Bug 105074 - [12 Regression] -fanalyzer ICEs on gnutls-3.7.3: cgraph_node::get_edge(gimple*) SIGSEGV since r12-7809-g5f6197d7c197f9d2
Summary: [12 Regression] -fanalyzer ICEs on gnutls-3.7.3: cgraph_node::get_edge(gimple...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: analyzer (show other bugs)
Version: 12.0
: P3 normal
Target Milestone: 12.0
Assignee: David Malcolm
URL:
Keywords:
: 105113 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-03-28 07:42 UTC by Sergei Trofimovich
Modified: 2022-03-30 23:05 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2022-03-28 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei Trofimovich 2022-03-28 07:42:03 UTC
Initially observed ICE when built gnutls-3.7.3 on this week's gcc. Here is the minimal reproducer:

$ cat cert-session.c
// gcc-12.0.0 -O2 -fanalyzer -o a.o  cert-session.c
void _gnutls_log(const char *);
static void _gnutls_ocsp_verify_mandatory_stapling(void) {
  _gnutls_log(__func__);
}
void check_ocsp_response_gnutls_x509_cert_verify_peers(void) {
  _gnutls_ocsp_verify_mandatory_stapling();
}

$ /tmp/gb/gcc/xgcc -B/tmp/gb/gcc -O2 -fanalyzer -c cert-session.c
during IPA pass: analyzer
In function ‘_gnutls_ocsp_verify_mandatory_stapling’,
    inlined from ‘check_ocsp_response_gnutls_x509_cert_verify_peers’ at cert-session.c:7:3:
cert-session.c:4:3: internal compiler error: Segmentation fault
    4 |   _gnutls_log(__func__);
      |   ^~~~~~~~~~~~~~~~~~~~~
0xdd6bc3 crash_signal
        /home/slyfox/dev/git/gcc/gcc/toplev.cc:322
0x8a8120 cgraph_node::get_edge(gimple*)
        /home/slyfox/dev/git/gcc/gcc/cgraph.cc:744
0x121059c ipa_ref_requires_tracking
        /home/slyfox/dev/git/gcc/gcc/analyzer/region.cc:1192
0x121059c symnode_requires_tracking_p
        /home/slyfox/dev/git/gcc/gcc/analyzer/region.cc:1235
0x121059c ana::decl_region::calc_tracked_p(tree_node*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region.cc:1254
0x1234786 ana::decl_region::decl_region(unsigned int, ana::region const*, tree_node*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region.h:652
0x1234786 ana::region_model_manager::get_region_for_global(tree_node*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model-manager.cc:1339
0x1216889 ana::region_model::get_lvalue_1(ana::path_var, ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2068
0x1216ad4 ana::region_model::get_lvalue(ana::path_var, ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2136
0x1216b44 ana::region_model::get_lvalue(tree_node*, ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2147
0x1216f7c ana::region_model::get_rvalue_1(ana::path_var, ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2170
0x1217997 ana::region_model::get_rvalue(ana::path_var, ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2270
0x1217a14 ana::region_model::get_rvalue(tree_node*, ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2285
0x121d3a7 ana::region_model::handle_unrecognized_call(gcall const*, ana::region_model_context*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:1772
0x121d81d ana::region_model::on_call_post(gcall const*, bool, ana::region_model_context*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:1576
0x11ef18c ana::exploded_node::on_stmt_post(gimple const*, ana::program_state*, bool, ana::region_model_context*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:1450
0x11f56a7 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode const*, gimple const*, ana::program_state*, ana::uncertainty_t*, ana::path_context*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:1387
0x11f8dad ana::exploded_graph::process_node(ana::exploded_node*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:3756
0x11f90ad ana::exploded_graph::process_worklist()
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:3198
0x11fb201 ana::impl_run_checkers(ana::logger*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:5777
Please submit a full bug report, with preprocessed source (by using -freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

$ /tmp/gb/gcc/xgcc -B/tmp/gb/gcc -v |& unnix
Reading specs from /tmp/gb/gcc/specs
COLLECT_GCC=/tmp/gb/gcc/xgcc
COLLECT_LTO_WRAPPER=/tmp/gb/gcc/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /home/slyfox/dev/git/gcc/configure --disable-multilib --disable-bootstrap --with-native-system-header-dir=/<<NIX>>/glibc-2.33-117-dev/include --prefix=/tmp/gb/__td__ CFLAGS='-O1 -ggdb3' CXXFLAGS='-O1 -ggdb3' LDFLAGS='-O1 -ggdb3'
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.0.1 20220328 (experimental) (GCC)
Comment 1 Martin Liška 2022-03-28 11:02:34 UTC
Started with r12-7809-g5f6197d7c197f9d2.
Comment 2 David Malcolm 2022-03-28 14:03:39 UTC
Thanks for filing this bug report; happens at -O2 and above.

Working on a fix now.
Comment 3 GCC Commits 2022-03-29 00:41:04 UTC
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:1203e8f7880c9751ece5f5302e413b20f4608a00

commit r12-7868-g1203e8f7880c9751ece5f5302e413b20f4608a00
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Mon Mar 28 20:40:16 2022 -0400

    analyzer: fix ICE with incorrect lookup of cgraph node [PR105074]
    
    gcc/analyzer/ChangeLog:
            PR analyzer/105074
            * region.cc (ipa_ref_requires_tracking): Drop "context_fndecl",
            instead using the ref->referring to get the cgraph node of the
            caller.
            (symnode_requires_tracking_p): Likewise.
    
    gcc/testsuite/ChangeLog:
            PR analyzer/105074
            * gcc.dg/analyzer/pr105074.c: New test.
            * gcc.dg/analyzer/untracked-1.c (extern_fn_char_ptr): New decl.
            (test_13): New.
    
    Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Comment 4 David Malcolm 2022-03-29 00:45:20 UTC
Should be fixed by the above commit.
Comment 5 Sergei Trofimovich 2022-03-29 07:37:14 UTC
The change fixes full gnutls-3.7.3 build for me as well. Thank you!
Comment 6 David Malcolm 2022-03-30 23:05:50 UTC
*** Bug 105113 has been marked as a duplicate of this bug. ***