[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

[ro at CeBiTec dot Uni-Bielefeld.DE via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483

--- Comment #7 from ro at CeBiTec dot Uni-Bielefeld.DE  ---
>   * out-of-bounds-diagram-3.c gets skipped on that machine due to 
> { dg-require-effective-target lp64 }
> "check_cached_effective_target lp64: returning 0 for unix"
>
> Is there a config/cfarm machine you see the out-of-bounds-diagram-3.c failure
> on?

GCC on Solaris is bi-arch by default, so this should be a matter of
running the testsuite with both -m32 and -m64, as described in
install.texi (Passing options and running multiple testsuites).

Since properly quoting RUNTESTFLAGS can be trick, I usually use a
site.exp instead like

global target_list

case "$target_triplet" in {
{ "sparc-*-solaris2*" } {
set target_list { "unix{,-m64}" }
}
}

and point the DEJAGNU env variable to its path.

[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

[dmalcolm at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483

--- Comment #6 from David Malcolm  ---
Thanks; let's keep using this PR for the stuff in comment #5.

I've been looking at these on gcc211 in the compile farm:
  * I see out-of-bounds-diagram-11.c failing as you describe (the overflow in
test6 isn't reported with g++ for some reason; it is for gcc)
  * out-of-bounds-diagram-3.c gets skipped on that machine due to 
{ dg-require-effective-target lp64 }
"check_cached_effective_target lp64: returning 0 for unix"

Is there a config/cfarm machine you see the out-of-bounds-diagram-3.c failure
on?

[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

[ro at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483

Rainer Orth  changed:

   What|Removed |Added

 Ever confirmed|0   |1
   Last reconfirmed||2024-02-29
 Resolution|FIXED   |---
 Status|RESOLVED|REOPENED

--- Comment #5 from Rainer Orth  ---
Thanks for the patch.  Last night's bootstrap showed that all C tests PASS now.

However, two of the tests FAIL when compiled as C++:

FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c  -std=c++98  (test for
warnings, line 25)
FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c  -std=c++98  at line 20
(test for warnings, line 19)
FAIL: c-c++-common/analyzer/out-of-bounds-diagram-3.c  -std=c++98  expected
multiline pattern lines 30-45

and same for -std=c++(14|17|20).  When compiling manually, there's no output at
all.

There's also

FAIL: c-c++-common/analyzer/out-of-bounds-diagram-11.c  -std=c++98  (test for
warnings, line 12)
FAIL: c-c++-common/analyzer/out-of-bounds-diagram-11.c  -std=c++98  expected
multiline pattern lines 18-36

Here's the full output:

/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:
In function ‘void test7(std::size_t)’:
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47:
warning: allocated buffer size is not a multiple of the pointee's size
[CWE-131] [-Wanalyzer-allocation-size]
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47:
note: (1) allocated ‘((size * 4) + 3)’ bytes and assigned to ‘int32_t*’ {aka
‘int*’} here; ‘sizeof (int32_t {aka int})’ is ‘4’
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:42:13:
warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds]
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:41:47:
note: (1) capacity: ‘((size * 4) + 3)’ bytes
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:42:13:
note: (2) write of 4 bytes at offset ‘(size * 4)’ exceeds the buffer

 ┌───┐
 │  write of ‘(int) 42’  │
 └───┘
   │   │
   │   │
   v   v
  ┌──┐┌──┐
  │ buffer allocated on stack at (1) ││after valid range │
  └──┘└──┘
  ├┬─┤├┬─┤
   │   │
   ╭───┴──╮  ╭─┴╮
   │capacity: ‘size * 4 + 3’ bytes│  │overflow of 1 byte│
   ╰──╯  ╰──╯

/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:
In function ‘char* test99(const char*, const char*)’:
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:80:25:
warning: heap-based buffer overflow [CWE-122] [-Wanalyzer-out-of-bounds]
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:74:44:
note: (1) capacity: ‘(len_x + len_y)’ bytes
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:75:3:
note: (2) following ‘false’ branch (when ‘result’ is non-NULL)...
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:77:20:
note: (3) ...to here
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-11.c:80:25:
note: (4) out-of-bounds write

I'm uncertain if this isn't another issue, though.

[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

[dmalcolm at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483

David Malcolm  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|UNCONFIRMED |RESOLVED

--- Comment #4 from David Malcolm  ---
Should be fixed by the above patch; closing.  Please reopen if you still see
these issues.

[Bug analyzer/110483] [14 Regression] Several gcc.dg/analyzer/out-of-bounds-diagram-*.c tests FAIL

[cvs-commit at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110483

--- Comment #3 from GCC Commits  ---
The master branch has been updated by David Malcolm :

https://gcc.gnu.org/g:939439a90f234f9e70d30240bf5c227eebe2b43f

commit r14-9199-g939439a90f234f9e70d30240bf5c227eebe2b43f
Author: David Malcolm 
Date:   Tue Feb 27 14:49:42 2024 -0500

analyzer: use correct format code for string literal indices
[PR110483,PR111802]

On e.g. gcc211 the use of "%li" with unsigned HOST_WIDE_INT led to this
warning:
../../src/gcc/analyzer/access-diagram.cc: In member function âvoid
ana::string_literal_spatial_item::add_column_for_byte(text_art::table&, const
ana::bit_to_table_map&, text_art::style_manager&, ana::byte_offset_t,
ana::byte_offset_t, int, int) constâ:
../../src/gcc/analyzer/access-diagram.cc:1909:40: warning: format â%liâ
expects argument of type âlong intâ, but argument 3 has type âlong long
unsigned intâ [-Wformat=]
  byte_idx_within_string.ulow ()));
^
and to all values being erroneously printed as "0".

Fixed thusly.

gcc/analyzer/ChangeLog:
PR analyzer/110483
PR analyzer/111802
* access-diagram.cc
(string_literal_spatial_item::add_column_for_byte): Use %wu for
printing unsigned HOST_WIDE_INT.

Signed-off-by: David Malcolm