From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id BE7C7385842F; Wed, 3 Jan 2024 18:28:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BE7C7385842F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1704306502; bh=GCcBig94Ayd4FqPHa36gmK1l5j1m7AakQ6nO1NKM6Ns=; h=From:To:Subject:Date:From; b=SfQqUn0sH72tKbpVn+r8lSnqwAoUYq4nN0qOGp+NDBPI6JyEkow33dxPtphgg4O9b mrf2VeUr56l8A1Au5kIismy8PVez1Rc7Gi5l0SYjsLmFW47lJhp/dBcuaU9AxfW3Ik DHQskYU8++9F3V9ryhDy1cTics+5vCk/4tNY5si0= From: "dmalcolm at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/113222] New: ICE with -fanalyzer seen on Linux kernel kernel/sched/core.c Date: Wed, 03 Jan 2024 18:28:21 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dmalcolm at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter blocked target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D113222 Bug ID: 113222 Summary: ICE with -fanalyzer seen on Linux kernel kernel/sched/core.c Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- Given: VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV= V=20=20=20=20 struct sched_class { int f; }; extern struct sched_class __end_sched_classes[]; int test () { const struct sched_class* class =3D ((__end_sched_classes - 1)); return class->f; } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ trunk with -fanalyzer ICEs with: /tmp/t.c: In function =E2=80=98test=E2=80=99: /tmp/t.c:11:15: warning: buffer under-read [CWE-127] [-Wanalyzer-out-of-bou= nds] 11 | return class->f; | ~~~~~^~~ =E2=80=98test=E2=80=99: event 1 | | 11 | return class->f; | | ~~~~~^~~ | | | | | (1) out-of-bounds read from byte -4 till byte -1= but =E2=80=98__end_sched_classes=E2=80=99 starts at byte 0 | during IPA pass: analyzer /tmp/t.c:11:15: internal compiler error: Segmentation fault 11 | return class->f; | ~~~~~^~~ 0x10708aa crash_signal ../../src/gcc/toplev.cc:316 0x2299a65 tree_check6(tree_node*, char const*, int, char const*, tree_code, tree_code, tree_code, tree_code, tree_code, tree_code) ../../src/gcc/tree.h:3726 0x2299a65 ana::valid_region_spatial_item::add_boundaries(ana::boundaries&, ana::logger*) const ../../src/gcc/analyzer/access-diagram.cc:1337 0x229e2e0 ana::access_diagram_impl::find_boundaries() const ../../src/gcc/analyzer/access-diagram.cc:2197 0x229e2e0 ana::access_diagram_impl::access_diagram_impl(ana::access_operati= on const&, diagnostic_event_id_t, text_art::style_manager&, text_art::theme const&, ana::logger*) ../../src/gcc/analyzer/access-diagram.cc:2064 0x229283b std::enable_if::value, std::unique_ptr > >::type make_unique(ana::access_operation const&, diagnostic_event_id_t&, text_art::style_manager&, text_art::theme const&, ana::logger*&) ../../src/gcc/make-unique.h:41 0x229283b ana::access_diagram::access_diagram(ana::access_operation const&, diagnostic_event_id_t, text_art::style_manager&, text_art::theme const&, ana::logger*) ../../src/gcc/analyzer/access-diagram.cc:2666 0x212b331 ana::out_of_bounds::make_access_diagram(ana::access_operation con= st&, text_art::style_manager&, text_art::theme const&, ana::logger*) const ../../src/gcc/analyzer/bounds-checking.cc:208 0x212b331 ana::out_of_bounds::maybe_show_diagram(ana::logger*) const ../../src/gcc/analyzer/bounds-checking.cc:187 0x212b803 ana::concrete_buffer_under_read::emit(ana::diagnostic_emission_context&) ../../src/gcc/analyzer/bounds-checking.cc:806 0x214ff37 ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph const&, ana::saved_diagnostic&) ../../src/gcc/analyzer/diagnostic-manager.cc:1617 0x2153ba6 ana::dedupe_winners::emit_best(ana::diagnostic_manager*, ana::exploded_graph const&) ../../src/gcc/analyzer/diagnostic-manager.cc:1472 0x215053f ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_gra= ph const&) ../../src/gcc/analyzer/diagnostic-manager.cc:1524 0x1479be4 ana::impl_run_checkers(ana::logger*) ../../src/gcc/analyzer/engine.cc:6226 0x147ab56 ana::run_checkers() ../../src/gcc/analyzer/engine.cc:6300 0x146be6c execute ../../src/gcc/analyzer/analyzer-pass.cc:87 Please submit a full bug report, with preprocessed source (by using -freport-bug). Please include the complete backtrace with any bug report. See for instructions. Trunk: affected: https://godbolt.org/z/11axozEc1 GCC 13.2: not affected: https://godbolt.org/z/43sdrx9jf Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106358 [Bug 106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer=