From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 69E073858439; Wed, 10 May 2023 17:41:33 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 69E073858439
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1683740493;
	bh=Rc8NhYT+tudhOHMrlWVgo/zZpmXhqh8QbObjRWJloAE=;
	h=From:To:Subject:Date:From;
	b=ronZWGEEHsxsRJ0lU1YcYzGWD5DcWc5ZNYstVp4IB6R6bgTVxxfhjd4JkcCurVS47
	 uE9bosNBQw5FL/KVjAF28esWgj0lxMNvlmOwnHQFXgjjjQjaq3jx8kyDEw7CpwU1BP
	 +8GHnxA0wtJG5JutKDVdAINUqUfQTSa+IQpUSTsE=
From: "colomar.6.4.3 at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/109802] New: [regression] during IPA pass: analyzer:
 internal compiler error (using dubious flexible arrays in unions)
Date: Wed, 10 May 2023 17:41:32 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 13.1.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: colomar.6.4.3 at gmail dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
 attachments.created
Message-ID: <bug-109802-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109802

            Bug ID: 109802
           Summary: [regression] during IPA pass: analyzer: internal
                    compiler error (using dubious flexible arrays in
                    unions)
           Product: gcc
           Version: 13.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: colomar.6.4.3 at gmail dot com
  Target Milestone: ---

Created attachment 55039
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D55039&action=3Dedit
preprocessed_source

Hi!

I was compiling some reduced version of some nasty code I found in a projec=
t,
to see
what GCC has to say about it.  I'm not sure if it has defined behavior or n=
ot,
according to strict-aliasing rules.  That code managed to get GCC on its kn=
ees
:)


$ cat flexi.c=20
#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

union u {
        char       base[0];
        ptrdiff_t  off;
};

struct s {
        int x;
        union u u[0];
};

int
main(void)
{
        char      *p;
        struct s  *s;

        s =3D malloc(sizeof(struct s) +
                   sizeof(union u) * 2 +
                   sizeof("foo") + sizeof("bar"));

        p =3D (void *) s + sizeof(struct s) + sizeof(union u) * 2;

        s->u[0].off =3D p - s->u[0].base;
        p =3D stpcpy(p, "foo") + 1;
        s->u[1].off =3D p - s->u[1].base;
        p =3D stpcpy(p, "bar") + 1;

        puts(s->u[0].base + s->u[0].off);
        puts(s->u[1].base + s->u[1].off);
}


$ gcc-12 -Wall -Wextra -Werror -fanalyzer -O3 flexi.c
$ ./a.out=20
foo
bar


$ gcc-13 -Wall -Wextra -Werror -fanalyzer -O3 flexi.c -freport-bug
during IPA pass: analyzer
flexi.c: In function =E2=80=98main=E2=80=99:
flexi.c:34:36: internal compiler error: in make, at analyzer/store.cc:132
   34 |         puts(s->u[1].base + s->u[1].off);
      |                             ~~~~~~~^~~~
0xcec8a5 ana::binding_key::make(ana::store_manager*, ana::region const*)
        ../../src/gcc/analyzer/store.cc:132
0xcf9533 ana::binding_cluster::get_binding(ana::store_manager*, ana::region
const*) const
        ../../src/gcc/analyzer/store.cc:1567
0xcf95eb ana::binding_cluster::get_binding_recursive(ana::store_manager*,
ana::region const*) const
        ../../src/gcc/analyzer/store.cc:1604
0xd05e49 ana::binding_cluster::get_any_binding(ana::store_manager*, ana::re=
gion
const*) const
        ../../src/gcc/analyzer/store.cc:1627
0xcd45f7 ana::region_model::get_store_value(ana::region const*,
ana::region_model_context*) const
        ../../src/gcc/analyzer/region-model.cc:2407
0xcd4e72 ana::region_model::get_rvalue(ana::path_var,
ana::region_model_context*) const
        ../../src/gcc/analyzer/region-model.cc:2297
0xcd6a5c ana::region_model::on_assignment(gassign const*,
ana::region_model_context*)
        ../../src/gcc/analyzer/region-model.cc:1156
0xcdc2da ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*,
ana::path_context*)
        ../../src/gcc/analyzer/engine.cc:1471
0xcdc877 ana::exploded_graph::process_node(ana::exploded_node*)
        ../../src/gcc/analyzer/engine.cc:4063
0xcdd8b9 ana::exploded_graph::process_worklist()
        ../../src/gcc/analyzer/engine.cc:3466
0xcddc57 ana::impl_run_checkers(ana::logger*)
        ../../src/gcc/analyzer/engine.cc:6125
0xcde4ff ana::run_checkers()
        ../../src/gcc/analyzer/engine.cc:6213
0xcde54b execute
        ../../src/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source.
Please include the complete backtrace with any bug report.
See <file:///usr/share/doc/gcc-13/README.Bugs> for instructions.
Preprocessed source stored into /tmp/ccZKUz79.out file, please attach this =
to
your bugreport.


You'll find attached the file produced by GCC, as per its own instructions.=