public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/98293] New: [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494
@ 2020-12-15 17:17 gscfq@t-online.de
2020-12-15 18:09 ` [Bug analyzer/98293] " dmalcolm at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: gscfq@t-online.de @ 2020-12-15 17:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98293
Bug ID: 98293
Summary: [11 Regression] ICE in get_subregion_within_ctor, at
analyzer/store.cc:494
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: gscfq@t-online.de
Target Milestone: ---
Following options produce an ICE for several testsuite files,
e.g. file pr93399.c (changed between 20201004 and 20201018) :
$ gcc-10 -c pr93399.c -fanalyzer -fsanitize=undefined
$
$ gcc-11-20201213 -c pr93399.c -fanalyzer -fsanitize=undefined
during IPA pass: analyzer
pr93399.c: In function 'main':
pr93399.c:14:18: internal compiler error: Segmentation fault
14 | char *substr = strstr (argv[0], "\n");
| ^~~~~~~~~~~~~~~~~~~~~~
0xb5028f crash_signal
../../gcc/toplev.c:327
0xe936f5 get_subregion_within_ctor
../../gcc/analyzer/store.cc:494
0xe98ef7 ana::binding_map::apply_ctor_pair_to_child_region(ana::region const*,
ana::region_model_manager*, tree_node*, tree_node*)
../../gcc/analyzer/store.cc:615
0xe99219 ana::binding_map::apply_ctor_to_region(ana::region const*, tree_node*,
ana::region_model_manager*)
../../gcc/analyzer/store.cc:549
0xe990f0 ana::binding_map::apply_ctor_pair_to_child_region(ana::region const*,
ana::region_model_manager*, tree_node*, tree_node*)
../../gcc/analyzer/store.cc:617
0xe99219 ana::binding_map::apply_ctor_to_region(ana::region const*, tree_node*,
ana::region_model_manager*)
../../gcc/analyzer/store.cc:549
0xe7361c ana::decl_region::get_svalue_for_constructor(tree_node*,
ana::region_model_manager*) const
../../gcc/analyzer/region.cc:931
0xe7372a
ana::decl_region::get_svalue_for_initializer(ana::region_model_manager*) const
../../gcc/analyzer/region.cc:973
0xe75812 ana::region_model::get_initial_value_for_global(ana::region const*)
const
../../gcc/analyzer/region-model.cc:1451
0xe8a4bc ana::reachable_regions::add(ana::region const*, bool)
../../gcc/analyzer/region-model-reachability.cc:137
0xe780c0 ana::region_model::handle_unrecognized_call(gcall const*,
ana::region_model_context*)
../../gcc/analyzer/region-model.cc:967
0xe78382 ana::region_model::on_call_post(gcall const*, bool,
ana::region_model_context*)
../../gcc/analyzer/region-model.cc:923
0xe5e3a4 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*) const
../../gcc/analyzer/engine.cc:1210
0xe603ae ana::exploded_graph::process_node(ana::exploded_node*)
../../gcc/analyzer/engine.cc:2948
0xe60a52 ana::exploded_graph::process_worklist()
../../gcc/analyzer/engine.cc:2573
0xe629e2 ana::impl_run_checkers(ana::logger*)
../../gcc/analyzer/engine.cc:4738
0xe6427d ana::run_checkers()
../../gcc/analyzer/engine.cc:4809
0xe57828 execute
../../gcc/analyzer/analyzer-pass.cc:87
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/98293] [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494
2020-12-15 17:17 [Bug analyzer/98293] New: [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494 gscfq@t-online.de
@ 2020-12-15 18:09 ` dmalcolm at gcc dot gnu.org
2020-12-16 8:18 ` marxin at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2020-12-15 18:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98293
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2020-12-15
Status|UNCONFIRMED |ASSIGNED
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this; confirmed.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/98293] [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494
2020-12-15 17:17 [Bug analyzer/98293] New: [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494 gscfq@t-online.de
2020-12-15 18:09 ` [Bug analyzer/98293] " dmalcolm at gcc dot gnu.org
@ 2020-12-16 8:18 ` marxin at gcc dot gnu.org
2021-01-04 15:12 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-12-16 8:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98293
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |marxin at gcc dot gnu.org
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
Just for the record, it started with r11-3840-gaf66094d03779377.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/98293] [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494
2020-12-15 17:17 [Bug analyzer/98293] New: [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494 gscfq@t-online.de
2020-12-15 18:09 ` [Bug analyzer/98293] " dmalcolm at gcc dot gnu.org
2020-12-16 8:18 ` marxin at gcc dot gnu.org
@ 2021-01-04 15:12 ` rguenth at gcc dot gnu.org
2021-01-05 0:21 ` cvs-commit at gcc dot gnu.org
2021-01-05 0:26 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-01-04 15:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98293
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P4
Target Milestone|--- |11.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/98293] [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494
2020-12-15 17:17 [Bug analyzer/98293] New: [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494 gscfq@t-online.de
` (2 preceding siblings ...)
2021-01-04 15:12 ` rguenth at gcc dot gnu.org
@ 2021-01-05 0:21 ` cvs-commit at gcc dot gnu.org
2021-01-05 0:26 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-01-05 0:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98293
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:15af33a88065f983181550fc53821f1c6e14c5c7
commit r11-6452-g15af33a88065f983181550fc53821f1c6e14c5c7
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Jan 4 19:20:32 2021 -0500
analyzer: fix ICE with -fsanitize=undefined [PR98293]
-fsanitize=undefined with calls to nonnull functions
creates struct __ubsan_nonnull_arg_data instances
with CONSTRUCTORs for RECORD_TYPEs with NULL index values.
The analyzer was mistakenly using INTEGER_CST for these
fields, leading to ICEs.
Fix the issue by iterating through the fields in the type
for such cases, imitating similar logic in varasm.c's
output_constructor.
gcc/analyzer/ChangeLog:
PR analyzer/98293
* store.cc (binding_map::apply_ctor_to_region): When "index" is
NULL, iterate through the fields for RECORD_TYPEs, rather than
creating an INTEGER_CST index.
gcc/testsuite/ChangeLog:
PR analyzer/98293
* gcc.dg/analyzer/pr98293.c: New test.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/98293] [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494
2020-12-15 17:17 [Bug analyzer/98293] New: [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494 gscfq@t-online.de
` (3 preceding siblings ...)
2021-01-05 0:21 ` cvs-commit at gcc dot gnu.org
@ 2021-01-05 0:26 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-01-05 0:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98293
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above commit
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-01-05 0:26 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-15 17:17 [Bug analyzer/98293] New: [11 Regression] ICE in get_subregion_within_ctor, at analyzer/store.cc:494 gscfq@t-online.de
2020-12-15 18:09 ` [Bug analyzer/98293] " dmalcolm at gcc dot gnu.org
2020-12-16 8:18 ` marxin at gcc dot gnu.org
2021-01-04 15:12 ` rguenth at gcc dot gnu.org
2021-01-05 0:21 ` cvs-commit at gcc dot gnu.org
2021-01-05 0:26 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).