https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124232
Bug ID: 124232
Summary: internal compiler error: in mark_as_escaped, at
analyzer/store.cc:3467
Product: gcc
Version: 15.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: andrew at bower dot uk
Target Milestone: ---
Created attachment 63781
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=63781&action=edit
preprocessor output
internal compiler error: in mark_as_escaped, at analyzer/store.cc:3467
Compiling the following C source (a minimal reproducer) with -fanalyzer on
Debian unstable (amd64) produces an internal error.
/usr/lib/gcc-snapshot/bin/gcc -fanalyzer -freport-bug -v -save-temps c.c
#include <stdlib.h>
struct {
char s[16];
} e = { "a=b" };
int main(int, char *[]) {
return putenv(e.s);
}
Affected versions:
16.0.1 20260216
15.2.0
14.3.0
13.4.0
Unaffected versions:
12.5.0
11.5.0
Preprocessor output attached.
Output:
Using built-in specs.
COLLECT_GCC=/usr/lib/gcc-snapshot/bin/gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/16/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 20260216-1'
--with-bugurl=file:///usr/share/doc/gcc-snapshot/README.Bugs
--enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2,rust,cobol,algol68
--prefix=/usr/lib/gcc-snapshot --with-gcc-major-version-only --program-prefix=
--enable-shared --enable-linker-build-id --disable-nls --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-libstdcxx-backtrace
--enable-gnu-unique-object --disable-vtable-verify --enable-plugin
--with-system-zlib --enable-libphobos-checking=release
--with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch
--disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/reproducible-path/gcc-snapshot-20260216/debian/tmp-nvptx/usr/lib/gcc-snapshot,amdgcn-amdhsa=/build/reproducible-path/gcc-snapshot-20260216/debian/tmp-gcn/usr/lib/gcc-snapshot
--enable-offload-defaulted --without-cuda-driver
--enable-checking=yes,extra,rtl --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 16.0.1 20260216 (experimental) [trunk r16-7529-g5388fd3a3b6]
(Debian 20260216-1)
COLLECT_GCC_OPTIONS='-fanalyzer' '-freport-bug' '-v' '-save-temps'
'-mtune=generic' '-march=x86-64' '-dumpdir' 'a-'
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/16/cc1 -E -quiet -v
-imultiarch x86_64-linux-gnu c.c -mtune=generic -march=x86-64 -fanalyzer
-freport-bug -fpch-preprocess -o a-c.i
ignoring nonexistent directory "/usr/local/include/x86_64-linux-gnu"
ignoring nonexistent directory
"/usr/lib/gcc-snapshot/lib/gcc/x86_64-linux-gnu/16/include-fixed/x86_64-linux-gnu"
ignoring nonexistent directory
"/usr/lib/gcc-snapshot/lib/gcc/x86_64-linux-gnu/16/include-fixed"
ignoring nonexistent directory
"/usr/lib/gcc-snapshot/lib/gcc/x86_64-linux-gnu/16/../../../../x86_64-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:
/usr/lib/gcc-snapshot/lib/gcc/x86_64-linux-gnu/16/include
/usr/local/include
/usr/lib/gcc-snapshot/include
/usr/include/x86_64-linux-gnu
/usr/include
End of search list.
COLLECT_GCC_OPTIONS='-fanalyzer' '-freport-bug' '-v' '-save-temps'
'-mtune=generic' '-march=x86-64' '-dumpdir' 'a-'
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/16/cc1 -fpreprocessed a-c.i
-quiet -dumpdir a- -dumpbase c.c -dumpbase-ext .c -mtune=generic -march=x86-64
-version -fanalyzer -freport-bug -o a-c.s
GNU C23 (Debian 20260216-1) version 16.0.1 20260216 (experimental) [trunk
r16-7529-g5388fd3a3b6] (x86_64-linux-gnu)
compiled by GNU C version 16.0.1 20260216 (experimental) [trunk
r16-7529-g5388fd3a3b6], GMP version 6.3.0, MPFR version 4.2.2, MPC version
1.3.1, isl version isl-0.27-GMP
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
Compiler executable checksum: d6b01a52cbfb48db27040698922dac0a
during IPA pass: analyzer
c.c: In function 'main':
c.c:8:10: internal compiler error: in mark_as_escaped, at
analyzer/store.cc:3467
8 | return putenv(e.s);
| ^~~~~~~~~~~
0x2e8970f internal_error(char const*, ...)
../../src/gcc/diagnostic-global-context.cc:787
0xe98493 fancy_abort(char const*, int, char const*)
../../src/gcc/diagnostics/context.cc:1812
0x9a0bb1 ana::store::mark_as_escaped(ana::store_manager&, ana::region const*)
../../src/gcc/analyzer/store.cc:3467
0x1bc132f ana::kf_putenv::impl_call_pre(ana::call_details const&) const
../../src/gcc/analyzer/kf.cc:861
0x1bed3d9 ana::region_model::on_call_pre(gcall const&,
ana::region_model_context*)
../../src/gcc/analyzer/region-model.cc:2352
0x1bf163c ana::region_model::on_stmt_pre(gimple const*, bool*,
ana::region_model_context*)
../../src/gcc/analyzer/region-model.cc:1755
0x1bc9b8f ana::gimple_stmt_op::execute_on_state(ana::operation_context&,
ana::program_state) const
../../src/gcc/analyzer/ops.cc:378
0x1bca3e2 ana::call_and_return_op::execute(ana::operation_context&) const
../../src/gcc/analyzer/ops.cc:853
0x1ba9ddc ana::exploded_graph::process_node(ana::exploded_node*)
../../src/gcc/analyzer/engine.cc:3780
0x1baa32a ana::exploded_graph::process_worklist()
../../src/gcc/analyzer/engine.cc:3409
0x1bad1b1 ana::impl_run_checkers(ana::logger*)
../../src/gcc/analyzer/engine.cc:5269
0x1badcd6 ana::run_checkers()
../../src/gcc/analyzer/engine.cc:5360
0x1b9dcc8 execute
../../src/gcc/analyzer/analyzer-pass.cc:81
/usr/lib/gcc-snapshot/libexec/gcc/x86_64-linux-gnu/16/cc1 -fpreprocessed a-c.i
-quiet -dumpdir a- -dumpbase c.c -dumpbase-ext .c -mtune=generic -march=x86-64
-version -fanalyzer -freport-bug -o a-c.s
