public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
@ 2024-03-08 14:51 zsojka at seznam dot cz
2024-03-08 15:20 ` [Bug analyzer/114286] " law at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: zsojka at seznam dot cz @ 2024-03-08 14:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
Bug ID: 114286
Summary: ICE: in deref_rvalue, at analyzer/region-model.cc:2762
with _Atomic _BitInt() and -fanalyzer
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
CC: jakub at gcc dot gnu.org
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Created attachment 57656
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57656&action=edit
reduced testcase
Compiler output:
$ x86_64-pc-linux-gnu-gcc -fanalyzer testcase.c
during IPA pass: analyzer
testcase.c: In function 'foo':
testcase.c:5:3: internal compiler error: in deref_rvalue, at
analyzer/region-model.cc:2762
5 | b;
| ^
0x8c81ff ana::region_model::deref_rvalue(ana::svalue const*, tree_node*,
ana::region_model_context*, bool) const
/repo/gcc-trunk/gcc/analyzer/region-model.cc:2762
0x192a209 ana::kf_atomic_load::impl_call_pre(ana::call_details const&) const
/repo/gcc-trunk/gcc/analyzer/kf.cc:289
0x19464f7 ana::region_model::on_call_pre(gcall const*,
ana::region_model_context*)
/repo/gcc-trunk/gcc/analyzer/region-model.cc:1700
0x194a31a ana::region_model::on_stmt_pre(gimple const*, bool*,
ana::region_model_context*)
/repo/gcc-trunk/gcc/analyzer/region-model.cc:1337
0x1912190 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*, bool*,
ana::path_context*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:1515
0x1914f2a ana::exploded_graph::process_node(ana::exploded_node*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:4125
0x1915e9a ana::exploded_graph::process_worklist()
/repo/gcc-trunk/gcc/analyzer/engine.cc:3516
0x19185f5 ana::impl_run_checkers(ana::logger*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:6210
0x1919506 ana::run_checkers()
/repo/gcc-trunk/gcc/analyzer/engine.cc:6301
0x1908158 execute
/repo/gcc-trunk/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r14-9382-20240308082802-g0bd04d9ae2d-checking-yes-rtl-df-extra-nobootstrap-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/14.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--disable-bootstrap --with-cloog --with-ppl --with-isl
--build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu
--target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --enable-libsanitizer
--disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r14-9382-20240308082802-g0bd04d9ae2d-checking-yes-rtl-df-extra-nobootstrap-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 14.0.1 20240308 (experimental) (GCC)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
@ 2024-03-08 15:20 ` law at gcc dot gnu.org
2024-03-15 12:35 ` jakub at gcc dot gnu.org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: law at gcc dot gnu.org @ 2024-03-08 15:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
Jeffrey A. Law <law at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |law at gcc dot gnu.org
Priority|P3 |P1
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
2024-03-08 15:20 ` [Bug analyzer/114286] " law at gcc dot gnu.org
@ 2024-03-15 12:35 ` jakub at gcc dot gnu.org
2024-03-18 16:54 ` dmalcolm at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-03-15 12:35 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2024-03-15
Status|UNCONFIRMED |NEW
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Doesn't seem to be _BitInt related,
struct S { long long a[16]; } s;
struct S
foo (void)
{
struct S r;
__atomic_load (&s, &r, __ATOMIC_RELAXED);
return r;
}
ICEs the same way. Guess analyzer doesn't handle properly atomic_load which
can't be optimized into the 1/2/4/8/16 byte variants and is handled by
libatomic.
Makes me wonder about other __atomic operations on such types, __atomic_store,
__atomic_exchange and __atomic_compare_exchange on such types.
And to answer my question,
void
bar (struct S x)
{
__atomic_store (&s, &x, __ATOMIC_RELAXED);
}
doesn't ICE,
struct S
baz (struct S x)
{
struct S r;
__atomic_exchange (&s, &x, &r, __ATOMIC_RELAXED);
}
does and
int
qux (struct S *e, struct S *d)
{
return __atomic_compare_exchange (&s, e, d, 0, __ATOMIC_RELAXED,
__ATOMIC_RELAXED);
}
doesn't.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
2024-03-08 15:20 ` [Bug analyzer/114286] " law at gcc dot gnu.org
2024-03-15 12:35 ` jakub at gcc dot gnu.org
@ 2024-03-18 16:54 ` dmalcolm at gcc dot gnu.org
2024-03-18 18:20 ` dmalcolm at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-03-18 16:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks; taking a look.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
` (2 preceding siblings ...)
