[Bug analyzer/122626] New: ICE on SARIF output of g++.dg/analyzer/malloc.C

Mon, 10 Nov 2025 07:26:43 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122626

            Bug ID: 122626
           Summary: ICE on SARIF output of g++.dg/analyzer/malloc.C
           Product: gcc
           Version: 16.0
            Status: UNCONFIRMED
          Keywords: diagnostic, SARIF
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

Seen with recent trunk:

$ ./xgcc -B. -fanalyzer -S ../../src/gcc/testsuite/g++.dg/analyzer/malloc.C
-fdiagnostics-add-output=sarif
../../src/gcc/testsuite/g++.dg/analyzer/malloc.C: In function ‘void
test_1(void*)’:
../../src/gcc/testsuite/g++.dg/analyzer/malloc.C:9:8: warning: double-‘free’ of
‘ptr’ [CWE-415] [-Wanalyzer-double-free]
    9 |   free (ptr); /* { dg-warning "double-'free' of 'ptr'" } */
      |   ~~~~~^~~~~
  ‘void test_1(void*)’: events 1-2
    8 |   free (ptr);
      |   ~~~~~^~~~~
      |        |
      |        (1) first ‘free’ here
    9 |   free (ptr); /* { dg-warning "double-'free' of 'ptr'" } */
      |   ~~~~~~~~~~
      |        |
      |        (2) ⚠️  second ‘free’ here; first ‘free’ was at (1)
../../src/gcc/testsuite/g++.dg/analyzer/malloc.C: In constructor
‘s2::s2(void*)’:
../../src/gcc/testsuite/g++.dg/analyzer/malloc.C:18:10: warning: double-‘free’
of ‘v’ [CWE-415] [-Wanalyzer-double-free]
   18 |     free (v); // { dg-warning "double-'free' of 'v'" }
      |     ~~~~~^~~

during IPA pass: analyzer
../../src/gcc/testsuite/g++.dg/analyzer/malloc.C:8:8: internal compiler error:
in assert_valid_tree, at tree-logical-location.cc:38
    8 |   free (ptr);
      |   ~~~~~^~~~~

internal compiler error: error reporting routines re-entered.
0x2ccff4b internal_error(char const*, ...)
        ../../src/gcc/diagnostic-global-context.cc:787
0xe50aaf fancy_abort(char const*, int, char const*)
        ../../src/gcc/diagnostics/context.cc:1806
0xce2a2f assert_valid_tree
        ../../src/gcc/tree-logical-location.cc:38
0xce2a2f
tree_logical_location_manager::get_short_name(diagnostics::logical_locations::key)
const
        ../../src/gcc/tree-logical-location.cc:55
0x2d00229
diagnostics::sarif_builder::ensure_sarif_logical_location_for(diagnostics::logical_locations::key)
        ../../src/gcc/diagnostics/sarif-sink.cc:3019
0x2d003b5
diagnostics::sarif_builder::ensure_sarif_logical_location_for(diagnostics::logical_locations::key)
        ../../src/gcc/diagnostics/sarif-sink.cc:3039
0x2d003b5
diagnostics::sarif_builder::ensure_sarif_logical_location_for(diagnostics::logical_locations::key)
        ../../src/gcc/diagnostics/sarif-sink.cc:3039
0x2d004a3
diagnostics::sarif_builder::make_minimal_sarif_logical_location(diagnostics::logical_locations::key)
        ../../src/gcc/diagnostics/sarif-sink.cc:3067
0x2cfe035
diagnostics::sarif_builder::set_any_logical_locs_arr(diagnostics::sarif_location&,
diagnostics::logical_locations::key)
        ../../src/gcc/diagnostics/sarif-sink.cc:2264
0x2cfe464
diagnostics::sarif_builder::make_location_object(diagnostics::sarif_location_manager*,
rich_location const&, diagnostics::logical_locations::key,
diagnostics::diagnostic_artifact_role)
        ../../src/gcc/diagnostics/sarif-sink.cc:2345
0x2cfdf41
diagnostics::sarif_builder::make_locations_arr(diagnostics::sarif_location_manager&,
diagnostics::diagnostic_info const&, diagnostics::diagnostic_artifact_role)
        ../../src/gcc/diagnostics/sarif-sink.cc:2242
0x2cfba5a
diagnostics::sarif_ice_notification::sarif_ice_notification(diagnostics::diagnostic_info
const&, diagnostics::sarif_builder&, std::unique_ptr<json::object,
std::default_delete<json::object> >)
        ../../src/gcc/diagnostics/sarif-sink.cc:1499
0x2d0c3f3 std::_MakeUniq<diagnostics::sarif_ice_notification>::__single_object
std::make_unique<diagnostics::sarif_ice_notification,
diagnostics::diagnostic_info const&, diagnostics::sarif_builder&,
std::unique_ptr<json::object, std::default_delete<json::object> >
>(diagnostics::diagnostic_info const&, diagnostics::sarif_builder&,
std::unique_ptr<json::object, std::default_delete<json::object> >&&)
        /usr/include/c++/10/bits/unique_ptr.h:962
0x2cfaa13
diagnostics::sarif_invocation::add_notification_for_ice(diagnostics::diagnostic_info
const&, diagnostics::sarif_builder&, std::unique_ptr<json::object,
std::default_delete<json::object> >)
        ../../src/gcc/diagnostics/sarif-sink.cc:1065
0x2cfcda5
diagnostics::sarif_builder::on_report_diagnostic(diagnostics::diagnostic_info
const&, diagnostics::kind, diagnostics::sarif_sink_buffer*)
        ../../src/gcc/diagnostics/sarif-sink.cc:1874
0x2d0b298
diagnostics::sarif_sink::on_report_diagnostic(diagnostics::diagnostic_info
const&, diagnostics::kind)
        ../../src/gcc/diagnostics/sarif-sink.cc:4025
0x2cdd6b4
diagnostics::context::report_diagnostic(diagnostics::diagnostic_info*)
        ../../src/gcc/diagnostics/context.cc:1527
0x2cddb5e diagnostics::context::diagnostic_impl(rich_location*,
diagnostics::metadata const*, diagnostics::option_id, char const*,
__va_list_tag (*) [1], diagnostics::kind)
        ../../src/gcc/diagnostics/context.cc:1682
0x2ccff4b internal_error(char const*, ...)
        ../../src/gcc/diagnostic-global-context.cc:787
0xe50aaf fancy_abort(char const*, int, char const*)
        ../../src/gcc/diagnostics/context.cc:1806
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

Reply via email to