https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109802
Bug ID: 109802
Summary: [regression] during IPA pass: analyzer: internal
compiler error (using dubious flexible arrays in
unions)
Product: gcc
Version: 13.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: colomar.6.4.3 at gmail dot com
Target Milestone: ---
Created attachment 55039
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55039&action=edit
preprocessed_source
Hi!
I was compiling some reduced version of some nasty code I found in a project,
to see
what GCC has to say about it. I'm not sure if it has defined behavior or not,
according to strict-aliasing rules. That code managed to get GCC on its knees
:)
$ cat flexi.c
#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
union u {
char base[0];
ptrdiff_t off;
};
struct s {
int x;
union u u[0];
};
int
main(void)
{
char *p;
struct s *s;
s = malloc(sizeof(struct s) +
sizeof(union u) * 2 +
sizeof("foo") + sizeof("bar"));
p = (void *) s + sizeof(struct s) + sizeof(union u) * 2;
s->u[0].off = p - s->u[0].base;
p = stpcpy(p, "foo") + 1;
s->u[1].off = p - s->u[1].base;
p = stpcpy(p, "bar") + 1;
puts(s->u[0].base + s->u[0].off);
puts(s->u[1].base + s->u[1].off);
}
$ gcc-12 -Wall -Wextra -Werror -fanalyzer -O3 flexi.c
$ ./a.out
foo
bar
$ gcc-13 -Wall -Wextra -Werror -fanalyzer -O3 flexi.c -freport-bug
during IPA pass: analyzer
flexi.c: In function ‘main’:
flexi.c:34:36: internal compiler error: in make, at analyzer/store.cc:132
34 | puts(s->u[1].base + s->u[1].off);
| ~~~~~~~^~~~
0xcec8a5 ana::binding_key::make(ana::store_manager*, ana::region const*)
../../src/gcc/analyzer/store.cc:132
0xcf9533 ana::binding_cluster::get_binding(ana::store_manager*, ana::region
const*) const
../../src/gcc/analyzer/store.cc:1567
0xcf95eb ana::binding_cluster::get_binding_recursive(ana::store_manager*,
ana::region const*) const
../../src/gcc/analyzer/store.cc:1604
0xd05e49 ana::binding_cluster::get_any_binding(ana::store_manager*, ana::region
const*) const
../../src/gcc/analyzer/store.cc:1627
0xcd45f7 ana::region_model::get_store_value(ana::region const*,
ana::region_model_context*) const
../../src/gcc/analyzer/region-model.cc:2407
0xcd4e72 ana::region_model::get_rvalue(ana::path_var,
ana::region_model_context*) const
../../src/gcc/analyzer/region-model.cc:2297
0xcd6a5c ana::region_model::on_assignment(gassign const*,
ana::region_model_context*)
../../src/gcc/analyzer/region-model.cc:1156
0xcdc2da ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*,
ana::path_context*)
../../src/gcc/analyzer/engine.cc:1471
0xcdc877 ana::exploded_graph::process_node(ana::exploded_node*)
../../src/gcc/analyzer/engine.cc:4063
0xcdd8b9 ana::exploded_graph::process_worklist()
../../src/gcc/analyzer/engine.cc:3466
0xcddc57 ana::impl_run_checkers(ana::logger*)
../../src/gcc/analyzer/engine.cc:6125
0xcde4ff ana::run_checkers()
../../src/gcc/analyzer/engine.cc:6213
0xcde54b execute
../../src/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source.
Please include the complete backtrace with any bug report.
See <file:///usr/share/doc/gcc-13/README.Bugs> for instructions.
Preprocessed source stored into /tmp/ccZKUz79.out file, please attach this to
your bugreport.
You'll find attached the file produced by GCC, as per its own instructions.
