[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 Jakub Jelinek changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED --- Comment #10 from Jakub Jelinek --- Should be fixed now.
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 --- Comment #9 from GCC Commits --- The releases/gcc-12 branch has been updated by Jakub Jelinek : https://gcc.gnu.org/g:febb86b366047e0ea48da85c9b52ee03878cb5bf commit r12-10059-gfebb86b366047e0ea48da85c9b52ee03878cb5bf Author: Jakub Jelinek Date: Mon Dec 18 09:59:28 2023 +0100 tree-object-size: Robustify alloc_size attribute handling [PR113013] The following testcase ICEs because we aren't careful enough with alloc_size attribute. We do check that such an argument exists (although wouldn't handle correctly functions with more than INT_MAX arguments), but didn't check that it is scalar integer, the ICE is trying to fold_convert a structure to sizetype. Given that the attribute can also appear on non-prototyped functions where the arguments aren't known, I don't see how the FE could diagnose that and because we already handle the case where argument doesn't exist, I think we should also verify the argument is scalar integer convertible to sizetype. Furthermore, given this is not just in diagnostics but used for code generation, I think it is better to punt on arguments with larger precision then sizetype, the upper bits are then truncated. The patch also fixes some formatting issues and avoids duplication of the fold_convert, plus removes unnecessary check for if (arg1 >= 0), that is always the case after if (arg1 < 0) return ...; 2023-12-18 Jakub Jelinek PR tree-optimization/113013 * tree-object-size.cc (alloc_object_size): Return size_unknown if corresponding argument(s) don't have integral type or have integral type with higher precision than sizetype. Don't check arg1 >= 0 uselessly. Compare argument indexes against gimple_call_num_args in unsigned type rather than int. Formatting fixes. * gcc.dg/pr113013.c: New test. (cherry picked from commit 5347263b347d02e875879ca40ca6e289ac178919)
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 --- Comment #8 from GCC Commits --- The releases/gcc-13 branch has been updated by Jakub Jelinek : https://gcc.gnu.org/g:2ea5a22b3e594cdf88e916b3df774883ce9dbc3a commit r13-8165-g2ea5a22b3e594cdf88e916b3df774883ce9dbc3a Author: Jakub Jelinek Date: Mon Dec 18 09:59:28 2023 +0100 tree-object-size: Robustify alloc_size attribute handling [PR113013] The following testcase ICEs because we aren't careful enough with alloc_size attribute. We do check that such an argument exists (although wouldn't handle correctly functions with more than INT_MAX arguments), but didn't check that it is scalar integer, the ICE is trying to fold_convert a structure to sizetype. Given that the attribute can also appear on non-prototyped functions where the arguments aren't known, I don't see how the FE could diagnose that and because we already handle the case where argument doesn't exist, I think we should also verify the argument is scalar integer convertible to sizetype. Furthermore, given this is not just in diagnostics but used for code generation, I think it is better to punt on arguments with larger precision then sizetype, the upper bits are then truncated. The patch also fixes some formatting issues and avoids duplication of the fold_convert, plus removes unnecessary check for if (arg1 >= 0), that is always the case after if (arg1 < 0) return ...; 2023-12-18 Jakub Jelinek PR tree-optimization/113013 * tree-object-size.cc (alloc_object_size): Return size_unknown if corresponding argument(s) don't have integral type or have integral type with higher precision than sizetype. Don't check arg1 >= 0 uselessly. Compare argument indexes against gimple_call_num_args in unsigned type rather than int. Formatting fixes. * gcc.dg/pr113013.c: New test. (cherry picked from commit 5347263b347d02e875879ca40ca6e289ac178919)
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 --- Comment #7 from GCC Commits --- The master branch has been updated by Jakub Jelinek : https://gcc.gnu.org/g:5347263b347d02e875879ca40ca6e289ac178919 commit r14-6654-g5347263b347d02e875879ca40ca6e289ac178919 Author: Jakub Jelinek Date: Mon Dec 18 09:59:28 2023 +0100 tree-object-size: Robustify alloc_size attribute handling [PR113013] The following testcase ICEs because we aren't careful enough with alloc_size attribute. We do check that such an argument exists (although wouldn't handle correctly functions with more than INT_MAX arguments), but didn't check that it is scalar integer, the ICE is trying to fold_convert a structure to sizetype. Given that the attribute can also appear on non-prototyped functions where the arguments aren't known, I don't see how the FE could diagnose that and because we already handle the case where argument doesn't exist, I think we should also verify the argument is scalar integer convertible to sizetype. Furthermore, given this is not just in diagnostics but used for code generation, I think it is better to punt on arguments with larger precision then sizetype, the upper bits are then truncated. The patch also fixes some formatting issues and avoids duplication of the fold_convert, plus removes unnecessary check for if (arg1 >= 0), that is always the case after if (arg1 < 0) return ...; 2023-12-18 Jakub Jelinek PR tree-optimization/113013 * tree-object-size.cc (alloc_object_size): Return size_unknown if corresponding argument(s) don't have integral type or have integral type with higher precision than sizetype. Don't check arg1 >= 0 uselessly. Compare argument indexes against gimple_call_num_args in unsigned type rather than int. Formatting fixes. * gcc.dg/pr113013.c: New test.
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 --- Comment #6 from Siddhesh Poyarekar --- Sorry I misread the reproducer as void *reallocarray(void) __attribute__((__alloc_size__(1))); Your fix looks fine to me, thanks.
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 Jakub Jelinek changed: What|Removed |Added Status|NEW |ASSIGNED Assignee|unassigned at gcc dot gnu.org |jakub at gcc dot gnu.org --- Comment #5 from Jakub Jelinek --- Created attachment 56885 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=56885=edit gcc14-pr113013.patch I don't see how FEs could do anything, especially on declarations like this where the argument types aren't specified. For attributes like this, it is generally responsibility of the function using those to use it only if they are sane, and after all, even the tree-object-size.cc code does that (e.g. verify that such argument exists at all). Just doesn't check that it is convertible to sizetype.
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 Richard Biener changed: What|Removed |Added Priority|P3 |P2
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 Siddhesh Poyarekar changed: What|Removed |Added Keywords|ice-on-valid-code |ice-on-invalid-code CC||siddhesh at gcc dot gnu.org --- Comment #4 from Siddhesh Poyarekar --- Agreed, the attribute is invalid and maybe the frontend needs to flag it early and flag an error.
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 --- Comment #3 from Andrew Pinski --- The use of __alloc_size__ here is definitely not well defined but GCC should NOT crash.
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 Andrew Pinski changed: What|Removed |Added Target Milestone|--- |12.4 --- Comment #2 from Andrew Pinski --- Most likely r12-6479-g404c787e2bfe8cae666b075ed903990ea452220e or r12-6482-g06bc1b0c539e3a60692d7432d15e701c38610f80 .
[Bug tree-optimization/113013] [12/13/14 regression] ICE in fold_convert_loc with -fsanitize=undefined
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113013 Andrew Pinski changed: What|Removed |Added Ever confirmed|0 |1 Keywords||ice-on-valid-code Status|UNCONFIRMED |NEW Last reconfirmed||2023-12-14 --- Comment #1 from Andrew Pinski --- Reduced slightly more: ``` struct _xPoint { short x; } xPoint; void *reallocarray() __attribute__((__alloc_size__(1))); struct _xPoint * miZeroLine_pspanInit; void miZeroLine_list_len(void) { miZeroLine_pspanInit = reallocarray(xPoint); miZeroLine_pspanInit->x = 0; } ``