From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id CA3153857C4B; Fri,  1 Dec 2023 15:12:03 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CA3153857C4B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1701443523;
	bh=HHv5+/Y5TbjLNCV1A30i9pCTJy1DkE3rMw8/YUEEX8Y=;
	h=From:To:Subject:Date:From;
	b=dhcWigceXyGAZ/s8Mb0aEKHr65OcWzXcsB1F3cS+t1V9DpG3bXyU9drVYPnmE9byx
	 7DVSVGl7GR1xHfo+TxTevpHlsHqXPSx34srKPKz1x29foo5jM2uwt7zVeCO81Yabar
	 X+PXn5CNEfvDjIquaMS4z3x9MREgZKgxctBM5rSE=
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/112811] New: ICE in -fanalyzer in has_null_terminator
Date: Fri, 01 Dec 2023 15:12:01 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: unknown
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: dmalcolm at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter blocked target_milestone
Message-ID: <bug-112811-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D112811

            Bug ID: 112811
           Summary: ICE in -fanalyzer in has_null_terminator
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
            Blocks: 106358
  Target Milestone: ---

-fanalyzer with trunk ICEs on:

struct foo_laptop_debug {
  struct dentry *root;
  unsigned long size;
};
struct foo_laptop {
  void *placeholder;
  struct foo_laptop_debug debug;
  char sdiag[64];
};

extern struct dentry *debugfs_create_dir(void);

void foo_debugfs_init(struct foo_laptop *foo) {
  struct dentry *root;
  root =3D debugfs_create_dir();
  foo->debug.root =3D root;
  foo->debug.size =3D __builtin_strlen(foo->sdiag);
}

during IPA pass: analyzer
t.c: In function =E2=80=98foo_debugfs_init=E2=80=99:
t.c:17:21: internal compiler error: in has_null_terminator, at
analyzer/region-model.cc:3523
   17 |   foo->debug.size =3D __builtin_strlen(foo->sdiag);
      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
0x1495415
ana::fragment::has_null_terminator(generic_wide_int<fixed_wide_int_storage<=
128>
>, generic_wide_int<fixed_wide_int_storage<128> >*) const
        ../../src/gcc/analyzer/region-model.cc:3523
0x1495322
ana::fragment::has_null_terminator(generic_wide_int<fixed_wide_int_storage<=
128>
>, generic_wide_int<fixed_wide_int_storage<128> >*) const
        ../../src/gcc/analyzer/region-model.cc:3602
0x1484e6c ana::region_model::scan_for_null_terminator(ana::region const*,
tree_node*, ana::svalue const**, ana::region_model_context*) const
        ../../src/gcc/analyzer/region-model.cc:3833
0x1485695
ana::region_model::check_for_null_terminated_string_arg(ana::call_details
const&, unsigned int, bool, ana::svalue const**) const
        ../../src/gcc/analyzer/region-model.cc:4054
0x146703b ana::kf_strlen::impl_call_pre(ana::call_details const&) const
        ../../src/gcc/analyzer/kf.cc:1392
0x1481c4c ana::region_model::on_call_pre(gcall const*,
ana::region_model_context*)
        ../../src/gcc/analyzer/region-model.cc:1651
0x1486b9a ana::region_model::on_stmt_pre(gimple const*, bool*,
ana::region_model_context*)
        ../../src/gcc/analyzer/region-model.cc:1300
0x144ceb5 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*, bool*, \
ana::path_context*)
        ../../src/gcc/analyzer/engine.cc:1507
0x144f680 ana::exploded_graph::process_node(ana::exploded_node*)
        ../../src/gcc/analyzer/engine.cc:4123
0x145035a ana::exploded_graph::process_worklist()
        ../../src/gcc/analyzer/engine.cc:3512
0x1452330 ana::impl_run_checkers(ana::logger*)
        ../../src/gcc/analyzer/engine.cc:6206
0x14532c6 ana::run_checkers()
        ../../src/gcc/analyzer/engine.cc:6297
0x14445ec execute
        ../../src/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

Trunk (for gcc 14): https://godbolt.org/z/Pc5heGh7e
Doesn't affect gcc 13

(reduced from ICE on linux kernel: 'samsung_debugfs_init' at
drivers/platform/x86/samsung-laptop.c:1292:38)


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106358
[Bug 106358] [meta-bug] tracker bug for building the Linux kernel with
-fanalyzer=