| Summary: | [13 Regression] dup2 causes -fanalyzer ICE in valid_to_unchecked_state, at analyzer/sm-fd.cc:751 | ||
|---|---|---|---|
| Product: | gcc | Reporter: | Sergei Trofimovich <slyfox> |
| Component: | analyzer | Assignee: | Immad Mir <mir> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | asolokha, dmalcolm, mir, tlange |
| Priority: | P3 | ||
| Version: | 13.0 | ||
| Target Milestone: | 13.0 | ||
| Host: | Target: | ||
| Build: | Known to work: | ||
| Known to fail: | Last reconfirmed: | ||
| Bug Depends on: | |||
| Bug Blocks: | 106003 | ||
Thanks for filing this; almost certainly related to https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=6a11f2d974a912aaaedb0ce32cdfde10193003cd Immad, do you want to take a look? Sergei Trofimovich: Thanks for bringing the issue to our attention. Dave: I've sent a patch via gcc-patches. The master branch has been updated by Immad Mir <mir@gcc.gnu.org>: https://gcc.gnu.org/g:837142257cbde3cc03ee0dacd1d7b2fb4fa48bae commit r13-2023-g837142257cbde3cc03ee0dacd1d7b2fb4fa48bae Author: Immad Mir <mirimmad@outlook.com> Date: Thu Aug 11 21:45:54 2022 +0530 analyzer: fix ICE casued by dup2 in sm-fd.cc[PR106551] This patch fixes the ICE caused by valid_to_unchecked_state, at analyzer/sm-fd.cc by handling the m_start state in check_for_dup. Tested lightly on x86_64. gcc/analyzer/ChangeLog: PR analyzer/106551 * sm-fd.cc (check_for_dup): handle the m_start state when transitioning the state of LHS of dup, dup2 and dup3 call. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/fd-dup-1.c: New testcases. * gcc.dg/analyzer/fd-uninit-1.c: Remove bogus warning. Signed-off-by: Immad Mir <mirimmad@outlook.com> Hi Immad,
while testing my patch on coreutils [1], I encountered another ICE at the same line. I'm using the newest commit on the master at the time of writing this [2] (I've double-checked that I indeed have your fix included).
during IPA pass: analyzer
../lib/freopen.c: In function 'rpl_freopen':
../lib/freopen.c:82:19: internal compiler error: in valid_to_unchecked_state, at analyzer/sm-fd.cc:751
82 | if (dup2 (nullfd, fd) < 0)
| ^~~~~~~~~~~~~~~~~
0x7bc106 valid_to_unchecked_state
../../gcc/analyzer/sm-fd.cc:751
0x7bc106 valid_to_unchecked_state
../../gcc/analyzer/sm-fd.cc:742
0x7bc106 check_for_dup
../../gcc/analyzer/sm-fd.cc:990
0x12a5e8c on_stmt
../../gcc/analyzer/sm-fd.cc:805
0x124f4e4 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode const*, gimple const*, ana::program_state*, ana::uncertainty_t*, ana::path_context*)
../../gcc/analyzer/engine.cc:1449
0x1251f1b ana::exploded_graph::process_node(ana::exploded_node*)
../../gcc/analyzer/engine.cc:3868
0x1252dba ana::exploded_graph::process_worklist()
../../gcc/analyzer/engine.cc:3271
0x125514d ana::impl_run_checkers(ana::logger*)
../../gcc/analyzer/engine.cc:5912
0x125614e ana::run_checkers()
../../gcc/analyzer/engine.cc:5986
0x1245ee8 execute
../../gcc/analyzer/analyzer-pass.cc:87
[1] compiling coreutils commit: https://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commit;h=9f71f478ec6929d323c17f0482db8791de87b4fd
[2] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=fe4dc4f553d8639b0ce3465e5e6dcf61c1ae9752
Thanks for reporting the ICE, Tim. Dave: I have sent a patch via gcc-patches. The master branch has been updated by Immad Mir <mir@gcc.gnu.org>: https://gcc.gnu.org/g:ed7e7620188dc0e653815bdd40d8802bd5446638 commit r13-2051-ged7e7620188dc0e653815bdd40d8802bd5446638 Author: Immad Mir <mirimmad@outlook.com> Date: Mon Aug 15 22:21:27 2022 +0530 analyzer: fix for ICE in sm-fd.cc [PR106551] This patch fixes the ICE caused by valid_to_unchecked_state in sm-fd.cc by exiting early if first argument of any "dup" functions is invalid. gcc/analyzer/ChangeLog: PR analyzer/106551 * sm-fd.cc (check_for_dup): exit early if first argument is invalid for all dup functions. gcc/testsuite/ChangeLog: PR analyzer/106551 * gcc.dg/analyzer/fd-dup-1.c: New testcase. Signed-off-by: Immad Mir <mirimmad@outlook.com> (In reply to CVS Commits from comment #6) The patch was lightly tested on x86_64 Linux. Presumably fixed by the above commit; marking as resolved. |
This week's gcc started ICEing on libpipeline-1.5.4 upstream package. Minimal reproducer turned up by cvise: $ cat a.c.c extern int m; int dup2(int, int); void error(void); void max_active_pipelines_pdes(void) { if (dup2(m, 1)) error(); } $ gcc -g -O2 -Wall -c a.c.c -fanalyzer during IPA pass: analyzer a.c.c: In function 'max_active_pipelines_pdes': a.c.c:5:7: internal compiler error: in valid_to_unchecked_state, at analyzer/sm-fd.cc:751 5 | if (dup2(m, 1)) | ^~~~~~~~~~ 0x1ef7d74 diagnostic_impl(rich_location*, diagnostic_metadata const*, int, char const*, __va_list_tag (*) [1], diagnostic_t) ???:0 0x1ef89c6 internal_error(char const*, ...) ???:0 0x9023d4 fancy_abort(char const*, int, char const*) ???:0 0x85baa7 ana::(anonymous namespace)::fd_state_machine::check_for_dup(ana::sm_context*, ana::supernode const*, gimple const*, gcall const*, tree_node*, ana::(anonymous namespace)::dup) const [clone .cold] ???:0 0x135181c ana::(anonymous namespace)::fd_state_machine::on_stmt(ana::sm_context*, ana::supernode const*, gimple const*) const ???:0 0x12fcd74 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode const*, gimple const*, ana::program_state*, ana::uncertainty_t*, ana::path_context*) ???:0 0x12ff7ab ana::exploded_graph::process_node(ana::exploded_node*) ???:0 0x130064a ana::exploded_graph::process_worklist() ???:0 0x1302999 ana::impl_run_checkers(ana::logger*) ???:0 0x130394e ana::run_checkers() ???:0 0x12f37e8 (anonymous namespace)::pass_analyzer::execute(function*) ???:0 $ gcc -v |& unnix Using built-in specs. COLLECT_GCC=/<<NIX>>/gcc-13.0.0/bin/gcc COLLECT_LTO_WRAPPER=/<<NIX>>/gcc-13.0.0/libexec/gcc/x86_64-unknown-linux-gnu/13.0.0/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: Thread model: posix Supported LTO compression algorithms: zlib gcc version 13.0.0 20220807 (experimental) (GCC)