Bug 102200 - [12 Regression] ICE on a min of a decl and pointer in a loop
Summary: [12 Regression] ICE on a min of a decl and pointer in a loop
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 12.0
: P1 normal
Target Milestone: 12.0
Assignee: Martin Sebor
URL:
Keywords: ice-on-valid-code, patch
Depends on:
Blocks: Wstringop-overflow
  Show dependency treegraph
 
Reported: 2021-09-04 11:25 UTC by David Binderman
Modified: 2021-09-17 16:39 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2021-09-04 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Binderman 2021-09-04 11:25:21 UTC
For this C source code:

long try_extension_len;
void try_extension_str() {
  char *curr = try_extension_str;
  char end = sizeof try_extension_str;
  while (try_extension_len) {
    if (curr < end)
      *curr = ';';
    if (curr > &end)
      curr = &end;
  }
}

compiled with recent gcc trunk and compiler flag -O2, does this:

during GIMPLE pass: strlen
bug754.c: In function ‘try_extension_str’:
bug754.c:2:6: internal compiler error: in put_ref, at pointer-query.cc:1351
    2 | void try_extension_str() {
      |      ^~~~~~~~~~~~~~~~~
0xc7696c pointer_query::put_ref(tree_node*, access_ref const&, int)
	../../trunk.git/gcc/pointer-query.cc:1351

The bug first seems to occur sometime between git hash 7a6f40d0452ec76e
and 9695e1c23be5b5c5. Only 21 commits.
Comment 1 Andrew Pinski 2021-09-04 14:38:28 UTC
(In reply to David Binderman from comment #0)
> The bug first seems to occur sometime between git hash 7a6f40d0452ec76e
> and 9695e1c23be5b5c5. Only 21 commits.

Most likely r12-3300-ece28da924dd

Confirmed.
Comment 2 Martin Liška 2021-09-05 19:10:41 UTC
Started really with r12-3300-gece28da924ddda8b.
Comment 3 Martin Sebor 2021-09-15 18:19:39 UTC
The pointer_query code assumes that both pointer operands of a MIN_EXPR and MAX_EXPR refer to the same object as required by the language.  The test case violates that assumption by setting curr to point to the function first and then comparing it to the address of the local variable end.  pointer_query simply needs to avoid making this assumption (ideally while also arranging for the invalid pointer relational expressions to be diagnosed).
Comment 5 GCC Commits 2021-09-17 16:38:37 UTC
The master branch has been updated by Martin Sebor <msebor@gcc.gnu.org>:

https://gcc.gnu.org/g:31e924c52f430d81f030a2fa9f60b73a5a0d2126

commit r12-3629-g31e924c52f430d81f030a2fa9f60b73a5a0d2126
Author: Martin Sebor <msebor@redhat.com>
Date:   Fri Sep 17 10:36:54 2021 -0600

    Better handle MIN/MAX_EXPR of unrelated objects [PR102200].
    
    Resolves:
    PR middle-end/102200 - ICE on a min of a decl and pointer in a loop
    
    gcc/ChangeLog:
    
            PR middle-end/102200
            * pointer-query.cc (access_ref::inform_access): Handle MIN/MAX_EXPR.
            (handle_min_max_size): Change argument.  Store original SSA_NAME for
            operands to potentially distinct (sub)objects.
            (compute_objsize_r): Adjust call to the above.
    
    gcc/testsuite/ChangeLog:
    
            PR middle-end/102200
            * gcc.dg/Wstringop-overflow-62.c: Adjust text of an expected note.
            * gcc.dg/Warray-bounds-89.c: New test.
            * gcc.dg/Wstringop-overflow-74.c: New test.
            * gcc.dg/Wstringop-overflow-75.c: New test.
            * gcc.dg/Wstringop-overflow-76.c: New test.
Comment 6 Martin Sebor 2021-09-17 16:39:47 UTC
Fixed.