public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/104452] New: [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer
@ 2022-02-08 21:04 zsojka at seznam dot cz
2022-02-08 23:17 ` [Bug analyzer/104452] " dmalcolm at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: zsojka at seznam dot cz @ 2022-02-08 21:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104452
Bug ID: 104452
Summary: [12 Regression] ICE: in hashtab_chk_error, at
hash-table.cc:137 with -O -fanalyzer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Created attachment 52381
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52381&action=edit
reduced testcase
Compiler output:
$ x86_64-pc-linux-gnu-gcc -O -fanalyzer testcase.c
hash table checking failed: equal operator returns true for a pair of values
with a different hash value
during IPA pass: analyzer
testcase.c: In function 'foo':
testcase.c:6:10: internal compiler error: in hashtab_chk_error, at
hash-table.cc:137
6 | if (x[i])
| ~^~~
0xcf15af hashtab_chk_error()
/repo/gcc-trunk/gcc/hash-table.cc:137
0x176ba61 hash_table<hash_map<ana::bit_range_region::key_t,
ana::bit_range_region*,
simple_hashmap_traits<default_hash_traits<ana::bit_range_region::key_t>,
ana::bit_range_region*> >::hash_entry, false,
xcallocator>::verify(ana::bit_range_region::key_t const&, unsigned int)
/repo/gcc-trunk/gcc/hash-table.h:1036
0x17637eb hash_table<hash_map<ana::bit_range_region::key_t,
ana::bit_range_region*,
simple_hashmap_traits<default_hash_traits<ana::bit_range_region::key_t>,
ana::bit_range_region*> >::hash_entry, false,
xcallocator>::find_with_hash(ana::bit_range_region::key_t const&, unsigned int)
/repo/gcc-trunk/gcc/hash-table.h:921
0x17637eb hash_map<ana::bit_range_region::key_t, ana::bit_range_region*,
simple_hashmap_traits<default_hash_traits<ana::bit_range_region::key_t>,
ana::bit_range_region*> >::get(ana::bit_range_region::key_t const&)
/repo/gcc-trunk/gcc/hash-map.h:189
0x17637eb
consolidation_map<ana::bit_range_region>::get(ana::bit_range_region::key_t
const&) const
/repo/gcc-trunk/gcc/analyzer/analyzer.h:371
0x17637eb ana::region_model_manager::get_bit_range(ana::region const*,
tree_node*, ana::bit_range const&)
/repo/gcc-trunk/gcc/analyzer/region-model-manager.cc:1507
0x1740f54 ana::region_model::get_lvalue_1(ana::path_var,
ana::region_model_context*) const
/repo/gcc-trunk/gcc/analyzer/region-model.cc:1724
0x17410d9 ana::region_model::get_lvalue(ana::path_var,
ana::region_model_context*) const
/repo/gcc-trunk/gcc/analyzer/region-model.cc:1818
0x17410d9 ana::region_model::get_lvalue(tree_node*, ana::region_model_context*)
const
/repo/gcc-trunk/gcc/analyzer/region-model.cc:1829
0x17416e0 ana::region_model::get_region_for_poisoned_expr(tree_node*) const
/repo/gcc-trunk/gcc/analyzer/region-model.cc:886
0x17416e0 ana::region_model::check_for_poison(ana::svalue const*, tree_node*,
ana::region_model_context*) const
/repo/gcc-trunk/gcc/analyzer/region-model.cc:855
0x172723b ana::impl_sm_context::is_zero_assignment(gimple const*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:485
0x177149c on_stmt
/repo/gcc-trunk/gcc/analyzer/sm-malloc.cc:1700
0x171f5c6 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*,
ana::path_context*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:1324
0x172269d ana::exploded_graph::process_node(ana::exploded_node*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:3694
0x1723682 ana::exploded_graph::process_worklist()
/repo/gcc-trunk/gcc/analyzer/engine.cc:3137
0x1725b86 ana::impl_run_checkers(ana::logger*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:5716
0x17269fe ana::run_checkers()
/repo/gcc-trunk/gcc/analyzer/engine.cc:5787
0x1715f98 execute
/repo/gcc-trunk/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
Sometimes the compilation succeeds:
$ x86_64-pc-linux-gnu-gcc -O -fanalyzer testcase.c
testcase.c: In function 'foo':
testcase.c:6:10: warning: use of uninitialized value '((int*)&x)[0]' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
6 | if (x[i])
| ~^~~
'foo': event 1
|
| 6 | if (x[i])
| | ~^~~
| | |
| | (1) use of uninitialized value '((int*)&x)[0]' here
|
testcase.c:6:10: warning: use of uninitialized value '((int*)&x)[0]' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
'foo': event 1
|
| 6 | if (x[i])
| | ~^~~
| | |
| | (1) use of uninitialized value '((int*)&x)[0]' here
|
/usr/bin/x86_64-pc-linux-gnu-ld: /usr/lib/../lib64/crt1.o: in function
`_start':
(.text+0x20): undefined reference to `main'
collect2: error: ld returned 1 exit status
Valgrind reports several "uninitialised" uses:
$ x86_64-pc-linux-gnu-gcc -O -fanalyzer testcase.c -wrapper
valgrind,-q,--track-origins=yes
==30624== Use of uninitialised value of size 8
==30624== at 0x17634FE: is_empty<hash_map<ana::bit_range_region::key_t,
ana::bit_range_region*,
simple_hashmap_traits<default_hash_traits<ana::bit_range_region::key_t>,
ana::bit_range_region*> >::hash_entry> (hash-map-traits.h:73)
==30624== by 0x17634FE: is_empty (hash-map.h:71)
==30624== by 0x17634FE: is_empty (hash-table.h:541)
==30624== by 0x17634FE: find_with_hash (hash-table.h:925)
==30624== by 0x17634FE: get (hash-map.h:189)
==30624== by 0x17634FE: get (analyzer.h:371)
==30624== by 0x17634FE: ana::region_model_manager::get_bit_range(ana::region
const*, tree_node*, ana::bit_range const&) (region-model-manager.cc:1507)
==30624== by 0x1740F54: ana::region_model::get_lvalue_1(ana::path_var,
