New: [12 Regression] ICE in involves_p, at analyzer/svalue.cc:557 asolokha at gmx dot com
2021-07-19 6:51 ` [Bug analyzer/101503] " rguenth at gcc dot gnu.org
2021-07-19 15:00 ` dmalcolm at gcc dot gnu.org
2021-07-19 19:44 ` cvs-commit at gcc dot gnu.org
2021-07-19 19:47 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).