ci: fuzz_with_valgrind job broken #32276

issue fanquake opened this issue on April 15, 2025
  1. fanquake commented at 9:29 AM on April 15, 2025: member 
    [ 99%] Building CXX object src/test/fuzz/CMakeFiles/fuzz.dir/__/__/wallet/test/fuzz/fees.cpp.o
[ 99%] Building CXX object src/test/fuzz/CMakeFiles/fuzz.dir/__/__/wallet/test/fuzz/notifications.cpp.o
In file included from /usr/include/c++/13/span:41,
                 from /ci_container_base/src/span.h:10,
                 from /ci_container_base/src/util/feefrac.h:11,
                 from /ci_container_base/src/txgraph.h:10,
                 from /ci_container_base/src/test/fuzz/txgraph.cpp:5:
In member function ‘constexpr const std::array<_Tp, _Nm>::value_type& std::array<_Tp, _Nm>::operator[](size_type) const [with _Tp = long unsigned int; long unsigned int _Nm = 2]’,
    inlined from ‘constexpr bool bitset_detail::MultiIntBitSet<I, N>::operator[](unsigned int) const [with I = long unsigned int; unsigned int N = 2]’ at /ci_container_base/src/util/bitset.h:351:22,
    inlined from ‘void cluster_linearize::LinearizationChunking<SetType>::BuildChunks() [with SetType = bitset_detail::MultiIntBitSet<long unsigned int, 2>]’ at /ci_container_base/src/cluster_linearize.h:448:24:
/usr/include/c++/13/array:213:24: error: array subscript 2 is above array bounds of ‘std::__array_traits<long unsigned int, 2>::_Type’ {aka ‘const long unsigned int [2]’} [-Werror=array-bounds=]
  213 |         return _M_elems[__n];
      |                ~~~~~~~~^
/usr/include/c++/13/array: In member function ‘void cluster_linearize::LinearizationChunking<SetType>::BuildChunks() [with SetType = bitset_detail::MultiIntBitSet<long unsigned int, 2>]’:
/usr/include/c++/13/array:109:55: note: while referencing ‘std::array<long unsigned int, 2>::_M_elems’
  109 |       typename __array_traits<_Tp, _Nm>::_Type        _M_elems;
      |                                                       ^~~~~~~~
In member function ‘constexpr const std::array<_Tp, _Nm>::value_type& std::array<_Tp, _Nm>::operator[](size_type) const [with _Tp = long unsigned int; long unsigned int _Nm = 2]’,
    inlined from ‘constexpr bool bitset_detail::MultiIntBitSet<I, N>::operator[](unsigned int) const [with I = long unsigned int; unsigned int N = 2]’ at /ci_container_base/src/util/bitset.h:351:22,
    inlined from ‘void txgraph_fuzz_target(FuzzBufferType)’ at /ci_container_base/src/test/fuzz/txgraph.cpp:490:21:
/usr/include/c++/13/array:213:24: error: array subscript 2 is above array bounds of ‘std::__array_traits<long unsigned int, 2>::_Type’ {aka ‘const long unsigned int [2]’} [-Werror=array-bounds=]
  213 |         return _M_elems[__n];
      |                ~~~~~~~~^
/usr/include/c++/13/array: In function ‘void txgraph_fuzz_target(FuzzBufferType)’:
/usr/include/c++/13/array:109:55: note: while referencing ‘std::array<long unsigned int, 2>::_M_elems’
  109 |       typename __array_traits<_Tp, _Nm>::_Type        _M_elems;
      |                                                       ^~~~~~~~
cc1plus: all warnings being treated as errors
gmake[2]: *** [src/test/fuzz/CMakeFiles/fuzz.dir/build.make:1742: src/test/fuzz/CMakeFiles/fuzz.dir/txgraph.cpp.o] Error 1

    See also https://cirrus-ci.com/task/6404397107773440.

  2. maflcko commented at 9:47 AM on April 15, 2025: member

    This is a general bug in GCC (at least 13 and 14). I haven't tried GCC 11, 12, or 15. Also, I haven't looked into a minimal working reproducer, or upstream bugs, or fix, or workaround.

