[Bug other/110198] New: [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[Bug other/110198] New: [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[seurer at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198

            Bug ID: 110198
           Summary: [14 regression] g++.dg/analyzer/pr100244.C fails after
                    r14-1632-g9589a46ddadc8b
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: other
          Assignee: unassigned at gcc dot gnu.org
          Reporter: seurer at gcc dot gnu.org
  Target Milestone: ---

g:9589a46ddadc8b93c224c3f84fa94746c04596bf, r14-1632-g9589a46ddadc8b
make  -k check-gcc RUNTESTFLAGS="analyzer.exp=g++.dg/analyzer/pr100244.C"
FAIL: g++.dg/analyzer/pr100244.C  -std=c++14  (test for warnings, line 17)
FAIL: g++.dg/analyzer/pr100244.C  -std=c++17  (test for warnings, line 17)
FAIL: g++.dg/analyzer/pr100244.C  -std=c++20  (test for warnings, line 17)
# of expected passes            5
# of unexpected failures        3

I did not see any warnings in the log files from this but line 17 is:

  ~_Hashtable_alloc () { delete _M_buckets; } // { dg-warning "on the stack" }

so it may be a missing warning.


Also this one:

make  -k check-gcc RUNTESTFLAGS="analyzer.exp=gcc.dg/analyzer/pr101962.c"
FAIL: gcc.dg/analyzer/pr101962.c  (test for warnings, line 19)
# of expected passes            9
# of unexpected failures        1


line 19 is:

  int stack; /* { dg-message "region created on stack here" } */


It generated a bunch of warnings:

/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c: In
function 'test_1':
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:23:3:
warning: FALSE
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:24:3:
warning: TRUE
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c: In
function 'test_s':
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:43:3:
warning: TRUE
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:45:3:
warning: TRUE
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:47:3:
warning: TRUE
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:49:3:
warning: TRUE
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:51:3:
warning: TRUE
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c: In
function 'test_1':
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:25:10:
warning: stack-based buffer over-read [CWE-126] [-Wanalyzer-out-of-bounds]
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:17:1:
note: (1) entry to 'test_1'
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:19:7:
note: (2) capacity: 4 bytes
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:21:7:
note: (3) calling 'maybe_inc_int_ptr' from 'test_1'
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:9:1:
note: (4) entry to 'maybe_inc_int_ptr'
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:11:6:
note: (5) following 'false' branch (when 'ptr' is non-NULL)...
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:13:10:
note: (6) ...to here
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:21:7:
note: (7) returning to 'test_1' from 'maybe_inc_int_ptr'
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:22:7:
note: (8) calling 'maybe_inc_int_ptr' from 'test_1'
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:9:1:
note: (9) entry to 'maybe_inc_int_ptr'
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:11:6:
note: (10) following 'false' branch (when 'ptr' is non-NULL)...
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:13:10:
note: (11) ...to here
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:22:7:
note: (12) returning to 'test_1' from 'maybe_inc_int_ptr'
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:25:10:
note: (13) out-of-bounds read from byte 8 till byte 11 but 'stack' ends at byte
4
/home/seurer/gcc/git/gcc-test/gcc/testsuite/gcc.dg/analyzer/pr101962.c:25:10:
note: read of 4 bytes from after the end of 'stack'


commit r14-1632-g9589a46ddadc8b93c224c3f84fa94746c04596bf
Author: Benjamin Priour <vultkayn@gcc.gnu.org>
Date:   Thu Jun 8 11:38:08 2023 +0200

    analyzer: Standalone OOB-warning [PR109437, PR109439]

[Bug other/110198] [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Build|powerpc64le-linux-gnu       |
     Ever confirmed|0                           |1
   Target Milestone|---                         |14.0
             Status|UNCONFIRMED                 |NEW
             Target|powerpc64le-linux-gnu       |powerpc64le-linux-gnu
                   |                            |x86_64-linux-gnu
               Host|powerpc64le-linux-gnu       |
           Keywords|                            |testsuite-fail
   Last reconfirmed|                            |2023-06-09

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Confirmed. I noticed the failure too even on x86_64-linux-gnu .

[Bug analyzer/110198] [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[vultkayn at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198

--- Comment #2 from Benjamin Priour <vultkayn at gcc dot gnu.org> ---
Yes sorry for the regression. I confirmed it myself too on x86_64-linux-gnu.
I wrote a fix immediately yesterday, and I am currently regtesting it.

It is promising as I quickly ran the test only for the analyzer test cases, all
of them now are back to their expected behavior.

I'm sending the patch as soon as the regtesting finishes, so probably tomorrow
evening, as my keys on the compiler farm are not yet synced.

For pr101962.c, it was indeed just a now obsolete message that had to be
removed.

