https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94047
Bug ID: 94047
Summary: ICE: SIGSEGV in ana::region_model::get_lvalue_1() with
-fanalyzer
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Created attachment 47977
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=47977&action=edit
reduced testcase (from OpenTTD sources)
Compiler output:
$ x86_64-pc-linux-gnu-gcc -fanalyzer testcase.c -wrapper valgrind,-q
==15011== Invalid read of size 2
==15011== at 0x135C2BE: ana::region_model::get_lvalue_1(ana::path_var,
ana::region_model_context*) (region-model.cc:4799)
==15011== by 0x135C503: ana::region_model::get_lvalue(ana::path_var,
ana::region_model_context*) (region-model.cc:4880)
==15011== by 0x135DB1C: ana::region_model::get_rvalue_1(ana::path_var,
ana::region_model_context*) (region-model.cc:4946)
==15011== by 0x135DBF3: ana::region_model::get_rvalue(ana::path_var,
ana::region_model_context*) (region-model.cc:4960)
==15011== by 0x1340FC9: ana::impl_sm_context::warn_for_state(ana::supernode
const*, gimple const*, tree_node*, unsigned int, ana::pending_diagnostic*)
(engine.cc:278)
==15011== by 0x136BF02: ana::(anonymous
namespace)::malloc_state_machine::on_stmt(ana::sm_context*, ana::supernode
const*, gimple const*) const (sm-malloc.cc:737)
==15011== by 0x133D146: ana::exploded_node::on_stmt(ana::exploded_graph&,
ana::supernode const*, gimple const*, ana::program_state*, ana::state_change*)
const (engine.cc:1086)
==15011== by 0x133D961:
ana::exploded_graph::process_node(ana::exploded_node*) (engine.cc:2516)
==15011== by 0x133E00A: ana::exploded_graph::process_worklist()
(engine.cc:2334)
==15011== by 0x133E8C9: ana::impl_run_checkers(ana::logger*)
(engine.cc:3785)
==15011== by 0x133F30C: ana::run_checkers() (engine.cc:3842)
==15011== by 0x13344A8: (anonymous
namespace)::pass_analyzer::execute(function*) (analyzer-pass.cc:84)
==15011== by 0xEED917: execute_one_pass(opt_pass*) (passes.c:2502)
==15011== by 0xEEED66: execute_ipa_pass_list(opt_pass*) (passes.c:2929)
==15011== by 0xB57B0F: ipa_passes (cgraphunit.c:2660)
==15011== by 0xB57B0F: symbol_table::compile() [clone .part.0]
(cgraphunit.c:2737)
==15011== by 0xB599FC: compile (cgraphunit.c:2717)
==15011== by 0xB599FC: symbol_table::finalize_compilation_unit()
(cgraphunit.c:2984)
==15011== by 0xFE1D3E: compile_file() (toplev.c:483)
==15011== by 0x9BDB58: do_compile (toplev.c:2273)
==15011== by 0x9BDB58: toplev::main(int, char**) (toplev.c:2412)
==15011== by 0x9C16FE: main (main.c:39)
==15011== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==15011==
during IPA pass: analyzer
testcase.c: In function 'bar':
testcase.c:9:14: internal compiler error: Segmentation fault
9 | l->next = l->next->next;
| ~^~~~~~
Please submit a full bug report,
with preprocessed source if appropriate.
See <https://gcc.gnu.org/bugs/> for instructions.
$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r10-7034-20200304181931-gcb2409c60ae-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/10.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu
--with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r10-7034-20200304181931-gcb2409c60ae-checking-yes-rtl-df-extra-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 10.0.1 20200305 (experimental) (GCC)
