[Bug analyzer/125380] New: ICE: in ana::bounded_ranges::eval_condition with -fanalyzer

Tue, 19 May 2026 06:57:57 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=125380

            Bug ID: 125380
           Summary: ICE: in ana::bounded_ranges::eval_condition with
                    -fanalyzer
           Product: gcc
           Version: 17.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: kito at gcc dot gnu.org
  Target Milestone: ---

Testcase:

```c
typedef struct {
  long a;
  long b;
} c;

long d;

void e (void)
{
  long a = d;
  switch (d) {
    case 0:
    case (long)&((c *)0)->b:
      *(long *)a = d;
  }
}
```

How to reproduce:

$ gcc test.c -fanalyzer

Affected versions:

trunk, 16.x 15.x, 14.x 

Backtrace:

during IPA pass: analyzer
<source>: In function 'e':
<source>:14:18: internal compiler error: tree check: expected integer_type or
enumeral_type or boolean_type or real_type or fixed_point_type or bitint_type,
have pointer_type in bounded_ranges, at analyzer/constraint-manager.cc:586
   14 |       *(long *)a = d;
      |       ~~~~~~~~~~~^~~
0x2652158 diagnostics::context::diagnostic_impl(rich_location*,
diagnostics::metadata const*, diagnostics::option_id, char const*,
__va_list_tag (*) [1], diagnostics::kind)
        ???:0
0x2646d9b internal_error(char const*, ...)
        ???:0
0x92e083 tree_check_failed(tree_node const*, char const*, int, char const*,
...)
        ???:0
0x2476f9f ana::bounded_ranges::eval_condition(tree_code, tree_node*,
ana::bounded_ranges_manager*) const
        ???:0
0x2477502 ana::constraint_manager::eval_condition(ana::svalue const*,
tree_code, ana::svalue const*) const
        ???:0
0x16ad41b ana::region_model::eval_condition(ana::svalue const*, tree_code,
ana::svalue const*) const
        ???:0
0x169232f
ana::operation::handle_on_stmt_for_state_machines(ana::operation_context&,
ana::program_state&, ana::path_context*, bool&, gimple const&)
        ???:0
0x1693ee4 ana::gimple_stmt_op::execute_on_state(ana::operation_context&,
ana::program_state) const
        ???:0
0x16942dd ana::gimple_stmt_op::execute(ana::operation_context&) const
        ???:0
0x1673227 ana::exploded_graph::process_node(ana::exploded_node*)
        ???:0
0x1673752 ana::exploded_graph::process_worklist()
        ???:0
0x1675e0f ana::impl_run_checkers(ana::logger*)
        ???:0
0x1676a96 ana::run_checkers()
        ???:0
/cefs/97/976a89135291b28f4909f325_gcc-trunk-20260519/bin/../libexec/gcc/x86_64-linux-gnu/17.0.0/cc1
-quiet -imultiarch x86_64-linux-gnu -iprefix
/cefs/97/976a89135291b28f4909f325_gcc-trunk-20260519/bin/../lib/gcc/x86_64-linux-gnu/17.0.0/
<source> -quiet -dumpdir /app/ -dumpbase output.c -dumpbase-ext .c -masm=intel
-mtune=generic -march=x86-64 -g -fdiagnostics-color=always -fno-verbose-asm
-fanalyzer -o /app/output.s
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
Compiler returned: 1

Reply via email to