From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 805F9384475B; Thu, 9 May 2024 17:11:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 805F9384475B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1715274703; bh=soDasuJ7Egd8eg01a7aQB6e6ZLz8kOJObcrod2fC/5k=; h=From:To:Subject:Date:In-Reply-To:References:From; b=IBTaaJLxfAUZLna01hJDymwjhv36Rwkq2MMsW1b5yEjkN71aQPt6LELxJYtRiq2dV 6sZ+cWPR9ZxnQ6MonRT6mrkxZ0msvUUo4OwMFLMeIQpvEcwKlgfKGQ8izEYwGLExpx seEqpJw5c1wADtVMKeOaslU0V+cIgFBrRrL3dFnA= From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/112889] [11/12/13 Regression] ICE with -fanalyzer seen on Linux kernel drivers/infiniband/hw/cxgb4/cm.c Date: Thu, 09 May 2024 17:11:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 14.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: 11.5 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D112889 --- Comment #5 from GCC Commits --- The releases/gcc-13 branch has been updated by David Malcolm : https://gcc.gnu.org/g:a1cb188cb2ca2ad3f4e837dba2967f323669d36e commit r13-8750-ga1cb188cb2ca2ad3f4e837dba2967f323669d36e Author: David Malcolm Date: Thu May 9 13:09:29 2024 -0400 analyzer: fix ICE for 2 bits before the start of base region [PR112889] Cncrete bindings were using -1 and -2 in the offset field to signify deleted and empty hash slots, but these are valid values, leading to assertion failures inside hash_map::put on a debug build, and probable bugs in a release build. (gdb) call k.dump(true) start: -2, size: 1, next: -1 (gdb) p k.is_empty() $6 =3D true Fix by using the size field rather than the offset. Backported from commit r14-6297-g775aeabcb870b7 (moving the testcase from c-c++-common to gcc.dg). gcc/analyzer/ChangeLog: PR analyzer/112889 * store.h (concrete_binding::concrete_binding): Strengthen assertion to require size to be be positive, rather than just non-zero. (concrete_binding::mark_deleted): Use size rather than start bit offset. (concrete_binding::mark_empty): Likewise. (concrete_binding::is_deleted): Likewise. (concrete_binding::is_empty): Likewise. gcc/testsuite/ChangeLog: PR analyzer/112889 * gcc.dg/analyzer/ice-pr112889.c: New test. Signed-off-by: David Malcolm =