From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 887713858C52; Wed, 11 Oct 2023 18:27:04 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 887713858C52
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1697048824;
	bh=XDeAjARlZfhwX+RS5WuP5R3H1E+HpC93n/Hau7KUPvc=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=FguQqDk0AR9qGqXbKqvaeGB6E/HyaVrtH9wF9OoIsppVWR/x19Oe74l0vU4DpWz9M
	 YvPXoZM3ZIhtUXOxG5/SczcTg00c3Najn4xROMTdPFGkW0zSqSpvzYgZFmNT7xC50o
	 nM5nswA2ZKY2W4faS/OQDxDbxVZ8KZpxfmcnEjGY=
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/111537] ICE: in set_cell_span, at
 text-art/table.cc:148 with D front-end and -fanalyzer
Date: Wed, 11 Oct 2023 18:27:03 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 14.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: dmalcolm at gcc dot gnu.org
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-111537-4-dGNyzsynKF@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-111537-4@http.gcc.gnu.org/bugzilla/>
References: <bug-111537-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D111537

--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
It's complaining about the read from the string literal.

If I change the string in the reproducer from "hello world" to "foo", I see:

(gdb) pt string_cst
 <string_cst 0x7fffea76f738
    type <array_type 0x7fffea78a150
        type <integer_type 0x7fffea772930 char readonly unsigned QI
            size <integer_cst 0x7fffea644eb8 constant 8>
            unit-size <integer_cst 0x7fffea644ed0 constant 1>
            align:8 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7fffea772930 precision:8 min <integer_cst 0x7fffea6624c8 0> max <integer_=
cst
0x7fffea662450 255>
            pointer_to_this <pointer_type 0x7fffea78a000>>
        SI
        size <integer_cst 0x7fffea662018 constant 32>
        unit-size <integer_cst 0x7fffea662030 constant 4>
        align:8 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7fffea78a150
        domain <integer_type 0x7fffea672150 type <integer_type 0x7fffea65e0=
00
sizetype>
            DI
            size <integer_cst 0x7fffea644dc8 constant 64>
            unit-size <integer_cst 0x7fffea644de0 constant 8>
            align:64 warn_if_not_align:0 symtab:0 alias-set -1 canonical-ty=
pe
0x7fffea672150 precision:64 min <integer_cst 0x7fffea644df8 0> max <integer=
_cst
0x7fffea662558 3>>
        pointer_to_this <p

Looking at TREE_STRING_LENGTH:

/* In a STRING_CST */
/* In C terms, this is sizeof, not strlen.  */
#define TREE_STRING_LENGTH(NODE) (STRING_CST_CHECK (NODE)->string.length)

(gdb) p string_cst->string.length
$36 =3D 3

The analyzer is using this for determining the validly accessible size of t=
he
string, which it determines is 3 bytes:

(gdb) call valid_bits.dump(true)
bytes 0-2

whereas the read is of 4 bytes:
(gdb) call actual_bits.dump(true)
bytes 0-3

Is D correctly building that string_cst?  Are D strings 0-terminated?=