[Bug analyzer/106066] crash dump when "-fdump-analyzer" enabled

Fri, 24 Jun 2022 09:37:51 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066

--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Minimal reproducer for crash in comment #0 (crash in dump_mem_ref seen with
_do_poll:

struct s {
  unsigned int f;
};
int use(unsigned int);
static struct s *arr;

void test(int n) {
  int i;
  for (i = 0; i < n; i++) {
    unsigned int n, e;
    e = arr[i].f;
    n = e ? 42 : 0;
    use(n);
  }
}

$ ./xgcc -B. -fanalyzer -fdump-analyzer -O1
../../src/gcc/testsuite/gcc.dg/analyzer/pr106066.c
during IPA pass: analyzer
../../src/gcc/testsuite/gcc.dg/analyzer/pr106066.c:12:16: internal compiler
error: Segmentation fault
   12 |     n = e ? 42 : 0;
      |         ~~~~~~~^~~
0x13fac05 crash_signal
        ../../src/gcc/toplev.cc:322
0xa3c54f tree_class_check(tree_node*, tree_code_class, char const*, int, char
const*)
        ../../src/gcc/tree.h:3638
0x15428d7 dump_mem_ref
        ../../src/gcc/tree-pretty-print.cc:1700
0x1544ce3 dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool)
        ../../src/gcc/tree-pretty-print.cc:2061
0x1547439 dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool)
        ../../src/gcc/tree-pretty-print.cc:2425
0x19af603 ana::dump_tree(pretty_printer*, tree_node*)
        ../../src/gcc/analyzer/region-model.cc:87
0x19af646 ana::dump_quoted_tree(pretty_printer*, tree_node*)
        ../../src/gcc/analyzer/region-model.cc:97
0x199d935 ana::sm_state_map::print(ana::region_model const*, bool, bool,
pretty_printer*) const
        ../../src/gcc/analyzer/program-state.cc:240
0x199fa94 ana::program_state::dump_to_pp(ana::extrinsic_state const&, bool,
bool, pretty_printer*) const
        ../../src/gcc/analyzer/program-state.cc:899
0x19761d5 ana::exploded_graph::get_or_create_node(ana::program_point const&,
ana::program_state const&, ana::exploded_node*)
        ../../src/gcc/analyzer/engine.cc:2584
0x1978504
ana::exploded_graph::maybe_process_run_of_before_supernode_enodes(ana::exploded_node*)
        ../../src/gcc/analyzer/engine.cc:3447
0x1977706 ana::exploded_graph::process_worklist()
        ../../src/gcc/analyzer/engine.cc:3113
0x197d252 ana::impl_run_checkers(ana::logger*)
        ../../src/gcc/analyzer/engine.cc:5833
0x197d66b ana::run_checkers()
        ../../src/gcc/analyzer/engine.cc:5907
0x1970646 execute
        ../../src/gcc/analyzer/analyzer-pass.cc:88
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

Reply via email to