[Bug tree-optimization/97201] New: [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[Bug tree-optimization/97201] New: [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

            Bug ID: 97201
           Summary: [11 Regression] ICE in location_wrapper_p at
                    gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86
           Product: gcc
           Version: 10.0
            Status: UNCONFIRMED
          Keywords: ice-on-valid-code
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: marxin at gcc dot gnu.org
                CC: msebor at gcc dot gnu.org
  Target Milestone: ---

The following causes a new ICE:

$ cat ice.ii
void testNewUseAfterFree() {
  int *p = (int *)operator new(0);
  int j = *p;
}

$ g++ -Warray-bounds=2 -fnon-call-exceptions ice.ii -c -O2
‘
during GIMPLE pass: vrp
In function ‘void testNewUseAfterFree()’:
Segmentation fault
    1 | void testNewUseAfterFree() {
      |      ^~~~~~~~~~~~~~~~~~~
0x1611858 crash_signal
        /home/marxin/Programming/gcc/gcc/toplev.c:329
0x7ffff788652f ???
       
/usr/src/debug/glibc-2.31-6.3.x86_64/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0x9eb801 location_wrapper_p(tree_node const*)
        /home/marxin/Programming/gcc/gcc/tree.h:4002
0x9eb87e tree_strip_any_location_wrapper(tree_node*)
        /home/marxin/Programming/gcc/gcc/tree.h:4014
0x1a5d764 integer_all_onesp(tree_node const*)
        /home/marxin/Programming/gcc/gcc/tree.c:2658
0xb272ee dump_type_suffix
        /home/marxin/Programming/gcc/gcc/cp/error.c:955
0xb25496 dump_type
        /home/marxin/Programming/gcc/gcc/cp/error.c:587
0xb32bd6 type_to_string
        /home/marxin/Programming/gcc/gcc/cp/error.c:3206
0xb369ea cp_printer
        /home/marxin/Programming/gcc/gcc/cp/error.c:4286
0x27f333c pp_format(pretty_printer*, text_info*)
        /home/marxin/Programming/gcc/gcc/pretty-print.c:1475
0x27d722e diagnostic_report_diagnostic(diagnostic_context*, diagnostic_info*)
        /home/marxin/Programming/gcc/gcc/diagnostic.c:1205
0x27d98a8 diagnostic_impl
        /home/marxin/Programming/gcc/gcc/diagnostic.c:1355
0x27d98a8 warning_at(unsigned int, int, char const*, ...)
        /home/marxin/Programming/gcc/gcc/diagnostic.c:1492
0x255e9d1 array_bounds_checker::check_mem_ref(unsigned int, tree_node*, bool)
        /home/marxin/Programming/gcc/gcc/gimple-array-bounds.cc:697
0x255f962 array_bounds_checker::check_array_bounds(tree_node**, int*, void*)
        /home/marxin/Programming/gcc/gcc/gimple-array-bounds.cc:909
0x1a845f8 walk_tree_1(tree_node**, tree_node* (*)(tree_node**, int*, void*),
void*, hash_set<tree_node*, false, default_hash_traits<tree_node*> >*,
tree_node* (*)(tree_node**, int*, tree_node* (*)(tree_node**, int*, void*),
void*, hash_set<tree_node*, false, default_hash_traits<tree_node*> >*))
        /home/marxin/Programming/gcc/gcc/tree.c:12001
0x11acac3 walk_gimple_op(gimple*, tree_node* (*)(tree_node**, int*, void*),
walk_stmt_info*)
        /home/marxin/Programming/gcc/gcc/gimple-walk.c:202
0x255fa93 check_array_bounds_dom_walker::before_dom_children(basic_block_def*)
        /home/marxin/Programming/gcc/gcc/gimple-array-bounds.cc:966
0x253832d dom_walker::walk(basic_block_def*)
        /home/marxin/Programming/gcc/gcc/domwalk.c:309
0x255faf7 array_bounds_checker::check()
        /home/marxin/Programming/gcc/gcc/gimple-array-bounds.cc:980
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

[Bug tree-optimization/97201] [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to work|                            |10.2.0
   Target Milestone|---                         |11.0
   Last reconfirmed|                            |2020-09-25
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
      Known to fail|                            |11.0

[Bug tree-optimization/97201] [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at gcc dot gnu.org      |msebor at gcc dot gnu.org
             Status|NEW                         |ASSIGNED

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Ugh.  This is the result of the gratuitous difference in the representation of
zero-length arrays between C and C++.  The patch below fixes it though the
difference is a gotcha that will likely keep causing more problems down the
road (I don't think this isn't the first one).

diff --git a/gcc/cp/error.c b/gcc/cp/error.c
index ecb41e82d8c..59c915deb1f 100644
--- a/gcc/cp/error.c
+++ b/gcc/cp/error.c
@@ -951,8 +951,9 @@ dump_type_suffix (cxx_pretty_printer *pp, tree t, int
flags)
       if (tree dtype = TYPE_DOMAIN (t))
        {
          tree max = TYPE_MAX_VALUE (dtype);
-         /* Zero-length arrays have an upper bound of SIZE_MAX.  */
-         if (integer_all_onesp (max))
+         /* Zero-length arrays have a null upper bound in C++ and
+            SIZE_MAX in C.  */
+         if (!max || integer_all_onesp (max))
            pp_character (pp, '0');
          else if (tree_fits_shwi_p (max))
            pp_wide_integer (pp, tree_to_shwi (max) + 1);

[Bug tree-optimization/97201] [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
Just a correction to the comment:

+         /* Zero-length arrays have a null upper bound in C++ and
+            SIZE_MAX in C.  */

It's actually the other way around.

[Bug tree-optimization/97201] [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
The decision to use null for the upper bound can be traced to this message:
https://gcc.gnu.org/pipermail/gcc-patches/2015-December/437361.html

[Bug tree-optimization/97201] [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |patch

--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
Patch: https://gcc.gnu.org/pipermail/gcc-patches/2020-September/554893.html

[Bug tree-optimization/97201] [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P1

[Bug tree-optimization/97201] [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:

https://gcc.gnu.org/g:1be51a3a9ac3409561223c8058d4943f9b574d15

commit r11-3828-g1be51a3a9ac3409561223c8058d4943f9b574d15
Author: Martin Sebor <msebor@redhat.com>
Date:   Mon Oct 12 09:35:02 2020 -0600

    PR c++/97201 - ICE in -Warray-bounds writing to result of operator new(0)

    gcc/cp/ChangeLog:

            PR c++/97201
            * error.c (dump_type_suffix): Handle both the C and C++ forms of
            zero-length arrays.

    libstdc++-v3/ChangeLog:

            PR c++/97201
            * libsupc++/new (operator new): Add attribute alloc_size and
malloc.

    gcc/testsuite/ChangeLog:

            PR c++/97201
            * g++.dg/warn/Wplacement-new-size-8.C: Adjust expected message.
            * g++.dg/warn/Warray-bounds-10.C: New test.
            * g++.dg/warn/Warray-bounds-11.C: New test.
            * g++.dg/warn/Warray-bounds-12.C: New test.
            * g++.dg/warn/Warray-bounds-13.C: New test.

[Bug c++/97201] [11 Regression] ICE in location_wrapper_p at gcc/gcc/tree.h:4002 since r11-3410-g67aeddb785ddcc86

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97201

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
          Component|tree-optimization           |c++
         Resolution|---                         |FIXED

--- Comment #6 from Martin Sebor <msebor at gcc dot gnu.org> ---
Fixed in r11-3828.