From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 074F53858D28; Mon, 17 Jul 2023 10:14:07 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 074F53858D28
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1689588847;
	bh=S5zzLCHDN7u3QNcD3QnZQWQbb7KQWNYPmhO7b3mrE9g=;
	h=From:To:Subject:Date:From;
	b=d3gAeUl7USH14IG0YejSremHa2Y/QdMPOub0fSNXEMsfm8Bc7pEjgwku6WowYCN7e
	 dg2v8PCe/SWiivhE8WkfOruVkHJqnT3Ycg2csd2/GviuG45+CPgiWjlXQeCAS8nV21
	 50Yi41vFtAkbxgkb0FSsMqhj1HDXSZ7o6crCIvX4=
From: "geoffreydgr at icloud dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/110700] New: gcc -fanalyzer --analyzer-checker=taint
 encouters an error
Date: Mon, 17 Jul 2023 10:14:04 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 13.1.1
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: geoffreydgr at icloud dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-110700-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D110700

            Bug ID: 110700
           Summary: gcc -fanalyzer --analyzer-checker=3Dtaint encouters an
                    error
           Product: gcc
           Version: 13.1.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: geoffreydgr at icloud dot com
  Target Milestone: ---

when i try to use taint checher to handle the following case, i encouter an
error.


```c
 __attribute__ ((tainted_args))
double divide(double x, double y){
return x/y;
}
```
cmd:
gcc -fanalyzer --analyzer-checker=3Dtaint cwe-369.c -c

error messages:
"
// Target: x86_64-pc-linux-gnu
// Configured with: ../gcc/configure -prefix=3D/usr/local/gcc-13-9533
--enable-checking=3Drelease --enable-languages=3Dc,c++ --disable-multilib
// Thread model: posix
// Supported LTO compression algorithms: zlib
// gcc version 13.1.1 20230717 (GCC)
//
// during IPA pass: analyzer
// CWE/cwe-369.c: In function 'divide':
// CWE/cwe-369.c:3:9: internal compiler error: in wide_int_to_tree_1, at
tree.cc:1755
//     3 | return x/y;
//       |        ~^~
// 0x712cea wide_int_to_tree_1
//      ../../gcc/gcc/tree.cc:1755
// 0xf4187b wide_int_to_tree(tree_node*, poly_int<1u,
generic_wide_int<wide_int_ref_storage<false, true> > > const&)
//      ../../gcc/gcc/tree.cc:1867
// 0xf4187b build_int_cst(tree_node*, poly_int<1u, long>)
//      ../../gcc/gcc/tree.cc:1507
// 0x1007587 ana::region_model_manager::get_or_create_int_cst(tree_node*,
poly_int<1u, long>)
//      ../../gcc/gcc/analyzer/region-model-manager.cc:236
// 0x1028059 check_for_tainted_divisor
//      ../../gcc/gcc/analyzer/sm-taint.cc:1355
// 0x1028059 on_stmt
//      ../../gcc/gcc/analyzer/sm-taint.cc:1015
// 0xfd5dbf ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*,
ana::path_context*)
//      ../../gcc/gcc/analyzer/engine.cc:1490
// 0xfd86bd ana::exploded_graph::process_node(ana::exploded_node*)
//      ../../gcc/gcc/analyzer/engine.cc:4063
// 0xfd94fa ana::exploded_graph::process_worklist()
//      ../../gcc/gcc/analyzer/engine.cc:3466
// 0xfdb7e7 ana::impl_run_checkers(ana::logger*)
//      ../../gcc/gcc/analyzer/engine.cc:6125
// 0xfdc7c6 ana::run_checkers()
//      ../../gcc/gcc/analyzer/engine.cc:6213
// 0xfccf68 execute
//      ../../gcc/gcc/analyzer/analyzer-pass.cc:87
// Please submit a full bug report, with preprocessed source.
// Please include the complete backtrace with any bug report.
// See <https://gcc.gnu.org/bugs/> for instructions.

// /usr/local/gcc-13-9533/libexec/gcc/x86_64-pc-linux-gnu/13.1.1/cc1 -quiet
-imultiarch x86_64-linux-gnu CWE/cwe-369.c -quiet -dumpbase cwe-369.c
-dumpbase-ext .c -mtune=3Dgeneric -march=3Dx86-64 -fanalyzer
-fanalyzer-checker=3Dtaint -freport-bug -o - -frandom-seed=3D0 -fdump-noaddr

"=