https://gcc.gnu.org/g:a1cb188cb2ca2ad3f4e837dba2967f323669d36e
commit r13-8750-ga1cb188cb2ca2ad3f4e837dba2967f323669d36e
Author: David Malcolm <dmalc...@redhat.com>
Date: Thu May 9 13:09:29 2024 -0400
analyzer: fix ICE for 2 bits before the start of base region [PR112889]
Cncrete bindings were using -1 and -2 in the offset field to signify
deleted and empty hash slots, but these are valid values, leading to
assertion failures inside hash_map::put on a debug build, and probable
bugs in a release build.
(gdb) call k.dump(true)
start: -2, size: 1, next: -1
(gdb) p k.is_empty()
$6 = true
Fix by using the size field rather than the offset.
Backported from commit r14-6297-g775aeabcb870b7 (moving the testcase
from c-c++-common to gcc.dg).
gcc/analyzer/ChangeLog:
PR analyzer/112889
* store.h (concrete_binding::concrete_binding): Strengthen
assertion to require size to be be positive, rather than just
non-zero.
(concrete_binding::mark_deleted): Use size rather than start bit
offset.
(concrete_binding::mark_empty): Likewise.
(concrete_binding::is_deleted): Likewise.
(concrete_binding::is_empty): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/112889
* gcc.dg/analyzer/ice-pr112889.c: New test.
Signed-off-by: David Malcolm <dmalc...@redhat.com>
Diff:
---
gcc/analyzer/store.h | 10 +++++-----
gcc/testsuite/gcc.dg/analyzer/ice-pr112889.c | 17 +++++++++++++++++
2 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/gcc/analyzer/store.h b/gcc/analyzer/store.h
index 7ded650b6088..6b06be29d8f6 100644
--- a/gcc/analyzer/store.h
+++ b/gcc/analyzer/store.h
@@ -368,7 +368,7 @@ public:
concrete_binding (bit_offset_t start_bit_offset, bit_size_t size_in_bits)
: m_bit_range (start_bit_offset, size_in_bits)
{
- gcc_assert (!m_bit_range.empty_p ());
+ gcc_assert (m_bit_range.m_size_in_bits > 0);
}
bool concrete_p () const final override { return true; }
@@ -409,10 +409,10 @@ public:
static int cmp_ptr_ptr (const void *, const void *);
- void mark_deleted () { m_bit_range.m_start_bit_offset = -1; }
- void mark_empty () { m_bit_range.m_start_bit_offset = -2; }
- bool is_deleted () const { return m_bit_range.m_start_bit_offset == -1; }
- bool is_empty () const { return m_bit_range.m_start_bit_offset == -2; }
+ void mark_deleted () { m_bit_range.m_size_in_bits = -1; }
+ void mark_empty () { m_bit_range.m_size_in_bits = -2; }
+ bool is_deleted () const { return m_bit_range.m_size_in_bits == -1; }
+ bool is_empty () const { return m_bit_range.m_size_in_bits == -2; }
private:
bit_range m_bit_range;
diff --git a/gcc/testsuite/gcc.dg/analyzer/ice-pr112889.c
b/gcc/testsuite/gcc.dg/analyzer/ice-pr112889.c
new file mode 100644
index 000000000000..e90a53e79baf
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/ice-pr112889.c
@@ -0,0 +1,17 @@
+typedef unsigned char __u8;
+struct sk_buff
+{
+ unsigned char *data;
+};
+struct cpl_pass_accept_req
+{
+ __u8 : 6;
+ __u8 sack : 1;
+};
+void build_cpl_pass_accept_req(struct sk_buff* skb)
+{
+ struct cpl_pass_accept_req* req;
+ skb->data -= sizeof(*req);
+ req = (struct cpl_pass_accept_req *)skb->data;
+ req->sack = 1;
+}
