[Bug diagnostics/124014] New: [16 Regression] ICE: SIGSEGV in diagnostics::sarif_builder::ensure_sarif_logical_location_for (sarif-sink.cc:3068) with -fdiagnostics-format=sarif-file -flto -fbranch-probabilities

Sat, 07 Feb 2026 00:37:06 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124014

            Bug ID: 124014
           Summary: [16 Regression] ICE: SIGSEGV in
                    diagnostics::sarif_builder::ensure_sarif_logical_locat
                    ion_for (sarif-sink.cc:3068) with
                    -fdiagnostics-format=sarif-file -flto
                    -fbranch-probabilities
           Product: gcc
           Version: 16.0
            Status: UNCONFIRMED
          Keywords: ice-on-valid-code
          Severity: normal
          Priority: P3
         Component: diagnostics
          Assignee: dmalcolm at redhat dot com
          Reporter: zsojka at seznam dot cz
  Target Milestone: ---
              Host: x86_64-pc-linux-gnu
            Target: x86_64-pc-linux-gnu

Created attachment 63617
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=63617&action=edit
reduced testcase

Compiler output:
$ x86_64-pc-linux-gnu-gcc -fdiagnostics-format=sarif-file -flto
-fbranch-probabilities xxx.c

during IPA pass: profile
x86_64-pc-linux-gnu-gcc: internal compiler error: Segmentation fault signal
terminated program cc1
Segmentation fault        
/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc
-fdiagnostics-format=sarif-file -flto -fbranch-probabilities xxx.c


