[pushed] analyzer: fix ICE for 2 bits before the start of base region [PR112889]
Checks
Commit Message
Cncrete bindings were using -1 and -2 in the offset field to signify
deleted and empty hash slots, but these are valid values, leading to
assertion failures inside hash_map::put on a debug build, and probable
bugs in a release build.
(gdb) call k.dump(true)
start: -2, size: 1, next: -1
(gdb) p k.is_empty()
$6 = true
Fix by using the size field rather than the offset.
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Successful run of analyzer integration tests on x86_64-pc-linux-gnu.
Pushed to trunk as r14-6297-g775aeabcb870b7.
gcc/analyzer/ChangeLog:
PR analyzer/112889
* store.h (concrete_binding::concrete_binding): Strengthen
assertion to require size to be be positive, rather than just
non-zero.
(concrete_binding::mark_deleted): Use size rather than start bit
offset.
(concrete_binding::mark_empty): Likewise.
(concrete_binding::is_deleted): Likewise.
(concrete_binding::is_empty): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/112889
* c-c++-common/analyzer/ice-pr112889.c: New test.
---
gcc/analyzer/store.h | 10 +++++-----
.../c-c++-common/analyzer/ice-pr112889.c | 17 +++++++++++++++++
2 files changed, 22 insertions(+), 5 deletions(-)
create mode 100644 gcc/testsuite/c-c++-common/analyzer/ice-pr112889.c
@@ -377,7 +377,7 @@ public:
concrete_binding (bit_offset_t start_bit_offset, bit_size_t size_in_bits)
: m_bit_range (start_bit_offset, size_in_bits)
{
- gcc_assert (!m_bit_range.empty_p ());
+ gcc_assert (m_bit_range.m_size_in_bits > 0);
}
bool concrete_p () const final override { return true; }
@@ -419,10 +419,10 @@ public:
static int cmp_ptr_ptr (const void *, const void *);
- void mark_deleted () { m_bit_range.m_start_bit_offset = -1; }
- void mark_empty () { m_bit_range.m_start_bit_offset = -2; }
- bool is_deleted () const { return m_bit_range.m_start_bit_offset == -1; }
- bool is_empty () const { return m_bit_range.m_start_bit_offset == -2; }
+ void mark_deleted () { m_bit_range.m_size_in_bits = -1; }
+ void mark_empty () { m_bit_range.m_size_in_bits = -2; }
+ bool is_deleted () const { return m_bit_range.m_size_in_bits == -1; }
+ bool is_empty () const { return m_bit_range.m_size_in_bits == -2; }
private:
bit_range m_bit_range;
new file mode 100644
@@ -0,0 +1,17 @@
+typedef unsigned char __u8;
+struct sk_buff
+{
+ unsigned char *data;
+};
+struct cpl_pass_accept_req
+{
+ __u8 : 6;
+ __u8 sack : 1;
+};
+void build_cpl_pass_accept_req(struct sk_buff* skb)
+{
+ struct cpl_pass_accept_req* req;
+ skb->data -= sizeof(*req);
+ req = (struct cpl_pass_accept_req *)skb->data;
+ req->sack = 1;
+}