Command line: $ gcc -std=gnu++0x -O -fno-inline -fipa-cp -fipa-cp-clone -fcompare-debug testcase.C Related valgrind output: $ valgrind -q --trace-children=yes /mnt/svn/gcc-trunk/binary-163921-lto-fortran-checking-yes-rtl-df/bin/gcc -std=gnu++0x -O1 -fno-inline -fipa-cp -fipa-cp-clone -fcompare-debug testcase.C ==29279== Invalid read of size 8 ==29279== at 0x5D244C: cp_build_unary_op (typeck.c:5083) ==29279== by 0x4E0E81: build_new_method_call (call.c:6461) ==29279== by 0x53C33D: tsubst_copy_and_build (pt.c:12572) ==29279== by 0x52D1B8: tsubst_expr (pt.c:12054) ==29279== by 0x533C43: tsubst (pt.c:10696) ==29279== by 0x5961E0: dump_function_decl (error.c:315) ==29279== by 0x5968F8: decl_as_string (error.c:2372) ==29279== by 0x612CA9: cxx_printable_name_internal (tree.c:1440) ==29279== by 0xAA375D: dump_enumerated_decls (tree-ssa-live.c:1268) ==29279== by 0xA406F8: execute_cleanup_cfg_post_optimizing (tree-optimize.c:214) ==29279== by 0x8FD47E: execute_one_pass (passes.c:1569) ==29279== by 0x8FD724: execute_pass_list (passes.c:1624) ==29279== Address 0x20 is not stack'd, malloc'd or (recently) free'd ==29279== gcc: internal compiler error: Segmentation fault (program cc1plus) Please submit a full bug report, with preprocessed source if appropriate. See <http://gcc.gnu.org/bugs.html> for instructions. Tested revisions: r163921 - crash r163636 - crash r161659 - OK r161170 - OK 4.5 r163761 - OK
Created attachment 21715 [details] reduced testcase (from libstdc++-v3/testsuite/21_strings/basic_string/range_access.cc) $ gcc -std=gnu++0x -O -fno-inline -fipa-cp -fipa-cp-clone -fcompare-debug pr45562.C
It is caused by revision 162911: http://gcc.gnu.org/ml/gcc-cvs/2010-08/msg00122.html
This is the full backtrace: #0 0x081e945d in cp_build_unary_op (code=ADDR_EXPR, xarg=0xb76d0dac, noconvert=0, complain=3) at /home/mjambor/gcc/icln/gcc/cp/typeck.c:5091 #1 0x080d10b3 in build_this (obj=0xb76d7898) at /home/mjambor/gcc/icln/gcc/cp/call.c:2738 #2 0x080dfaf5 in build_new_method_call (instance=0xb76d0dac, fns=0xb76d0dc8, args=0xbfffe8d0, conversion_path=0xb776e000, flags=3, fn_p=0x0, complain=0) at /home/mjambor/gcc/icln/gcc/cp/call.c:6482 #3 0x0812f34c in tsubst_copy_and_build (t=0xb76d1774, args=0xb775de88, complain=0, in_decl=0x0, function_p=0 '\000', integral_constant_expression_p=0 '\000') at /home/mjambor/gcc/icln/gcc/cp/pt.c:12587 #4 0x0813a8b6 in tsubst_expr (t=0xb76d1774, args=<value optimized out>, complain=<value optimized out>, in_decl=0x0, integral_constant_expression_p=<value optimized out>) at /home/mjambor/gcc/icln/gcc/cp/pt.c:12069 #5 0x08132dbc in tsubst (t=0xb7763f60, args=0xb775de88, complain=0, in_decl=0x0) at /home/mjambor/gcc/icln/gcc/cp/pt.c:10697 #6 0x081a7e24 in dump_template_bindings (typenames=<value optimized out>, args=<value optimized out>, parms=<value optimized out>) at /home/mjambor/gcc/icln/gcc/cp/error.c:315 #7 dump_function_decl (typenames=<value optimized out>, args=<value optimized out>, parms=<value optimized out>) at /home/mjambor/gcc/icln/gcc/cp/error.c:1346 #8 0x081a95f8 in decl_as_string (decl=0xb7766a80, flags=4) at /home/mjambor/gcc/icln/gcc/cp/error.c:2372 #9 0x08233b8b in cxx_printable_name_internal (decl=0xb7766a80, v=0, translate=152 '\230') at /home/mjambor/gcc/icln/gcc/cp/tree.c:1445 #10 0x0843aba9 in current_function_name () at /home/mjambor/gcc/icln/gcc/function.c:5635 #11 0x08668ed0 in dump_enumerated_decls (file=0x8d8c670, flags=1048576) at /home/mjambor/gcc/icln/gcc/tree-ssa-live.c:1268 #12 0x0860387c in execute_cleanup_cfg_post_optimizing () at /home/mjambor/gcc/icln/gcc/tree-optimize.c:214 #13 0x084fe5e9 in execute_one_pass (pass=0x8c42820) at /home/mjambor/gcc/icln/gcc/passes.c:1573 #14 0x084fe89d in execute_pass_list (pass=0x8c42820) at /home/mjambor/gcc/icln/gcc/passes.c:1628 #15 0x08603a8a in tree_rest_of_compilation (fndecl=0xb7766a80) at /home/mjambor/gcc/icln/gcc/tree-optimize.c:452 #16 0x087afdbc in cgraph_expand_function (node=<value optimized out>) at /home/mjambor/gcc/icln/gcc/cgraphunit.c:1477 #17 0x087b3051 in cgraph_expand_all_functions () at /home/mjambor/gcc/icln/gcc/cgraphunit.c:1556 #18 cgraph_optimize () at /home/mjambor/gcc/icln/gcc/cgraphunit.c:1812 #19 0x087b368a in cgraph_finalize_compilation_unit () at /home/mjambor/gcc/icln/gcc/cgraphunit.c:1020 #20 0x0819bebb in cp_write_global_declarations () at /home/mjambor/gcc/icln/gcc/cp/decl2.c:3928 #21 0x085a2894 in compile_file () at /home/mjambor/gcc/icln/gcc/toplev.c:967 #22 do_compile () at /home/mjambor/gcc/icln/gcc/toplev.c:2394 #23 0x085a3062 in toplev_main (argc=21, argv=0xbfffef64) at /home/mjambor/gcc/icln/gcc/toplev.c:2435 #24 0x082ca5eb in main (argc=21, argv=0xbfffef64) at /home/mjambor/gcc/icln/gcc/main.c:36 It seems that some template bindings get built when we try to dump the current function for the compare-debug dump (required to get the ICE), which is so late in the compilation process that cp front-end cannot handle it somehow.
A proposed patch submitted to the mailing list: http://gcc.gnu.org/ml/gcc-patches/2010-10/msg00921.html
Author: jamborm Date: Mon Oct 11 20:23:04 2010 New Revision: 165330 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=165330 Log: 2010-10-11 Martin Jambor <mjambor@suse.cz> PR c++/45562 * cp/cp-tree.h (current_class_ref): Check that cp_function_chain is non-NULL. * cp/call.c (build_cxx_call): Likewise. Modified: trunk/gcc/cp/ChangeLog trunk/gcc/cp/call.c trunk/gcc/cp/cp-tree.h
Fixed.