https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112889
--- Comment #2 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:775aeabcb870b74e4d0986341c7a39add9bbb06d commit r14-6297-g775aeabcb870b74e4d0986341c7a39add9bbb06d Author: David Malcolm <dmalc...@redhat.com> Date: Thu Dec 7 19:42:45 2023 -0500 analyzer: fix ICE for 2 bits before the start of base region [PR112889] Cncrete bindings were using -1 and -2 in the offset field to signify deleted and empty hash slots, but these are valid values, leading to assertion failures inside hash_map::put on a debug build, and probable bugs in a release build. (gdb) call k.dump(true) start: -2, size: 1, next: -1 (gdb) p k.is_empty() $6 = true Fix by using the size field rather than the offset. gcc/analyzer/ChangeLog: PR analyzer/112889 * store.h (concrete_binding::concrete_binding): Strengthen assertion to require size to be be positive, rather than just non-zero. (concrete_binding::mark_deleted): Use size rather than start bit offset. (concrete_binding::mark_empty): Likewise. (concrete_binding::is_deleted): Likewise. (concrete_binding::is_empty): Likewise. gcc/testsuite/ChangeLog: PR analyzer/112889 * c-c++-common/analyzer/ice-pr112889.c: New test. Signed-off-by: David Malcolm <dmalc...@redhat.com>