For pr100244.C it required to change the way OOB are handled by the
uninitialized-value checker.

[Bug analyzer/110198] [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[hp at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198

--- Comment #3 from Hans-Peter Nilsson <hp at gcc dot gnu.org> ---
(In reply to Benjamin Priour from comment #2)
> Yes sorry for the regression. I confirmed it myself too on x86_64-linux-gnu.
> I wrote a fix immediately yesterday, and I am currently regtesting it.
> 
> It is promising as I quickly ran the test only for the analyzer test cases,
> all of them now are back to their expected behavior.
> 
> I'm sending the patch as soon as the regtesting finishes, so probably
> tomorrow evening, as my keys on the compiler farm are not yet synced.

Any news on this?  I don't see anything posted to gcc-patches@ later than
2023-06-09.

If you have trouble testing the patch that you mention, please send it anyway
with a message mentioning your troubles.

[Bug analyzer/110198] [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[priour.be at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198

--- Comment #4 from Benjamin Priour <priour.be at gmail dot com> ---
Yes, has been fixed and regtested a week ago. However I was in vacation
last week.
I will submit it shortly. though I would prefer to perform another
regtesting on a freshly pulled trunk first.

Benjamin.

On Tue, Jun 20, 2023 at 4:37 PM hp at gcc dot gnu.org <
gcc-bugzilla@gcc.gnu.org> wrote:

> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198
>
> --- Comment #3 from Hans-Peter Nilsson <hp at gcc dot gnu.org> ---
> (In reply to Benjamin Priour from comment #2)
> > Yes sorry for the regression. I confirmed it myself too on
> x86_64-linux-gnu.
> > I wrote a fix immediately yesterday, and I am currently regtesting it.
> >
> > It is promising as I quickly ran the test only for the analyzer test
> cases,
> > all of them now are back to their expected behavior.
> >
> > I'm sending the patch as soon as the regtesting finishes, so probably
> > tomorrow evening, as my keys on the compiler farm are not yet synced.
>
> Any news on this?  I don't see anything posted to gcc-patches@ later than
> 2023-06-09.
>
> If you have trouble testing the patch that you mention, please send it
> anyway
> with a message mentioning your troubles.
>
> --
> You are receiving this mail because:
> You are on the CC list for the bug.

[Bug analyzer/110198] [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[hp at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198

--- Comment #5 from Hans-Peter Nilsson <hp at gcc dot gnu.org> ---
(In reply to Benjamin Priour from comment #4)
> Yes, has been fixed and regtested a week ago. However I was in vacation
> last week.
> I will submit it shortly. though I would prefer to perform another
> regtesting on a freshly pulled trunk first.

You may need to rebase your changes again: after one of the changes in 
ce47d3c2cf59..0e466e978c72, gcc.dg/analyzer/pr101962.c appears to be fixed and
there's just g++.dg/analyzer/pr100244.C left (for cris-elf).

But please send your patches soon and let others test them, if your bootstrap
cycles is longer than a day!

[Bug analyzer/110198] [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198

--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The trunk branch has been updated by Benjamin Priour <vultkayn@gcc.gnu.org>:

https://gcc.gnu.org/g:1eb90f46c16453f72dc119ba20b07053a15b452d

commit r14-2203-g1eb90f46c16453f72dc119ba20b07053a15b452d
Author: benjamin priour <priour.be@gmail.com>
Date:   Thu Jun 22 21:39:05 2023 +0200

    analyzer: Fix regression bug after r14-1632-g9589a46ddadc8b [PR110198]

    g++.dg/analyzer/PR100244.C was failing after a patch of PR109439.
    The reason was a spurious preemptive return of get_store_value upon
    out-of-bounds read that was preventing further checks. Now instead,
    a boolean value check_poisoned goes to false when a OOB is detected,
    and is later on given to get_or_create_initial_value.

    gcc/analyzer/ChangeLog:
            PR analyzer/110198
            * region-model-manager.cc
            (region_model_manager::get_or_create_initial_value): Take an
            optional boolean value to bypass poisoning checks
            * region-model-manager.h: Update declaration of the above function.
            * region-model.cc (region_model::get_store_value): No longer
returns
            on OOB, but rather gives a boolean to get_or_create_initial_value.
            (region_model::check_region_access): Update docstring.
            (region_model::check_region_for_write): Update docstring.

    Signed-off-by: benjamin priour <priour.be@gmail.com>

[Bug analyzer/110198] [14 regression] g++.dg/analyzer/pr100244.C fails after r14-1632-g9589a46ddadc8b

[vultkayn at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198

Benjamin Priour <vultkayn at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #7 from Benjamin Priour <vultkayn at gcc dot gnu.org> ---
Finally fixed as patch
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=1eb90f46c16453f72dc119ba20b07053a15b452d