$ x86_64-pc-linux-gnu-gcc -fdiagnostics-format=sarif-file -flto
-fbranch-probabilities xxx.c -wrapper valgrind,-q,--num-callers=40
==21594== Invalid read of size 8
==21594==    at 0x2CC9A99:
diagnostics::sarif_builder::ensure_sarif_logical_location_for(diagnostics::logical_locations::key)
(sarif-sink.cc:3068)
==21594==    by 0x2CC9DF4:
diagnostics::sarif_builder::make_minimal_sarif_logical_location(diagnostics::logical_locations::key)
(sarif-sink.cc:3116)
==21594==    by 0x2CC9EB7:
diagnostics::sarif_builder::set_any_logical_locs_arr(diagnostics::sarif_location&,
diagnostics::logical_locations::key) (sarif-sink.cc:2313)
==21594==    by 0x2CCEB2D:
diagnostics::sarif_builder::make_location_object(diagnostics::sarif_location_manager*,
rich_location const&, diagnostics::logical_locations::key,
diagnostics::diagnostic_artifact_role) (sarif-sink.cc:2394)
==21594==    by 0x2CCF061:
diagnostics::sarif_builder::make_locations_arr(diagnostics::sarif_location_manager&,
diagnostics::diagnostic_info const&, diagnostics::diagnostic_artifact_role)
(sarif-sink.cc:2291)
==21594==    by 0x2CD329C:
diagnostics::sarif_builder::make_result_object(diagnostics::diagnostic_info
const&, diagnostics::kind, unsigned int) (sarif-sink.cc:2135)
==21594==    by 0x2CD3B73:
diagnostics::sarif_builder::on_report_diagnostic(diagnostics::diagnostic_info
const&, diagnostics::kind, diagnostics::sarif_sink_buffer*)
(sarif-sink.cc:1929)
==21594==    by 0x2CA9494:
diagnostics::context::report_diagnostic(diagnostics::diagnostic_info*)
(context.cc:1534)
==21594==    by 0x2CA9BBF:
diagnostics::context::diagnostic_impl(rich_location*, diagnostics::metadata
const*, diagnostics::option_id, char const*, __va_list_tag (*) [1],
diagnostics::kind) (context.cc:1688)
==21594==    by 0x2C9C11E: warning(diagnostics::option_id, char const*, ...)
(diagnostic-global-context.cc:247)
==21594==    by 0x106AB54: get_coverage_counts(unsigned int, unsigned int,
unsigned int, unsigned int) (coverage.cc:312)
==21594==    by 0x151C62D: get_exec_counts (profile.cc:255)
==21594==    by 0x151C62D: compute_branch_probabilities(unsigned int, unsigned
int) (profile.cc:464)
==21594==    by 0x151FAF0: branch_prob(bool) (profile.cc:1605)
==21594==    by 0x174487C: tree_profiling (tree-profile.cc:1945)
==21594==    by 0x174487C: (anonymous
namespace)::pass_ipa_tree_profile::execute(function*) (tree-profile.cc:2075)
==21594==    by 0x14E052F: execute_one_pass(opt_pass*) (passes.cc:2656)
==21594==    by 0x14E1A16: execute_ipa_pass_list(opt_pass*) (passes.cc:3118)
==21594==    by 0x105C2CA: ipa_passes (cgraphunit.cc:2244)
==21594==    by 0x105C2CA: symbol_table::compile() [clone .part.0]
(cgraphunit.cc:2367)
==21594==    by 0x105F902: compile (cgraphunit.cc:2345)
==21594==    by 0x105F902: symbol_table::finalize_compilation_unit()
(cgraphunit.cc:2626)
==21594==    by 0x1641E62: compile_file() (toplev.cc:482)
==21594==    by 0xE3473F: do_compile (toplev.cc:2225)
==21594==    by 0xE3473F: toplev::main(int, char**) (toplev.cc:2389)
==21594==    by 0xE3601A: main (main.cc:39)
==21594==  Address 0x4e834e0 is 16 bytes inside a block of size 24 free'd
==21594==    at 0x484CDC9: operator delete(void*, unsigned long)
(vg_replace_malloc.c:1184)
==21594==    by 0x2CA65BE:
diagnostics::context::set_client_data_hooks(std::unique_ptr<diagnostics::client_data_hooks,
std::default_delete<diagnostics::client_data_hooks> >) (context.cc:535)
==21594==    by 0x16A6D79: tree_diagnostics_defaults(diagnostics::context*)
(tree-diagnostic.cc:189)
==21594==    by 0x2AB5A86: free_lang_data (ipa-free-lang-data.cc:1188)
==21594==    by 0x2AB5A86: (anonymous
namespace)::pass_ipa_free_lang_data::execute(function*)
(ipa-free-lang-data.cc:1219)
==21594==    by 0x14E052F: execute_one_pass(opt_pass*) (passes.cc:2656)
==21594==    by 0x14E1A16: execute_ipa_pass_list(opt_pass*) (passes.cc:3118)
==21594==    by 0x105C2CA: ipa_passes (cgraphunit.cc:2244)
==21594==    by 0x105C2CA: symbol_table::compile() [clone .part.0]
(cgraphunit.cc:2367)
==21594==    by 0x105F902: compile (cgraphunit.cc:2345)
==21594==    by 0x105F902: symbol_table::finalize_compilation_unit()
(cgraphunit.cc:2626)
==21594==    by 0x1641E62: compile_file() (toplev.cc:482)
==21594==    by 0xE3473F: do_compile (toplev.cc:2225)
==21594==    by 0xE3473F: toplev::main(int, char**) (toplev.cc:2389)
==21594==    by 0xE3601A: main (main.cc:39)
==21594==  Block was alloc'd at
==21594==    at 0x484903F: operator new(unsigned long)
(vg_replace_malloc.c:488)
==21594==    by 0x16AA51D: make_unique<compiler_data_hooks> (unique_ptr.h:1084)
==21594==    by 0x16AA51D: make_compiler_data_hooks()
(tree-diagnostic-client-data-hooks.cc:177)
==21594==    by 0x16A6D6C: tree_diagnostics_defaults(diagnostics::context*)
(tree-diagnostic.cc:189)
==21594==    by 0xE33317: general_init (toplev.cc:1071)
==21594==    by 0xE33317: toplev::main(int, char**) (toplev.cc:2313)
==21594==    by 0xE3601A: main (main.cc:39)

$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-20260206203127-r16-7370-gfdd1d058f289ed-checking-yes-rtl-df-extra-nobootstrap-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/16.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--disable-bootstrap --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu
--target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --enable-libsanitizer
--disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-20260206203127-r16-7370-gfdd1d058f289ed-checking-yes-rtl-df-extra-nobootstrap-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 16.0.1 20260206 (experimental) (GCC)

Reply via email to