ana::region_model_context*) const (region-model.cc:1724)
==30624== by 0x17410D9: get_lvalue (region-model.cc:1818)
==30624== by 0x17410D9: ana::region_model::get_lvalue(tree_node*,
ana::region_model_context*) const (region-model.cc:1829)
==30624== by 0x17416E0: get_region_for_poisoned_expr (region-model.cc:886)
==30624== by 0x17416E0: ana::region_model::check_for_poison(ana::svalue
const*, tree_node*, ana::region_model_context*) const (region-model.cc:855)
==30624== by 0x1746B5C: ana::region_model::on_assignment(gassign const*,
ana::region_model_context*) (region-model.cc:903)
==30624== by 0x171F498: ana::exploded_node::on_stmt(ana::exploded_graph&,
ana::supernode const*, gimple const*, ana::program_state*, ana::uncertainty_t*,
ana::path_context*) (engine.cc:1305)
==30624== by 0x172269D:
ana::exploded_graph::process_node(ana::exploded_node*) (engine.cc:3694)
==30624== by 0x1723682: ana::exploded_graph::process_worklist()
(engine.cc:3137)
==30624== by 0x1725B86: ana::impl_run_checkers(ana::logger*)
(engine.cc:5716)
==30624== by 0x17269FE: ana::run_checkers() (engine.cc:5787)
==30624== by 0x1715F98: (anonymous
namespace)::pass_analyzer::execute(function*) (analyzer-pass.cc:87)
==30624== by 0x127E0DA: execute_one_pass(opt_pass*) (passes.cc:2637)
==30624== Uninitialised value was created by a stack allocation
==30624== at 0x1740A89: ana::region_model::get_lvalue_1(ana::path_var,
ana::region_model_context*) const (region-model.cc:1690)
==30624==
==30624== Use of uninitialised value of size 8
...
$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r12-7089-20220208123931-g0103c2e4082-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/12.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu
--with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r12-7089-20220208123931-g0103c2e4082-checking-yes-rtl-df-extra-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.0.1 20220208 (experimental) (GCC)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/104452] [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer
2022-02-08 21:04 [Bug analyzer/104452] New: [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer zsojka at seznam dot cz
@ 2022-02-08 23:17 ` dmalcolm at gcc dot gnu.org
2022-02-08 23:19 ` pinskia at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-08 23:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104452
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2022-02-08
Status|UNCONFIRMED |ASSIGNED
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this; I'm testing a fix.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/104452] [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer
2022-02-08 21:04 [Bug analyzer/104452] New: [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer zsojka at seznam dot cz
2022-02-08 23:17 ` [Bug analyzer/104452] " dmalcolm at gcc dot gnu.org
@ 2022-02-08 23:19 ` pinskia at gcc dot gnu.org
2022-02-09 2:28 ` cvs-commit at gcc dot gnu.org
2022-02-09 2:40 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-02-08 23:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104452
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |12.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/104452] [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer
2022-02-08 21:04 [Bug analyzer/104452] New: [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer zsojka at seznam dot cz
2022-02-08 23:17 ` [Bug analyzer/104452] " dmalcolm at gcc dot gnu.org
2022-02-08 23:19 ` pinskia at gcc dot gnu.org
@ 2022-02-09 2:28 ` cvs-commit at gcc dot gnu.org
2022-02-09 2:40 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-02-09 2:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104452
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:391512ade5f6cda95456133296c8dcc42d5fbefd
commit r12-7118-g391512ade5f6cda95456133296c8dcc42d5fbefd
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue Feb 8 16:37:08 2022 -0500
analyzer: fix hashing of bit_range_region::key_t [PR104452]
gcc/analyzer/ChangeLog:
PR analyzer/104452
* region-model.cc (selftest::test_bit_range_regions): New.
(selftest::analyzer_region_model_cc_tests): Call it.
* region.h (bit_range_region::key_t::hash): Fix hashing of m_bits
to avoid using uninitialized data.
gcc/testsuite/ChangeLog:
PR analyzer/104452
* gcc.dg/analyzer/pr104452.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/104452] [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer
2022-02-08 21:04 [Bug analyzer/104452] New: [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer zsojka at seznam dot cz
` (2 preceding siblings ...)
2022-02-09 2:28 ` cvs-commit at gcc dot gnu.org
@ 2022-02-09 2:40 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-02-09 2:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104452
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above commit.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-02-09 2:40 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-08 21:04 [Bug analyzer/104452] New: [12 Regression] ICE: in hashtab_chk_error, at hash-table.cc:137 with -O -fanalyzer zsojka at seznam dot cz
2022-02-08 23:17 ` [Bug analyzer/104452] " dmalcolm at gcc dot gnu.org
2022-02-08 23:19 ` pinskia at gcc dot gnu.org
2022-02-09 2:28 ` cvs-commit at gcc dot gnu.org
2022-02-09 2:40 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).