https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112889
--- Comment #5 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-13 branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:a1cb188cb2ca2ad3f4e837dba2967f323669d36e commit r13-8750-ga1cb188cb2ca2ad3f4e837dba2967f323669d36e Author: David Malcolm <dmalc...@redhat.com> Date: Thu May 9 13:09:29 2024 -0400 analyzer: fix ICE for 2 bits before the start of base region [PR112889] Cncrete bindings were using -1 and -2 in the offset field to signify deleted and empty hash slots, but these are valid values, leading to assertion failures inside hash_map::put on a debug build, and probable bugs in a release build. (gdb) call k.dump(true) start: -2, size: 1, next: -1 (gdb) p k.is_empty() $6 = true Fix by using the size field rather than the offset. Backported from commit r14-6297-g775aeabcb870b7 (moving the testcase from c-c++-common to gcc.dg). gcc/analyzer/ChangeLog: PR analyzer/112889 * store.h (concrete_binding::concrete_binding): Strengthen assertion to require size to be be positive, rather than just non-zero. (concrete_binding::mark_deleted): Use size rather than start bit offset. (concrete_binding::mark_empty): Likewise. (concrete_binding::is_deleted): Likewise. (concrete_binding::is_empty): Likewise. gcc/testsuite/ChangeLog: PR analyzer/112889 * gcc.dg/analyzer/ice-pr112889.c: New test. Signed-off-by: David Malcolm <dmalc...@redhat.com>
