Bug 84349

Summary: [7 Regression] ICE with auto in function cast
Product: gcc Reporter: Volker Reichelt <reichelt>
Component: c++Assignee: Martin Sebor <msebor>
Severity: normal CC: aoliva, jason, msebor, webrown.cpp
Priority: P2 Keywords: ice-on-invalid-code
Version: 8.0   
Target Milestone: 7.4   
Host: Target:
Build: Known to work: 4.8.4, 7.4.0, 8.0
Known to fail: 4.9.4, 5.5.0, 6.4.0, 7.2.0 Last reconfirmed: 2018-02-13 00:00:00
Bug Depends on: 84798    
Bug Blocks:    

Description Volker Reichelt 2018-02-12 20:41:53 UTC
The following invalid code snippet triggers an ICE since GCC 4.9.0:

void* p;
int i = (*(int(*)(auto)) p)(0);

bug.cc:2:30: internal compiler error: Segmentation fault
 int i = (*(int(*)(auto)) p)(0);
0xeb087f crash_signal
0x8d81fb vec<tree_int, va_gc, vl_embed>::last()
0x8d81fb finish_lambda_scope()
0x934afd cp_parser_init_declarator
0x93bac8 cp_parser_simple_declaration
0x93c8d8 cp_parser_block_declaration
0x940832 cp_parser_declaration
0x940c41 cp_parser_declaration_seq_opt
0x940f34 cp_parser_translation_unit
0x940f34 c_parse_file()
0xa3f566 c_common_parse_file()
Please submit a full bug report, [etc.]
Comment 1 Martin Sebor 2018-02-13 00:34:57 UTC
Confirmed.  The ICE originated with r202540 in GCC 4.9.0:

r202540 | abutcher | 2013-09-12 17:04:52 -0400 (Thu, 12 Sep 2013) | 31 lines

Support using 'auto' in a function parameter list to introduce an implicit template parameter.

Prior to that, GCC would error out with:

t.C:2:19: error: parameter declared ‘auto’
 int i = (*(int(*)(auto)) p)(0);
t.C:2:30: error: too many arguments to function
 int i = (*(int(*)(auto)) p)(0);
Comment 2 Martin Sebor 2018-02-16 02:28:42 UTC
A slightly simpler test case:

  void *p = (int(*)(auto))0;

The bug seems to be that the auto isn't rejected in this context (namespace scope).  The same initializer is rejected in local scope.

Accepting it in an initializer expression results in incrementing the processing_template_decl counter in the test case from its initial value of zero to 1.  The counter doesn't get decremented back to zero which then triggers the unpaired call to finish_lambda_scope() below:

	  if (!member_p && processing_template_decl)
	    start_lambda_scope (decl);
	  initializer = cp_parser_initializer (parser,
	  if (!member_p && processing_template_decl)
	    finish_lambda_scope ();

AFAICS, the problem is somewhere in cp_parser_decl_specifier_seq() that creates a decl_specifiers.type for the initializer at global scope for which type_uses_auto() returns null.
Comment 3 Volker Reichelt 2018-03-13 20:07:39 UTC
This was fixed on trunk by Jason's patch for PR84798.
Do we want to add this as a testcase or close it as a duplicate?
Comment 4 Jakub Jelinek 2018-10-26 10:11:47 UTC
GCC 6 branch is being closed
Comment 5 Richard Biener 2019-11-14 11:07:59 UTC
Fixed in GCC 7.