The testcase g++.dg/cpp2a/lambda-uneval11.C causes cc1plus segment fault. Running g++ driver won't expose this crash. Only running cc1plus directly can expose the crash. ./install/libexec/gcc/x86_64-unknown-linux-gnu/12.0.0/cc1plus -std=c++20 gcc-clone/gcc/testsuite/g++.dg/cpp2a/lambda-uneval11.C <lambda()> void spam(decltype (<lambda>) (*)[sizeof (T)]) void foo() <lambda()> static constexpr void<lambda()>::_FUN() constexpr<lambda()>::operator void (*)()() const <lambda()> static constexpr void<lambda()>::_FUN() constexpr<lambda()>::operator void (*)()() const <lambda()> static constexpr void<lambda()>::_FUN() constexpr<lambda()>::operator void (*)()() const <lambda()> static constexpr void<lambda()>::_FUN() constexpr<lambda()>::operator void (*)()() const constexpr<lambda()>::operator void (*)()() const <lambda()> static constexpr void<lambda()>::_FUN() constexpr<lambda()>::operator void (*)()() const gcc-clone/gcc/testsuite/g++.dg/cpp2a/lambda-uneval11.C: In instantiation of ‘constexpr<lambda()>::operator void (*)()() const’: gcc-clone/gcc/testsuite/g++.dg/cpp2a/lambda-uneval11.C:9:12: required from here gcc-clone/gcc/testsuite/g++.dg/cpp2a/lambda-uneval11.C:4:25: internal compiler error: Segmentation fault 4 | template <class T> void spam(decltype([]{}) (*s)[sizeof(T)] = nullptr) | ^~~~ Please submit a full bug report, with preprocessed source if appropriate. See <https://gcc.gnu.org/bugs/> for instructions.
Confirmed. (gdb) bt #0 0x0000000000b2716e in tree_check (__t=<tree 0x0>, __f=0x2ed9770 "/home/rguenther/src/gcc3/gcc/cp/decl.c", __l=17190, __g=0x2ee3250 <do_push_parm_decls(tree_node*, tree_node*, tree_node**)::__FUNCTION__> "do_push_parm_decls", __c=FUNCTION_DECL) at /home/rguenther/src/gcc3/gcc/tree.h:3432 #1 0x0000000000c66f69 in do_push_parm_decls (decl=<tree 0x0>, args=<parm_decl 0x7ffff66a7d80 s>, nonparms=0x7fffffffd7f8) at /home/rguenther/src/gcc3/gcc/cp/decl.c:17190 #2 0x0000000000c6701e in store_parm_decls ( current_function_parms=<parm_decl 0x7ffff66a7d80 s>) at /home/rguenther/src/gcc3/gcc/cp/decl.c:17222 #3 0x0000000000c660b0 in start_preparsed_function ( decl1=<function_decl 0x7ffff66b0700 spam>, attrs=<tree 0x0>, flags=1) at /home/rguenther/src/gcc3/gcc/cp/decl.c:17078 #4 0x0000000000e8a6ad in instantiate_body ( pattern=<template_decl 0x7ffff66a7280 spam>, args=<tree_vec 0x7ffff668bc00>, d=<function_decl 0x7ffff66b0700 spam>, nested_p=false) at /home/rguenther/src/gcc3/gcc/cp/pt.c:26037 #5 0x0000000000e8c3f9 in instantiate_decl ( d=<function_decl 0x7ffff66b0700 spam>, defer_ok=false, expl_inst_class_mem_p=false) at /home/rguenther/src/gcc3/gcc/cp/pt.c:26344 #6 0x0000000000e8c7a6 in instantiate_pending_templates (retries=0) at /home/rguenther/src/gcc3/gcc/cp/pt.c:26423 #7 0x0000000000c89a19 in c_parse_final_cleanups () at /home/rguenther/src/gcc3/gcc/cp/decl2.c:5009 #8 0x0000000000fdcd32 in c_common_parse_file () at /home/rguenther/src/gcc3/gcc/c-family/c-opts.c:1259 #9 0x00000000017adc20 in compile_file () at /home/rguenther/src/gcc3/gcc/toplev.c:456 #10 0x00000000017b0dcb in do_compile (no_backend=false) at /home/rguenther/src/gcc3/gcc/toplev.c:2215 #11 0x00000000017b117f in toplev::main (this=0x7fffffffdd1a, argc=5, argv=0x7fffffffde28) at /home/rguenther/src/gcc3/gcc/toplev.c:2363 #12 0x0000000002d9c73e in main (argc=5, argv=0x7fffffffde28) at /home/rguenther/src/gcc3/gcc/main.c:39 fndecl is current_function_decl but that's NULLed when we do #0 finish_function (inline_p=true) at /home/rguenther/src/gcc3/gcc/cp/decl.c:17817 #1 0x0000000000cd203a in maybe_add_lambda_conv_op ( type=<record_type 0x7ffff66b7f18 ._anon_4>) at /home/rguenther/src/gcc3/gcc/cp/lambda.c:1294 #2 0x0000000000e6d868 in tsubst_lambda_expr (t=<lambda_expr 0x7ffff66a68c0>, args=<tree_vec 0x7ffff668bc00>, complain=3, in_decl=<function_decl 0x7ffff6697500 operator()>) at /home/rguenther/src/gcc3/gcc/cp/pt.c:19568 #3 0x0000000000e74cab in tsubst_copy_and_build ( t=<lambda_expr 0x7ffff66a68c0>, args=<tree_vec 0x7ffff668bc00>, complain=0, in_decl=<tree 0x0>, function_p=false, integral_constant_expression_p=false) at /home/rguenther/src/gcc3/gcc/cp/pt.c:20992 #4 0x0000000000e58d68 in tsubst (t=<decltype_type 0x7ffff66933f0>, args=<tree_vec 0x7ffff668bc00>, complain=0, in_decl=<tree 0x0>) at /home/rguenther/src/gcc3/gcc/cp/pt.c:16159 #5 0x0000000000c94947 in dump_template_bindings ( pp=0x406eb80 <actual_pretty_printer>, parms=<tree 0x0>, args=<tree_vec 0x7ffff668bc00>, typenames=0x7ffff66abfa0 = {...}) at /home/rguenther/src/gcc3/gcc/cp/error.c:482 #6 0x0000000000c9ad5d in dump_substitution ( pp=0x406eb80 <actual_pretty_printer>, t=<template_decl 0x7ffff66a7280 spam>, template_parms=<tree_list 0x7ffff668de88>, template_args=<tree_vec 0x7ffff668bc00>, flags=4) at /home/rguenther/src/gcc3/gcc/cp/error.c:1638 #7 0x0000000000c9c906 in dump_function_decl ( pp=0x406eb80 <actual_pretty_printer>, t=<template_decl 0x7ffff66a7280 spam>, flags=4) at /home/rguenther/src/gcc3/gcc/cp/error.c:1796 #8 0x0000000000c99c3b in dump_decl (pp=0x406eb80 <actual_pretty_printer>, t=<function_decl 0x7ffff66b0700 spam>, flags=4) at /home/rguenther/src/gcc3/gcc/cp/error.c:1369 #9 0x0000000000ca3340 in decl_as_string ( decl=<function_decl 0x7ffff66b0700 spam>, flags=4) at /home/rguenther/src/gcc3/gcc/cp/error.c:3117 #10 0x0000000000ca3418 in lang_decl_name ( decl=<function_decl 0x7ffff66b0700 spam>, v=2, translate=false) at /home/rguenther/src/gcc3/gcc/cp/error.c:3151 #11 0x0000000000efabc1 in cxx_printable_name_internal ( decl=<function_decl 0x7ffff66b0700 spam>, v=2, translate=false) at /home/rguenther/src/gcc3/gcc/cp/tree.c:2678 #12 0x0000000000efac61 in cxx_printable_name ( decl=<function_decl 0x7ffff66b0700 spam>, v=2) at /home/rguenther/src/gcc3/gcc/cp/tree.c:2687 #13 0x00000000017ad599 in announce_function ( decl=<function_decl 0x7ffff66b0700 spam>) at /home/rguenther/src/gcc3/gcc/toplev.c:234 #14 0x0000000000c6496f in start_preparsed_function ( decl1=<function_decl 0x7ffff66b0700 spam>, attrs=<tree 0x0>, flags=1) at /home/rguenther/src/gcc3/gcc/cp/decl.c:16905 so it looks like some diagnostics affect current_function_decl, the key is omitting -quiet from the command-line that's usually added by the driver.
