https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113505
Bug ID: 113505 Summary: ICE: SIGSEGV in tree_class_check (tree.h:3766) with -O -fdump-analyzer -fanalyzer Product: gcc Version: 14.0 Status: UNCONFIRMED Keywords: ice-on-valid-code Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: zsojka at seznam dot cz Target Milestone: --- Host: x86_64-pc-linux-gnu Target: x86_64-pc-linux-gnu Created attachment 57160 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57160&action=edit auto-reduced testcase Compiler output: $ x86_64-pc-linux-gnu-gcc -O -fdump-analyzer -fanalyzer obj_dat.i -wrapper valgrind,-q ==17749== Invalid read of size 2 ==17749== at 0x15EC8C4: tree_class_check (tree.h:3766) ==17749== by 0x15EC8C4: dump_mem_ref(pretty_printer*, tree_node*, int, dump_flag) (tree-pretty-print.cc:1870) ==17749== by 0x15E17D4: dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool) (tree-pretty-print.cc:2255) ==17749== by 0x15E12FC: dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool) (tree-pretty-print.cc:3263) ==17749== by 0x15E6B3A: dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool) (tree-pretty-print.cc:3148) ==17749== by 0x15E6B1E: dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool) (tree-pretty-print.cc:3163) ==17749== by 0x19396C9: dump_tree (region-model.cc:95) ==17749== by 0x19396C9: ana::dump_quoted_tree(pretty_printer*, tree_node*) (region-model.cc:105) ==17749== by 0x192AB36: ana::sm_state_map::print(ana::region_model const*, bool, bool, pretty_printer*) const (program-state.cc:238) ==17749== by 0x192B0CE: ana::program_state::dump_to_pp(ana::extrinsic_state const&, bool, bool, pretty_printer*) const (program-state.cc:1000) ==17749== by 0x192B640: ana::program_state::detect_leaks(ana::program_state const&, ana::program_state const&, ana::svalue const*, ana::extrinsic_state const&, ana::region_model_context*) (program-state.cc:1492) ==17749== by 0x190DE15: ana::exploded_graph::process_node(ana::exploded_node*) (engine.cc:4138) ==17749== by 0x190ECBA: ana::exploded_graph::process_worklist() (engine.cc:3515) ==17749== by 0x1911415: ana::impl_run_checkers(ana::logger*) (engine.cc:6209) ==17749== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==17749== during IPA pass: analyzer obj_dat.i: In function 'OBJ_create_objects': obj_dat.i:13:27: internal compiler error: Segmentation fault 13 | while (__ctype_b_loc()[*l]) | ~~~~~~~~~~~~~~~^~~~ 0x150de9f crash_signal /repo/gcc-trunk/gcc/toplev.cc:317 0x15ec8c4 tree_class_check(tree_node*, tree_code_class, char const*, int, char const*) /repo/gcc-trunk/gcc/tree.h:3766 0x15ec8c4 dump_mem_ref /repo/gcc-trunk/gcc/tree-pretty-print.cc:1870 0x15e17d4 dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool) /repo/gcc-trunk/gcc/tree-pretty-print.cc:2255 0x15e12fc dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool) /repo/gcc-trunk/gcc/tree-pretty-print.cc:3263 0x15e6b3a dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool) /repo/gcc-trunk/gcc/tree-pretty-print.cc:3148 0x15e6b1e dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool) /repo/gcc-trunk/gcc/tree-pretty-print.cc:3163 0x19396c9 ana::dump_tree(pretty_printer*, tree_node*) /repo/gcc-trunk/gcc/analyzer/region-model.cc:95 0x19396c9 ana::dump_quoted_tree(pretty_printer*, tree_node*) /repo/gcc-trunk/gcc/analyzer/region-model.cc:105 0x192ab36 ana::sm_state_map::print(ana::region_model const*, bool, bool, pretty_printer*) const /repo/gcc-trunk/gcc/analyzer/program-state.cc:238 0x192b0ce ana::program_state::dump_to_pp(ana::extrinsic_state const&, bool, bool, pretty_printer*) const /repo/gcc-trunk/gcc/analyzer/program-state.cc:1000 0x192b640 ana::program_state::detect_leaks(ana::program_state const&, ana::program_state const&, ana::svalue const*, ana::extrinsic_state const&, ana::region_model_context*) /repo/gcc-trunk/gcc/analyzer/program-state.cc:1492 0x190de15 ana::exploded_graph::process_node(ana::exploded_node*) /repo/gcc-trunk/gcc/analyzer/engine.cc:4138 0x190ecba ana::exploded_graph::process_worklist() /repo/gcc-trunk/gcc/analyzer/engine.cc:3515 0x1911415 ana::impl_run_checkers(ana::logger*) /repo/gcc-trunk/gcc/analyzer/engine.cc:6209 0x19122db ana::run_checkers() /repo/gcc-trunk/gcc/analyzer/engine.cc:6300 0x1900f98 execute /repo/gcc-trunk/gcc/analyzer/analyzer-pass.cc:87 Please submit a full bug report, with preprocessed source (by using -freport-bug). Please include the complete backtrace with any bug report. See <https://gcc.gnu.org/bugs/> for instructions. $ x86_64-pc-linux-gnu-gcc -v Using built-in specs. COLLECT_GCC=/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r14-8284-20240119180625-g54519030b05-checking-yes-rtl-df-extra-nobootstrap-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/14.0.1/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++ --enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra --disable-bootstrap --with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld --with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch --prefix=/repo/gcc-trunk//binary-trunk-r14-8284-20240119180625-g54519030b05-checking-yes-rtl-df-extra-nobootstrap-amd64 Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 14.0.1 20240119 (experimental) (GCC)