Created attachment 52191 [details] preprocessed file gcc-12 (GCC) 12.0.0 20220114 (experimental) up to and incl. commit de196e5dd8ea4d0ed01a8c265afdd3676e27545b configured with --program-suffix=-12 --enable-languages=c,lto --enable-lto --disable-multilib on x86_64-pc-linux-gnu errors out when using gcc-12 -DHAVE_CONFIG_H -I. -I../include -DLOCALEDIR=\"/usr/share/locale\" -DDEBUG -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED -g -std=c11 -O2 -Wextra -Wpedantic -pipe -Wall -Winline -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wbad-function-cast -Wnested-externs -Wcast-align -Wpointer-arith -Waggregate-return -Wcast-qual -Wwrite-strings -Wundef -Wpacked -Wfloat-equal -Wunused-macros -Wold-style-definition -Winit-self -Wmissing-include-dirs -Wlogical-op -Wjump-misses-init -Wformat=2 -Wshift-overflow=2 -Wnull-dereference -Wduplicated-cond -Walloc-zero -Walloca -Wstringop-overflow=2 -Wduplicated-branches -Wno-format-nonliteral -Wno-stringop-truncation -Wno-format-truncation -fno-diagnostics-color -fdiagnostics-generate-patch -fanalyzer -fanalyzer-checker=taint with compiling heapsort.o during IPA pass: analyzer ./heapsort.c: In function ‘heapsort’: ./heapsort.c:169:15: internal compiler error: in alt_get_inherited_state, at analyzer/sm-taint.cc:652 169 | abase = (char *)vbase - size; | ~~~~~~^~~~~~~~~~~~~~~~~~~~~~
Reduced test-case: $ cat pr104029.c char heapsort_size; void heapsort() { char abaseabase = -heapsort_size; } $ gcc pr104029.c -fanalyzer -fanalyzer-checker=taint during IPA pass: analyzer pr104029.c: In function ‘heapsort’: pr104029.c:4:19: internal compiler error: in alt_get_inherited_state, at analyzer/sm-taint.cc:652 4 | heapsort() { char abaseabase = -heapsort_size; } | ^~~~~~~~~~ 0x81290a alt_get_inherited_state /home/marxin/Programming/gcc/gcc/analyzer/sm-taint.cc:652 0x12f081b ana::sm_state_map::get_state(ana::svalue const*, ana::extrinsic_state const&) const /home/marxin/Programming/gcc/gcc/analyzer/program-state.cc:424 0x12f299f ana::program_state::can_purge_p(ana::extrinsic_state const&, ana::svalue const*) const /home/marxin/Programming/gcc/gcc/analyzer/program-state.h:254 0x12f299f ana::program_state::prune_for_point(ana::exploded_graph&, ana::program_point const&, ana::exploded_node*, ana::uncertainty_t*) const /home/marxin/Programming/gcc/gcc/analyzer/program-state.cc:1151 0x12e03e4 ana::exploded_graph::process_node(ana::exploded_node*) /home/marxin/Programming/gcc/gcc/analyzer/engine.cc:3719 0x12e0ffa ana::exploded_graph::process_worklist() /home/marxin/Programming/gcc/gcc/analyzer/engine.cc:3137 0x12e331e ana::impl_run_checkers(ana::logger*) /home/marxin/Programming/gcc/gcc/analyzer/engine.cc:5716 0x12e4333 ana::run_checkers() /home/marxin/Programming/gcc/gcc/analyzer/engine.cc:5787 0x12d414c execute /home/marxin/Programming/gcc/gcc/analyzer/analyzer-pass.cc:87 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See <https://gcc.gnu.org/bugs/> for instructions.
Started with r12-5230-gb9365b93212041f1.
Thanks for filing this; am working on a fix.
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:8931adfa0530590d21e74e5c7a1f8d26df575775 commit r12-6597-g8931adfa0530590d21e74e5c7a1f8d26df575775 Author: David Malcolm <dmalcolm@redhat.com> Date: Fri Jan 14 09:49:59 2022 -0500 analyzer: fix ICE in taint checker on unary ops [PR104029] gcc/analyzer/ChangeLog: PR analyzer/104029 * sm-taint.cc (taint_state_machine::alt_get_inherited_state): Remove gcc_unreachable from default case for unary ops. gcc/testsuite/ChangeLog: PR analyzer/104029 * gcc.dg/analyzer/pr104029.c: New test. * gcc.dg/analyzer/taint-ops.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Should be fixed by the above commit.