https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113222
Bug ID: 113222 Summary: ICE with -fanalyzer seen on Linux kernel kernel/sched/core.c Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106358 Target Milestone: --- Given: VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV struct sched_class { int f; }; extern struct sched_class __end_sched_classes[]; int test () { const struct sched_class* class = ((__end_sched_classes - 1)); return class->f; } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ trunk with -fanalyzer ICEs with: /tmp/t.c: In function ‘test’: /tmp/t.c:11:15: warning: buffer under-read [CWE-127] [-Wanalyzer-out-of-bounds] 11 | return class->f; | ~~~~~^~~ ‘test’: event 1 | | 11 | return class->f; | | ~~~~~^~~ | | | | | (1) out-of-bounds read from byte -4 till byte -1 but ‘__end_sched_classes’ starts at byte 0 | during IPA pass: analyzer /tmp/t.c:11:15: internal compiler error: Segmentation fault 11 | return class->f; | ~~~~~^~~ 0x10708aa crash_signal ../../src/gcc/toplev.cc:316 0x2299a65 tree_check6(tree_node*, char const*, int, char const*, tree_code, tree_code, tree_code, tree_code, tree_code, tree_code) ../../src/gcc/tree.h:3726 0x2299a65 ana::valid_region_spatial_item::add_boundaries(ana::boundaries&, ana::logger*) const ../../src/gcc/analyzer/access-diagram.cc:1337 0x229e2e0 ana::access_diagram_impl::find_boundaries() const ../../src/gcc/analyzer/access-diagram.cc:2197 0x229e2e0 ana::access_diagram_impl::access_diagram_impl(ana::access_operation const&, diagnostic_event_id_t, text_art::style_manager&, text_art::theme const&, ana::logger*) ../../src/gcc/analyzer/access-diagram.cc:2064 0x229283b std::enable_if<!std::is_array<ana::access_diagram_impl>::value, std::unique_ptr<ana::access_diagram_impl, std::default_delete<ana::access_diagram_impl> > >::type make_unique<ana::access_diagram_impl, ana::access_operation const&, diagnostic_event_id_t&, text_art::style_manager&, text_art::theme const&, ana::logger*&>(ana::access_operation const&, diagnostic_event_id_t&, text_art::style_manager&, text_art::theme const&, ana::logger*&) ../../src/gcc/make-unique.h:41 0x229283b ana::access_diagram::access_diagram(ana::access_operation const&, diagnostic_event_id_t, text_art::style_manager&, text_art::theme const&, ana::logger*) ../../src/gcc/analyzer/access-diagram.cc:2666 0x212b331 ana::out_of_bounds::make_access_diagram(ana::access_operation const&, text_art::style_manager&, text_art::theme const&, ana::logger*) const ../../src/gcc/analyzer/bounds-checking.cc:208 0x212b331 ana::out_of_bounds::maybe_show_diagram(ana::logger*) const ../../src/gcc/analyzer/bounds-checking.cc:187 0x212b803 ana::concrete_buffer_under_read::emit(ana::diagnostic_emission_context&) ../../src/gcc/analyzer/bounds-checking.cc:806 0x214ff37 ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph const&, ana::saved_diagnostic&) ../../src/gcc/analyzer/diagnostic-manager.cc:1617 0x2153ba6 ana::dedupe_winners::emit_best(ana::diagnostic_manager*, ana::exploded_graph const&) ../../src/gcc/analyzer/diagnostic-manager.cc:1472 0x215053f ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph const&) ../../src/gcc/analyzer/diagnostic-manager.cc:1524 0x1479be4 ana::impl_run_checkers(ana::logger*) ../../src/gcc/analyzer/engine.cc:6226 0x147ab56 ana::run_checkers() ../../src/gcc/analyzer/engine.cc:6300 0x146be6c execute ../../src/gcc/analyzer/analyzer-pass.cc:87 Please submit a full bug report, with preprocessed source (by using -freport-bug). Please include the complete backtrace with any bug report. See <https://gcc.gnu.org/bugs/> for instructions. Trunk: affected: https://godbolt.org/z/11axozEc1 GCC 13.2: not affected: https://godbolt.org/z/43sdrx9jf Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 [Bug 106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer