public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/107882] New: [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255
@ 2022-11-26 19:36 asolokha at gmx dot com
2022-11-28 6:49 ` [Bug analyzer/107882] " marxin at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: asolokha at gmx dot com @ 2022-11-26 19:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107882
Bug ID: 107882
Summary: [13 Regression] ICE in get_last_bit_offset, at
analyzer/store.h:255
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: asolokha at gmx dot com
Target Milestone: ---
gcc 13.0.0 20221120 snapshot (g:a16a5460447eaaff0b4468064e4d7b1cc8fc42eb) ICEs
when compiling the following testcase w/ -fanalyzer:
void
foo (int *x, int y)
{
int *a = x, *b = (int *) &a;
__builtin_memcpy (b + 1, x, y);
foo (a, 0);
}
% gcc-13 -fanalyzer -c umtf33bl.c
during IPA pass: analyzer
umtf33bl.c: In function 'foo':
umtf33bl.c:7:3: internal compiler error: in get_last_bit_offset, at
analyzer/store.h:255
7 | foo (a, 0);
| ^~~~~~~~~~
0x7bf2d1 ana::bit_range::get_last_bit_offset() const
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/store.h:255
0x7bf2d1 ana::bit_range::get_last_bit_offset() const
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/store.h:253
0x7bf2d1 ana::bit_range::contains_p(ana::bit_range const&, ana::bit_range*)
const
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/store.cc:243
0x1326bff ana::binding_cluster::maybe_get_compound_binding(ana::store_manager*,
ana::region const*) const
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/store.cc:1716
0x12ca6c6 ana::region_model::get_store_value(ana::region const*,
ana::region_model_context*) const
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/region-model.cc:3158
0x12cae4c ana::region_model::get_rvalue(ana::path_var,
ana::region_model_context*) const
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/region-model.cc:3052
0x12d1e97 ana::region_model::on_assignment(gassign const*,
ana::region_model_context*)
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/region-model.cc:1093
0x12a34d4 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*,
ana::path_context*)
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/engine.cc:1466
0x12a65c5 ana::exploded_graph::process_node(ana::exploded_node*)
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/engine.cc:4054
0x12a757a ana::exploded_graph::process_worklist()
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/engine.cc:3457
0x12a9d34 ana::impl_run_checkers(ana::logger*)
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/engine.cc:6110
0x12aad66 ana::run_checkers()
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/engine.cc:6198
0x1299578 execute
/var/tmp/portage/sys-devel/gcc-13.0.0_p20221120/work/gcc-13-20221120/gcc/analyzer/analyzer-pass.cc:87
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255
2022-11-26 19:36 [Bug analyzer/107882] New: [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 asolokha at gmx dot com
@ 2022-11-28 6:49 ` marxin at gcc dot gnu.org
2022-11-28 7:38 ` [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8 rguenth at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-11-28 6:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107882
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |marxin at gcc dot gnu.org,
| |tlange at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Last reconfirmed| |2022-11-28
Ever confirmed|0 |1
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r13-2582-g0ea5e3f4542832b8.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8
2022-11-26 19:36 [Bug analyzer/107882] New: [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 asolokha at gmx dot com
2022-11-28 6:49 ` [Bug analyzer/107882] " marxin at gcc dot gnu.org
@ 2022-11-28 7:38 ` rguenth at gcc dot gnu.org
2022-11-28 19:47 ` tlange at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-11-28 7:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107882
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |13.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8
2022-11-26 19:36 [Bug analyzer/107882] New: [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 asolokha at gmx dot com
2022-11-28 6:49 ` [Bug analyzer/107882] " marxin at gcc dot gnu.org
2022-11-28 7:38 ` [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8 rguenth at gcc dot gnu.org
@ 2022-11-28 19:47 ` tlange at gcc dot gnu.org
2022-12-06 20:53 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: tlange at gcc dot gnu.org @ 2022-11-28 19:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107882
--- Comment #2 from Tim Lange <tlange at gcc dot gnu.org> ---
Created attachment 53979
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53979&action=edit
patch for pr107882
I think the assertion here uncovered a bug. Currently, if the OTHER parameter
of bit_range::contains_p is empty (i.e. of size zero), contains_p calls
get_last_bit_offset, which result is only defined for non-empty ranges. Before
r13-2582-g0ea5e3f4542832b8, the contains_p check was inconsistent, e.g. for
(offset 1, size 1) and (offset 1, size 0), but true for (offset 0, size 2) and
(offset 1, size 0).
