https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94028
Bug ID: 94028
Summary: ICE: in make_region_for_unexpected_tree_code, at
analyzer/region-model.cc:4786 with -fanalyzer
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Created attachment 47967
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=47967&action=edit
reduced testcase (from OpenTTD sources)
Compiler output:
$ x86_64-pc-linux-gnu-g++ -fanalyzer testcase.C
testcase.C: In function 'j* f(B*, int, bool)':
testcase.C:18:19: warning: leak of '<unknown>' [CWE-401]
[-Wanalyzer-malloc-leak]
18 | return calloc (b, sizeof (int));
| ~~~~~~~^~~~~~~~~~~~~~~~~
'j* f(B*, int, bool)': events 1-2
|
| 25 | j * f (B * b, int h, bool)
| | ^
| | |
| | (1) entry to 'f'
|......
| 28 | return new j (b, h);
| | ~
| | |
| | (2) calling 'j::operator new' from 'f'
|
+--> 'static void* j::operator new(long unsigned int)': events 3-4
|
| 16 | void *operator new (__SIZE_TYPE__ b)
| | ^~~~~~~~
| | |
| | (3) entry to 'j::operator new'
| 17 | {
| 18 | return calloc (b, sizeof (int));
| | ~
| | |
| | (4) allocated here
|
<------+
|
'j* f(B*, int, bool)': events 5-6
|
| 18 | return calloc (b, sizeof (int));
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) '<unknown>' leaks here; was allocated at (4)
|......
| 28 | return new j (b, h);
| | ^
| | |
| | (5) returning to 'f' from 'j::operator new'
|
testcase.C: In constructor 'j::j(B*, int)':
testcase.C:22:3: warning: leak of 'this' [CWE-401] [-Wanalyzer-malloc-leak]
22 | }
| ^
'j* f(B*, int, bool)': events 1-2
|
| 25 | j * f (B * b, int h, bool)
| | ^
| | |
| | (1) entry to 'f'
|......
| 28 | return new j (b, h);
| | ~
| | |
| | (2) calling 'j::operator new' from 'f'
|
+--> 'static void* j::operator new(long unsigned int)': events 3-4
|
| 16 | void *operator new (__SIZE_TYPE__ b)
| | ^~~~~~~~
| | |
| | (3) entry to 'j::operator new'
| 17 | {
| 18 | return calloc (b, sizeof (int));
| | ~
| | |
| | (4) allocated here
|
<------+
|
'j* f(B*, int, bool)': events 5-7
|
| 28 | return new j (b, h);
| | ^
| | |
| | (5) returning to 'f' from 'j::operator new'
| | (6) allocated here
| | (7) calling 'j::j' from 'f'
|
+--> 'j::j(B*, int)': events 8-9
|
| 20 | j (B *, int)
| | ^
| | |
| | (8) entry to 'j::j'
| 21 | {
| 22 | }
| | ~
| | |
| | (9) 'this' leaks here; was allocated at (6)
|
during IPA pass: analyzer
testcase.C: At global scope:
testcase.C:28:21: internal compiler error: in
make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786
28 | return new j (b, h);
| ^
0x84d2a3
ana::region_model::make_region_for_unexpected_tree_code(ana::region_model_context*,
tree_node*, dump_location_t const&)
/repo/gcc-trunk/gcc/analyzer/region-model.cc:4786
0x15a7293 ana::region_model::get_lvalue_1(ana::path_var,
ana::region_model_context*)
/repo/gcc-trunk/gcc/analyzer/region-model.cc:4650
0x15a77d3 ana::region_model::get_lvalue(ana::path_var,
ana::region_model_context*)
/repo/gcc-trunk/gcc/analyzer/region-model.cc:4811
0x1d2c3e5 get_any_origin
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:579
0x1d2c3e5 get_any_origin
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:565
0x1d2e5f7 ana::diagnostic_manager::prune_for_sm_diagnostic(ana::checker_path*,
ana::state_machine const*, tree_node*, unsigned int) const
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:1132
0x1d2eb5e ana::diagnostic_manager::prune_path(ana::checker_path*,
ana::state_machine const*, tree_node*, unsigned int) const
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:1056
0x1d2ed15 ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph
const&, ana::saved_diagnostic const&, ana::exploded_path const&, gimple const*,
int)
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:520
0x1d30dbe ana::dedupe_winners::emit_best(ana::diagnostic_manager*,
ana::exploded_graph const&)
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:446
0x1d2f08f ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph
const&)
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:489
0x1589c5e ana::impl_run_checkers(ana::logger*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:3807
0x158a6ac ana::run_checkers()
/repo/gcc-trunk/gcc/analyzer/engine.cc:3850
0x157f7f8 execute
/repo/gcc-trunk/gcc/analyzer/analyzer-pass.cc:84
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
$ x86_64-pc-linux-gnu-g++ -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest/bin/x86_64-pc-linux-gnu-g++
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r10-7009-20200304090159-g8e480ec1ddb-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/10.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu
--with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r10-7009-20200304090159-g8e480ec1ddb-checking-yes-rtl-df-extra-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 10.0.1 20200304 (experimental) (GCC)