  3. maflcko added the label Upstream on Apr 15, 2025
  4. maflcko added the label CI failed on Apr 15, 2025
  5. maflcko commented at 7:29 PM on April 15, 2025: member

    It is a gcc-12 regression. Minimized so far:

    # cat <<EOF > src/test/fuzz/txgraph_min.cpp                                                                                                                                    
#include <cluster_linearize.h>
#include <txgraph.h>
#include <util/bitset.h>

#include <algorithm>
#include <map>
#include <memory>
#include <set>
#include <stdint.h>
#include <utility>

using namespace cluster_linearize;

struct SimTxGraph {
    static constexpr unsigned MAX_TRANSACTIONS = MAX_CLUSTER_COUNT_LIMIT * 2;
    using SetType = BitSet<MAX_TRANSACTIONS>;
    DepGraph<SetType> graph;
};

int main()
{
    SimTxGraph sim{};
    std::vector<DepGraphIndex> simlin;
    cluster_linearize::LinearizationChunking simlinchunk(sim.graph, simlin);
}
EOF

    # /usr/bin/ccache /usr/bin/g++-15  -DABORT_ON_FAILED_ASSUME -I./bld-cmake/src -I./src  -O2 -g -std=c++20   -Wall -Wextra   -o /tmp/o -c /b-c/src/test/fuzz/txgraph_min.cpp   
In file included from /usr/include/c++/15/span:46,
                 from ./src/span.h:10,
                 from ./src/crypto/chacha20.h:8,
                 from ./src/random.h:9,
                 from ./src/cluster_linearize.h:15,
                 from /b-c/src/test/fuzz/txgraph_min.cpp:1:
In member function 'constexpr const std::array<_Tp, _Nm>::value_type& std::array<_Tp, _Nm>::operator[](size_type) const [with _Tp = long unsigned int; long unsigned int _Nm = 2]',
    inlined from 'constexpr bool bitset_detail::MultiIntBitSet<I, N>::operator[](unsigned int) const [with I = long unsigned int; unsigned int N = 2]' at ./src/util/bitset.h:351:22,
    inlined from 'cluster_linearize::LinearizationChunking<SetType>::LinearizationChunking(const cluster_linearize::DepGraph<SetType>&, std::span<const unsigned int>) [with SetType = bitset_detail::MultiIntBitSet<long unsigned int, 2>]' at ./src/cluster_linearize.h:418:24:
/usr/include/c++/15/array:221:24: warning: array subscript 2 is above array bounds of 'std::__array_traits<long unsigned int, 2>::_Type' {aka 'const long unsigned int [2]'} [-Warray-bounds=]
  221 |         return _M_elems[__n];
      |                ~~~~~~~~^
/usr/include/c++/15/array: In constructor 'cluster_linearize::LinearizationChunking<SetType>::LinearizationChunking(const cluster_linearize::DepGraph<SetType>&, std::span<const unsigned int>) [with SetType = bitset_detail::MultiIntBitSet<long unsigned int, 2>]':
/usr/include/c++/15/array:117:55: note: while referencing 'std::array<long unsigned int, 2>::_M_elems'
  117 |       typename __array_traits<_Tp, _Nm>::_Type        _M_elems;
      |                                                       ^~~~~~~~
  6. sipa commented at 8:08 PM on April 15, 2025: member

    Weird.

  7. maflcko commented at 8:48 PM on April 15, 2025: member

    Weird.

    Yeah, trying to reduce it further shows that it is fragile, so I gave up for now. Also there are hundreds of those issues, so I am not sure if it is worth it to report: https://gcc.gnu.org/bugzilla/buglist.cgi?quicksearch=array-bounds

  8. maflcko commented at 7:20 AM on April 17, 2025: member

    I tried creduce, but at some point it seems to have transformed the false positive warning into a true positive warning.

  9. fanquake closed this on Apr 22, 2025
  10. fanquake referenced this in commit 8406a9f4f1 on Apr 22, 2025
Contributors
fanquakemaflckosipa
Labels
UpstreamCI failed
Linked (view graph)
#32325 ci: Add missing -Wno-error=array-bounds to valgrind fuzz
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-22 15:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me