Created attachment 33960 [details] reduced testcase $ gcc -O -fkeep-inline-functions -fsanitize=null testcase.C ==22060== Invalid read of size 8 ==22060== at 0x180E214: ipa_comdats (ipa-comdats.c:340) ==22060== by 0x180E214: (anonymous namespace)::pass_ipa_comdats::execute(function*) (ipa-comdats.c:381) ==22060== by 0xCCBE78: execute_one_pass(opt_pass*) (passes.c:2269) ==22060== by 0xCCCAD1: execute_ipa_pass_list(opt_pass*) (passes.c:2663) ==22060== by 0x9B3B69: ipa_passes (cgraphunit.c:2088) ==22060== by 0x9B3B69: symbol_table::compile() (cgraphunit.c:2172) ==22060== by 0x9B5687: symbol_table::finalize_compilation_unit() (cgraphunit.c:2325) ==22060== by 0x785449: cp_write_global_declarations() (decl2.c:4677) ==22060== by 0xDC3BD3: compile_file() (toplev.c:583) ==22060== by 0x694528: do_compile (toplev.c:2020) ==22060== by 0x694528: toplev::main(int, char**) (toplev.c:2117) ==22060== by 0x694B78: main (main.c:38) ==22060== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==22060== testcase.C:5:4: internal compiler error: Segmentation fault B b; ^ Please submit a full bug report, with preprocessed source if appropriate. See <http://gcc.gnu.org/bugs.html> for instructions. Tested revisions: r217458 - ICE 4_9 r216937 - OK
Confirmed.
It is caused by r213406.
The ICE is in the ipa-comdats.c pass, on a decl that has been created by: #4 0x000000000122e121 in make_node_stat (code=FUNCTION_DECL) at ../../gcc/tree.c:951 #5 0x000000000123c20c in build_decl_stat (loc=7698, code=FUNCTION_DECL, name=<identifier_node 0x7ffff1a0b688 _GLOBAL__sub_I_b>, type=<function_type 0x7ffff188a0a8>) at ../../gcc/tree.c:4521 #6 0x00000000007b4473 in build_lang_decl_loc (loc=7698, code=FUNCTION_DECL, name=<identifier_node 0x7ffff1a0b688 _GLOBAL__sub_I_b>, type=<function_type 0x7ffff188a0a8>) at ../../gcc/cp/lex.c:540 #7 0x00000000007b4446 in build_lang_decl (code=FUNCTION_DECL, name=<identifier_node 0x7ffff1a0b688 _GLOBAL__sub_I_b>, type=<function_type 0x7ffff188a0a8>) at ../../gcc/cp/lex.c:529 #8 0x0000000000798cf3 in start_objects (method_type=73, initp=65535) at ../../gcc/cp/decl2.c:3319 #9 0x000000000079a388 in generate_ctor_or_dtor_function (constructor_p=true, priority=65535, locus=0x7fffffffe130) at ../../gcc/cp/decl2.c:3925 #10 0x000000000079a479 in generate_ctor_and_dtor_functions_for_priority (n=0x234b490, data=0x7fffffffe130) at ../../gcc/cp/decl2.c:3955 #11 0x00000000018d00ff in splay_tree_foreach_helper (data=0x7fffffffe130, fn=0x79a42e <generate_ctor_and_dtor_functions_for_priority(splay_tree_node, void*)>, node=0x234b490) at ../../libiberty/splay-tree.c:242 #12 splay_tree_foreach (sp=<optimized out>, fn=0x79a42e <generate_ctor_and_dtor_functions_for_priority(splay_tree_node, void*)>, data=0x7fffffffe130) at ../../libiberty/splay-tree.c:566 #13 0x000000000079c8b7 in cp_write_global_declarations () at ../../gcc/cp/decl2.c:4657 #14 0x0000000000f5f213 in compile_file () at ../../gcc/toplev.c:584 I don't see how the sanitizer could be at fault here, looks like an IPA bug to me instead.
dup of 61324 *** This bug has been marked as a duplicate of bug 61324 ***