(In reply to Richard Biener from comment #1) > so it looks like some diagnostics affect current_function_decl, the key > is omitting -quiet from the command-line that's usually added by the driver. That is absolutely correct. However, I think the real danger is the "announce_function" which is the root cause. The name and behavior makes it look like a harmless-readonly debug output. However, it is effectively doing not only recursing itself, but sidelines by calling "tsubt" which eventually set "current_function_decl" back-and-forth. So, my fix is to comment out this "announce_function" below directory "cp" level because it might recurse itself and interleave with the set/reset "current_function_decl". Does anybody depend on the result of this "announce_function"? Driver? Plugin? Also I want to point out that any debug method using debug printf of format "%F" will suffer the similar issue because they are similar to "announce_function". I personally debug using a lot of this format and it drives me crazy when these seemingly-harmless print/warning function cause crash. Somebody needs to write some really "readonly" debug output helper functions for developers! I may prepare a patch if no objections. BTW, this issue is hidden by option "-quiet" because it suppresses "announce_function" output. #0 announce_function (decl=0x7ffff73ab700) at ../../gcc-10.2.0/gcc/toplev.c:230 #1 0x0000000000a03d26 in start_preparsed_function (decl1=0x7ffff73ab700, attrs=0x0, flags=3) at ../../gcc-10.2.0/gcc/cp/decl.c:16291 #2 0x0000000000a4cc75 in start_lambda_function (fco=0x7ffff73ab700, lambda_expr=0x7ffff7399cc0) at ../../gcc-10.2.0/gcc/cp/lambda.c:1425 #3 0x0000000000b25f8f in tsubst_lambda_expr (t=0x7ffff7399480, args=0x7ffff7383aa0, complain=0, in_decl=0x7ffff738b100) at ../../gcc-10.2.0/gcc/cp/pt.c:19086 #4 0x0000000000b2aa76 in tsubst_copy_and_build (t=0x7ffff7399480, args=0x7ffff7383aa0, complain=0, in_decl=0x0, function_p=false, integral_constant_expression_p=false) at ../../gcc-10.2.0/gcc/cp/pt.c:20511 #5 0x0000000000b1be1b in tsubst (t=0x7ffff739c000, args=0x7ffff7383aa0, complain=0, in_decl=0x0) at ../../gcc-10.2.0/gcc/cp/pt.c:15936 #6 0x0000000000a20637 in dump_template_bindings (pp=0x343cfc0 <actual_pretty_printer>, parms=0x0, args=0x7ffff7383aa0, typenames=0x7ffff73a67f8) at ../../gcc-10.2.0/gcc/cp/error.c:416 #7 0x0000000000a23b94 in dump_substitution (pp=0x343cfc0 <actual_pretty_printer>, t=0x7ffff726b400, template_parms=0x7ffff73827f8, template_args=0x7ffff7383aa0, flags=4) at ../../gcc-10.2.0/gcc/cp/error.c:1562 #8 0x0000000000a24622 in dump_function_decl (pp=0x343cfc0 <actual_pretty_printer>, t=0x7ffff726b400, flags=4) at ../../gcc-10.2.0/gcc/cp/error.c:1720 #9 0x0000000000a230b0 in dump_decl (pp=0x343cfc0 <actual_pretty_printer>, t=0x7ffff73a3300, flags=4) at ../../gcc-10.2.0/gcc/cp/error.c:1292 #10 0x0000000000a27805 in decl_as_string (decl=0x7ffff73a3300, flags=4) at ../../gcc-10.2.0/gcc/cp/error.c:2995 #11 0x0000000000a278dd in lang_decl_name (decl=0x7ffff73a3300, v=2, translate=false) at ../../gcc-10.2.0/gcc/cp/error.c:3029 #12 0x0000000000b78f8a in cxx_printable_name_internal (decl=0x7ffff73a3300, v=2, translate=false) at ../../gcc-10.2.0/gcc/cp/tree.c:2596 #13 0x0000000000b7900b in cxx_printable_name (decl=0x7ffff73a3300, v=2) at ../../gcc-10.2.0/gcc/cp/tree.c:2605 #14 0x000000000139c9cf in announce_function (decl=0x7ffff73a3300) at ../../gcc-10.2.0/gcc/toplev.c:236