Not sure what the "right" fix is, as empty ranges sorta feel unnatural.
Treating [i, 0] as a subset of (k, n) if k <= i <= k+n seems somewhat
reasonable.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8
2022-11-26 19:36 [Bug analyzer/107882] New: [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 asolokha at gmx dot com
` (2 preceding siblings ...)
2022-11-28 19:47 ` tlange at gcc dot gnu.org
@ 2022-12-06 20:53 ` dmalcolm at gcc dot gnu.org
2022-12-06 23:25 ` cvs-commit at gcc dot gnu.org
2022-12-06 23:33 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-12-06 20:53 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107882
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
I'm working on an alternate fix for this, which rejects creating bindings and
binding keys for empty bit ranges, as they're meaningless. Testing it now.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8
2022-11-26 19:36 [Bug analyzer/107882] New: [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 asolokha at gmx dot com
` (3 preceding siblings ...)
2022-12-06 20:53 ` dmalcolm at gcc dot gnu.org
@ 2022-12-06 23:25 ` cvs-commit at gcc dot gnu.org
2022-12-06 23:33 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-12-06 23:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107882
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:dfe2ef7f2b6cac7017f32a0a04f74e1b6d9f1311
commit r13-4529-gdfe2ef7f2b6cac7017f32a0a04f74e1b6d9f1311
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue Dec 6 18:24:16 2022 -0500
analyzer: don't create bindings or binding keys for empty regions
[PR107882]
PR analyzer/107882 reports an ICE, due to trying to get a compound svalue
for this binding:
cluster for: a:
key: {bytes 0-3}
value: {UNKNOWN()}
key: {empty}
value: {UNKNOWN()}
key: {bytes 4-7}
value: {UNKNOWN()}
where there's an binding to the unknown value of zero bits in size
"somewhere" within "a" (perhaps between bits 3 and 4?)
This makes no sense, so this patch adds an assertion that we never
attempt to create a binding key for an empty region, and adds early
rejection of attempts to get or set the values of such regions, fixing
the ICE.
gcc/analyzer/ChangeLog:
PR analyzer/107882
* region-model.cc (region_model::get_store_value): Return an
unknown value for empty regions.
(region_model::set_value): Bail on empty regions.
* region.cc (region::empty_p): New.
* region.h (region::empty_p): New decl.
* state-purge.cc (same_binding_p): Bail if either region is empty.
* store.cc (binding_key::make): Assert that a concrete binding's
bit_size must be > 0.
(binding_cluster::mark_region_as_unknown): Bail on empty regions.
(binding_cluster::get_binding): Likewise.
(binding_cluster::remove_overlapping_bindings): Likewise.
(binding_cluster::on_unknown_fncall): Don't conjure values for
empty regions.
(store::fill_region): Bail on empty regions.
* store.h (class concrete_binding): Update comment to reflect that
the range of bits must be non-empty.
(concrete_binding::concrete_binding): Assert that bit range is
non-empty.
gcc/testsuite/ChangeLog:
PR analyzer/107882
* gcc.dg/analyzer/memcpy-pr107882.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8
2022-11-26 19:36 [Bug analyzer/107882] New: [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 asolokha at gmx dot com
` (4 preceding siblings ...)
2022-12-06 23:25 ` cvs-commit at gcc dot gnu.org
@ 2022-12-06 23:33 ` dmalcolm at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-12-06 23:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107882
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-12-06 23:33 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-26 19:36 [Bug analyzer/107882] New: [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 asolokha at gmx dot com
2022-11-28 6:49 ` [Bug analyzer/107882] " marxin at gcc dot gnu.org
2022-11-28 7:38 ` [Bug analyzer/107882] [13 Regression] ICE in get_last_bit_offset, at analyzer/store.h:255 since 13-2582-g0ea5e3f4542832b8 rguenth at gcc dot gnu.org
2022-11-28 19:47 ` tlange at gcc dot gnu.org
2022-12-06 20:53 ` dmalcolm at gcc dot gnu.org
2022-12-06 23:25 ` cvs-commit at gcc dot gnu.org
2022-12-06 23:33 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).