[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 --- Comment #12 from David Malcolm --- (In reply to pmatos from comment #11) > (In reply to David Malcolm from comment #10) > > Should be fixed by the above commit. > > David, does this mean the analyzer has C++ support now or just that this > specific bug is fixed in-tree? The latter. I don't expect the analyzer to be useful with C++ in this release (I'm just fixing the ICE in a way that will help with supporting C++ in the future).
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 --- Comment #11 from pmatos at gcc dot gnu.org --- (In reply to David Malcolm from comment #10) > Should be fixed by the above commit. David, does this mean the analyzer has C++ support now or just that this specific bug is fixed in-tree?
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 David Malcolm changed: What|Removed |Added Status|WAITING |RESOLVED Resolution|--- |FIXED --- Comment #10 from David Malcolm --- Should be fixed by the above commit.
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 --- Comment #9 from CVS Commits --- The master branch has been updated by David Malcolm : https://gcc.gnu.org/g:91f993b7e31ce85676148dca180bc0d827d4245e commit r10-6590-g91f993b7e31ce85676148dca180bc0d827d4245e Author: David Malcolm Date: Wed Feb 5 21:29:04 2020 -0500 analyzer: use ultimate alias target at calls (PR 93288) PR analyzer/93288 reports an ICE in a C++ testcase when calling a constructor. The issue is that when building the supergraph, we encounter the cgraph edge to "__ct_comp ", the DECL_COMPLETE_CONSTRUCTOR_P, and this node's DECL_STRUCT_FUNCTION has a NULL CFG, which the analyzer reads through, leading to the ICE. This patch reworks function and fndecl lookup at calls throughout the analyzer so that it looks for the ultimate_alias_target of the callee. In the case above, this means using the "__ct_base " for the ctor, which has a CFG, fixing the ICE. Getting this right allows for some simple C++ cases involving ctors to work, so the patch also adds some test coverage for that. gcc/analyzer/ChangeLog: PR analyzer/93288 * analysis-plan.cc (analysis_plan::use_summary_p): Look through the ultimate_alias_target when getting the called function. * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to "sm_ctxt". Use the region_model's get_fndecl_for_call rather than gimple_call_fndecl. * region-model.cc (region_model::get_fndecl_for_call): Use ultimate_alias_target on fndecl. * supergraph.cc (get_ultimate_function_for_cgraph_edge): New function. (supergraph_call_edge): Use it when rejecting edges without functions. (supergraph::supergraph): Use it to get the function for the cgraph_edge when building interprocedural superedges. (callgraph_superedge::get_callee_function): Use it. * supergraph.h (supergraph::get_num_snodes): Make param const. (supergraph::function_to_num_snodes_t): Make first type param const. gcc/testsuite/ChangeLog: PR analyzer/93288 * g++.dg/analyzer/malloc.C: Add test coverage for a double-free called in a constructor. * g++.dg/analyzer/pr93288.C: New test.
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 --- Comment #8 from CVS Commits --- The master branch has been updated by David Malcolm : https://gcc.gnu.org/g:35e24106fc1b782e70f8339e0a1321a2bc7a7f15 commit r10-6588-g35e24106fc1b782e70f8339e0a1321a2bc7a7f15 Author: David Malcolm Date: Thu Nov 21 12:30:45 2019 -0500 analyzer: g++ testsuite support PR analyzer/93288 reports a C++-specific ICE with -fanalyzer. This patch creates the beginnings of a C++ test suite for the analyzer, so that there's a place to put test coverage for the fix. It adds a regression test for PR analyzer/93212, an ICE fixed in r10-5970-g32077b693df8e3ed0424031a322df23822bf2f7e. gcc/testsuite/ChangeLog: PR analyzer/93212 * g++.dg/analyzer/analyzer.exp: New subdirectory and .exp suite. * g++.dg/analyzer/malloc.C: New test. * g++.dg/analyzer/pr93212.C: New test.
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 David Malcolm changed: What|Removed |Added Status|ASSIGNED|WAITING
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 David Malcolm changed: What|Removed |Added Keywords||patch --- Comment #7 from David Malcolm --- Candidate patch: https://gcc.gnu.org/ml/gcc-patches/2020-02/msg00398.html
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 David Malcolm changed: What|Removed |Added Status|SUSPENDED |ASSIGNED --- Comment #6 from David Malcolm --- Jakub convinced me that we shouldn't "sorry" on C++: https://gcc.gnu.org/ml/gcc-patches/2020-02/msg00273.html
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 --- Comment #5 from David Malcolm --- (In reply to Martin Liška from comment #4) > (In reply to David Malcolm from comment #3) > > Marking status as SUSPENDED for now and setting Target Milestone to 11 (in > > the hope of adding c++ support to the analyzer in gcc 11). > > Can't we call a sorry function in C++ situation so that we don't ICE? Agreed; filed as PR 93392.
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 --- Comment #4 from Martin Liška --- (In reply to David Malcolm from comment #3) > Marking status as SUSPENDED for now and setting Target Milestone to 11 (in > the hope of adding c++ support to the analyzer in gcc 11). Can't we call a sorry function in C++ situation so that we don't ICE?
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 David Malcolm changed: What|Removed |Added Status|ASSIGNED|SUSPENDED Target Milestone|--- |11.0 --- Comment #3 from David Malcolm --- Marking status as SUSPENDED for now and setting Target Milestone to 11 (in the hope of adding c++ support to the analyzer in gcc 11).
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 Martin Liška changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2020-01-20 CC||marxin at gcc dot gnu.org Ever confirmed|0 |1
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 --- Comment #2 from pmatos at gcc dot gnu.org --- (In reply to David Malcolm from comment #1) > Note that C++ is out-of-scope for the analyzer for GCC 10. > > Program received signal SIGSEGV, Segmentation fault. > 0x01cb37ed in supergraph::supergraph (this=0x7fffcda0, > logger=0x0) > at ../../src/gcc/analyzer/supergraph.cc:180 > 180 = ENTRY_BLOCK_PTR_FOR_FN (edge->callee->get_fun ()); > Missing separate debuginfos, use: dnf debuginfo-install > gmp-6.1.2-10.fc30.x86_64 libmpc-1.1.0-3.fc30.x86_64 > libzstd-1.4.2-1.fc30.x86_64 mpfr-3.1.6-4.fc30.x86_64 > > (gdb) p edge->callee > $1 = > > (gdb) p edge->callee->get_fun()->cfg > $4 = (control_flow_graph *) 0x0 > > So it's a segfault reading through a NULL cfg pointer. Ah - sorry. I was not aware of that. :) I will test it on C only for now then. Thanks. Feel free to close this if you wish.
[Bug analyzer/93288] ICE in supergraph.cc:180
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93288 --- Comment #1 from David Malcolm --- Note that C++ is out-of-scope for the analyzer for GCC 10. Program received signal SIGSEGV, Segmentation fault. 0x01cb37ed in supergraph::supergraph (this=0x7fffcda0, logger=0x0) at ../../src/gcc/analyzer/supergraph.cc:180 180 = ENTRY_BLOCK_PTR_FOR_FN (edge->callee->get_fun ()); Missing separate debuginfos, use: dnf debuginfo-install gmp-6.1.2-10.fc30.x86_64 libmpc-1.1.0-3.fc30.x86_64 libzstd-1.4.2-1.fc30.x86_64 mpfr-3.1.6-4.fc30.x86_64 (gdb) p edge->callee $1 = (gdb) p edge->callee->get_fun()->cfg $4 = (control_flow_graph *) 0x0 So it's a segfault reading through a NULL cfg pointer.