public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/112811] New: ICE in -fanalyzer in has_null_terminator
@ 2023-12-01 15:12 dmalcolm at gcc dot gnu.org
2024-01-18 17:12 ` [Bug analyzer/112811] " cvs-commit at gcc dot gnu.org
2024-01-18 17:21 ` dmalcolm at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-12-01 15:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112811
Bug ID: 112811
Summary: ICE in -fanalyzer in has_null_terminator
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 106358
Target Milestone: ---
-fanalyzer with trunk ICEs on:
struct foo_laptop_debug {
struct dentry *root;
unsigned long size;
};
struct foo_laptop {
void *placeholder;
struct foo_laptop_debug debug;
char sdiag[64];
};
extern struct dentry *debugfs_create_dir(void);
void foo_debugfs_init(struct foo_laptop *foo) {
struct dentry *root;
root = debugfs_create_dir();
foo->debug.root = root;
foo->debug.size = __builtin_strlen(foo->sdiag);
}
during IPA pass: analyzer
t.c: In function ‘foo_debugfs_init’:
t.c:17:21: internal compiler error: in has_null_terminator, at
analyzer/region-model.cc:3523
17 | foo->debug.size = __builtin_strlen(foo->sdiag);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
0x1495415
ana::fragment::has_null_terminator(generic_wide_int<fixed_wide_int_storage<128>
>, generic_wide_int<fixed_wide_int_storage<128> >*) const
../../src/gcc/analyzer/region-model.cc:3523
0x1495322
ana::fragment::has_null_terminator(generic_wide_int<fixed_wide_int_storage<128>
>, generic_wide_int<fixed_wide_int_storage<128> >*) const
../../src/gcc/analyzer/region-model.cc:3602
0x1484e6c ana::region_model::scan_for_null_terminator(ana::region const*,
tree_node*, ana::svalue const**, ana::region_model_context*) const
../../src/gcc/analyzer/region-model.cc:3833
0x1485695
ana::region_model::check_for_null_terminated_string_arg(ana::call_details
const&, unsigned int, bool, ana::svalue const**) const
../../src/gcc/analyzer/region-model.cc:4054
0x146703b ana::kf_strlen::impl_call_pre(ana::call_details const&) const
../../src/gcc/analyzer/kf.cc:1392
0x1481c4c ana::region_model::on_call_pre(gcall const*,
ana::region_model_context*)
../../src/gcc/analyzer/region-model.cc:1651
0x1486b9a ana::region_model::on_stmt_pre(gimple const*, bool*,
ana::region_model_context*)
../../src/gcc/analyzer/region-model.cc:1300
0x144ceb5 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*, bool*, \
ana::path_context*)
../../src/gcc/analyzer/engine.cc:1507
0x144f680 ana::exploded_graph::process_node(ana::exploded_node*)
../../src/gcc/analyzer/engine.cc:4123
0x145035a ana::exploded_graph::process_worklist()
../../src/gcc/analyzer/engine.cc:3512
0x1452330 ana::impl_run_checkers(ana::logger*)
../../src/gcc/analyzer/engine.cc:6206
0x14532c6 ana::run_checkers()
../../src/gcc/analyzer/engine.cc:6297
0x14445ec execute
../../src/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
Trunk (for gcc 14): https://godbolt.org/z/Pc5heGh7e
Doesn't affect gcc 13
(reduced from ICE on linux kernel: 'samsung_debugfs_init' at
drivers/platform/x86/samsung-laptop.c:1292:38)
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358
[Bug 106358] [meta-bug] tracker bug for building the Linux kernel with
-fanalyzer
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/112811] ICE in -fanalyzer in has_null_terminator
2023-12-01 15:12 [Bug analyzer/112811] New: ICE in -fanalyzer in has_null_terminator dmalcolm at gcc dot gnu.org
@ 2024-01-18 17:12 ` cvs-commit at gcc dot gnu.org
2024-01-18 17:21 ` dmalcolm at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-01-18 17:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112811
--- Comment #1 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:84096e665c5f7d7ffb07f18a5fd5e804a94b237b
commit r14-8256-g84096e665c5f7d7ffb07f18a5fd5e804a94b237b
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Jan 18 12:11:57 2024 -0500
analyzer: fix offsets in has_null_terminator [PR112811]
PR analyzer/112811 reports an ICE attempting to determine whether a
string is null-terminated.
The root cause is confusion in the code about whether byte offsets are
relative to the start of the base region, or relative to the bound
fragment within the the region.
This patch rewrites the code to enforce a clearer separation between
the kinds of offset, fixing the ICE, and adds logging to help track
down future issues in this area of the code.
gcc/analyzer/ChangeLog:
PR analyzer/112811
* region-model.cc (fragment::dump_to_pp): New.
(fragment::has_null_terminator): Convert to...
(svalue_byte_range_has_null_terminator_1): ...this new function,
updating to use a byte_range relative to the start of the svalue.
(svalue_byte_range_has_null_terminator): New.
(fragment::string_cst_has_null_terminator): Convert to...
(string_cst_has_null_terminator): ...this, updating to use a
byte_range relative to the start of the svalue.
(iterable_cluster::dump_to_pp): New.
(region_model::scan_for_null_terminator): Add logging, moving body
to...
(region_model::scan_for_null_terminator_1): ...this new function,
adding more logging, and updating to use
svalue_byte_range_has_null_terminator.
* region-model.h (region_model::scan_for_null_terminator_1): New
decl.
gcc/testsuite/ChangeLog:
PR analyzer/112811
* c-c++-common/analyzer/strlen-pr112811.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/112811] ICE in -fanalyzer in has_null_terminator
2023-12-01 15:12 [Bug analyzer/112811] New: ICE in -fanalyzer in has_null_terminator dmalcolm at gcc dot gnu.org
2024-01-18 17:12 ` [Bug analyzer/112811] " cvs-commit at gcc dot gnu.org
@ 2024-01-18 17:21 ` dmalcolm at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-01-18 17:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112811
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|UNCONFIRMED |RESOLVED
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-18 17:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-01 15:12 [Bug analyzer/112811] New: ICE in -fanalyzer in has_null_terminator dmalcolm at gcc dot gnu.org
2024-01-18 17:12 ` [Bug analyzer/112811] " cvs-commit at gcc dot gnu.org
2024-01-18 17:21 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).