[Bug analyzer/110907] New: ICE when using -fanalyzer-verbose-state-changes

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug analyzer/110907] New: ICE when using -fanalyzer-verbose-state-changes
@ 2023-08-04 21:22 vultkayn at gcc dot gnu.org
  2024-02-15 14:29 ` [Bug analyzer/110907] " dmalcolm at gcc dot gnu.org
  0 siblings, 1 reply; 2+ messages in thread
From: vultkayn at gcc dot gnu.org @ 2023-08-04 21:22 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110907

            Bug ID: 110907
           Summary: ICE when using -fanalyzer-verbose-state-changes
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: vultkayn at gcc dot gnu.org
  Target Milestone: ---

Running the analyzer on testcase gcc.dg/analyzer/pr99193-1.c with line 54
commented out and flag -fanalyzer-verbose-state-changes results in an ICE on
gcc versions later than 13.1 (included) and trunk, tested on target
x86_64-linux-gnu.

x86_64 12.3 on godbolt doesn't reproduce the ICE.

Reproducer:

/* { dg-additional-options "-Wno-analyzer-too-complex" } */

/* Verify absence of false positive from -Wanalyzer-mismatching-deallocation
   on realloc(3).
   Based on
https://github.com/libguestfs/libguestfs/blob/f19fd566f6387ce7e4d82409528c9dde374d25e0/daemon/command.c#L115
   which is GPLv2 or later.  */

typedef __SIZE_TYPE__ size_t;
typedef __builtin_va_list va_list;

#define NULL ((void *)0)

extern void *malloc (size_t __size)
  __attribute__ ((__nothrow__ , __leaf__))
  __attribute__ ((__malloc__))
  __attribute__ ((__alloc_size__ (1)));
extern void perror (const char *__s);
extern void *realloc (void *__ptr, size_t __size)
  __attribute__ ((__nothrow__ , __leaf__))
  __attribute__ ((__warn_unused_result__))
  __attribute__ ((__alloc_size__ (2)));

extern void guestfs_int_cleanup_free (void *ptr);
extern int commandrvf (char **stdoutput, char **stderror, unsigned flags,
                       char const* const *argv);
#define CLEANUP_FREE __attribute__((cleanup(guestfs_int_cleanup_free))) 

int
commandrf (char **stdoutput, char **stderror, unsigned flags,
           const char *name, ...)
{
  va_list args;
  CLEANUP_FREE const char **argv = NULL;
  char *s;
  int i, r;

  /* Collect the command line arguments into an array. */
  i = 2;
  argv = malloc (sizeof (char *) * i);

 if (argv == NULL) {
    perror ("malloc");
    return -1;
  }
  argv[0] = (char *) name;
  argv[1] = NULL;

  __builtin_va_start (args, name);

  while ((s = __builtin_va_arg (args, char *)) != NULL) {
    const char **p = realloc (argv, sizeof (char *) * (++i)); /* { dg-bogus
"'free'" } */
    if (p == NULL) {
      perror ("realloc");
      // __builtin_va_end (args);
      return -1;
    }
    argv = p;
    argv[i-2] = s;
    argv[i-1] = NULL;
  }

  __builtin_va_end (args);

  r = commandrvf (stdoutput, stderror, flags, argv);

  return r;
}

-----

gcc -fanalyzer -fanalyzer-verbose-state-changes ./pr99193-1.leak.c
during IPA pass: analyzer
<source>:33:29: internal compiler error: Segmentation fault
   33 |   CLEANUP_FREE const char **argv = NULL;
      |                             ^~~~
0x216ac2e internal_error(char const*, ...)
        ???:0
0x218afec pp_format(pretty_printer*, text_info*)
        ???:0
0x1f7bfb6 make_label_text(bool, char const*, ...)
        ???:0
0x1f88b0d ana::state_change_event::get_desc(bool) const
        ???:0
0x1f86c0c ana::checker_event::prepare_for_emission(ana::checker_path*,
ana::pending_diagnostic*, diagnostic_event_id_t)
        ???:0
0x1fa79f5 ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph
const&, ana::saved_diagnostic const&)
        ???:0
0x1fa82a0 ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph
const&)
        ???:0
0x149fc31 ana::impl_run_checkers(ana::logger*)
        ???:0
0x14a0bdf ana::run_checkers()
        ???:0
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
Compiler returned: 1

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug analyzer/110907] ICE when using -fanalyzer-verbose-state-changes
  2023-08-04 21:22 [Bug analyzer/110907] New: ICE when using -fanalyzer-verbose-state-changes vultkayn at gcc dot gnu.org
@ 2024-02-15 14:29 ` dmalcolm at gcc dot gnu.org
  0 siblings, 0 replies; 2+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-02-15 14:29 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110907

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |DUPLICATE
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Looks like a duplicate of PR 113509; doesn't reproduce anymore with trunk.

*** This bug has been marked as a duplicate of bug 113509 ***

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-02-15 14:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-04 21:22 [Bug analyzer/110907] New: ICE when using -fanalyzer-verbose-state-changes vultkayn at gcc dot gnu.org
2024-02-15 14:29 ` [Bug analyzer/110907] " dmalcolm at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).