2024-03-18 16:54 ` dmalcolm at gcc dot gnu.org
@ 2024-03-18 18:20 ` dmalcolm at gcc dot gnu.org
2024-03-18 18:26 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-03-18 18:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Looking at
https://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html#index-_005f_005fatomic_005fload
I see this signature for __atomic_load with 3 arguments:
Built-in Function: void __atomic_load (type *ptr, type *ret, int memorder)
and that's what I tried to implement in r14-1497-gef768035ae8090 in kf.cc's
class kf_atomic_load.
However, looking at the gimple, I see this call:
__atomic_load (128, &s, &r, 0);
and sync-builtins.def has this:
DEF_SYNC_BUILTIN (BUILT_IN_ATOMIC_LOAD,
"__atomic_load",
BT_FN_VOID_SIZE_CONST_VPTR_PTR_INT,
ATTR_NOTHROWCALL_LEAF_LIST)
so presumably the documentation for __atomic_load is wrong.
Presumably the signature should be:
void __atomic_load (size_t sz, const void *src, void *dst, int memorder);
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
` (3 preceding siblings ...)
2024-03-18 18:20 ` dmalcolm at gcc dot gnu.org
@ 2024-03-18 18:26 ` jakub at gcc dot gnu.org
2024-03-18 18:34 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-03-18 18:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
No, the documentation is correct.
It describes all that the user cares about, what arguments should be passed to
it when it is called.
Under the hood, it is then either optimized into __atomic_load_{1,2,4,8,16} (or
similarly for other atomic APIs), or to the generic one, based on the type.
And, for the generic one the size argument is added because the type is
irrelevant after the lowering.
See c-family/c-common.cc (resolve_overloaded_builtin) for details.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
` (4 preceding siblings ...)
2024-03-18 18:26 ` jakub at gcc dot gnu.org
@ 2024-03-18 18:34 ` dmalcolm at gcc dot gnu.org
2024-03-19 13:07 ` cvs-commit at gcc dot gnu.org
2024-03-19 13:12 ` dmalcolm at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-03-18 18:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Aha - thanks! Am working on a fix.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
` (5 preceding siblings ...)
2024-03-18 18:34 ` dmalcolm at gcc dot gnu.org
@ 2024-03-19 13:07 ` cvs-commit at gcc dot gnu.org
2024-03-19 13:12 ` dmalcolm at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-03-19 13:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
--- Comment #6 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:c7a774edbf802d79b95871ede5b80f6e9adf8e88
commit r14-9544-gc7a774edbf802d79b95871ede5b80f6e9adf8e88
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue Mar 19 09:06:45 2024 -0400
analyzer: fixes to __atomic_{exchange,load,store} [PR114286]
In r14-1497-gef768035ae8090 I added some support to the analyzer for
__atomic_ builtins (enough to fix false positives I was seeing in
my integration tests).
Unfortunately I messed up the implementation of
__atomic_{exchange,load,store}, leading to ICEs seen in
PR analyzer/114286.
Fixed thusly, fixing the ICEs. Given that we're in stage 4, the patch
doesn't add support for any of the various __atomic_compare_exchange
builtins, so that these continue to fall back to the analyzer's
"anything could happen" handling of unknown functions.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
gcc/analyzer/ChangeLog:
PR analyzer/114286
* kf.cc (class kf_atomic_exchange): Reimplement based on signature
seen in gimple, rather than user-facing signature.
(class kf_atomic_load): Likewise.
(class kf_atomic_store): New.
(register_atomic_builtins): Register kf_atomic_store.
gcc/testsuite/ChangeLog:
PR analyzer/114286
* c-c++-common/analyzer/atomic-builtins-pr114286.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/114286] ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
` (6 preceding siblings ...)
2024-03-19 13:07 ` cvs-commit at gcc dot gnu.org
@ 2024-03-19 13:12 ` dmalcolm at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-03-19 13:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114286
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #7 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-03-19 13:12 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-08 14:51 [Bug analyzer/114286] New: ICE: in deref_rvalue, at analyzer/region-model.cc:2762 with _Atomic _BitInt() and -fanalyzer zsojka at seznam dot cz
2024-03-08 15:20 ` [Bug analyzer/114286] " law at gcc dot gnu.org
2024-03-15 12:35 ` jakub at gcc dot gnu.org
2024-03-18 16:54 ` dmalcolm at gcc dot gnu.org
2024-03-18 18:20 ` dmalcolm at gcc dot gnu.org
2024-03-18 18:26 ` jakub at gcc dot gnu.org
2024-03-18 18:34 ` dmalcolm at gcc dot gnu.org
2024-03-19 13:07 ` cvs-commit at gcc dot gnu.org
2024-03-19 13:12 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).