Compiling #include <iostream> auto lol() { int aha = 3; return [&aha] { return aha; }; } int main() { auto lambda = lol(); std::cout << lambda() << std::endl; return 0; } on the static analysis branch gives an ICE: during IPA pass: analyzer <source>: In function 'int main(int, char**)': <source>:13:25: internal compiler error: in make_region_for_type, at analyzer/region-model.cc:5961 13 | std::cout << lambda() << std::endl; | ^ Thanks to Vaclav K. who found this bug.
Confirmed. make_region_for_type doesn't know how to handle a METHOD_TYPE and hits a gcc_unreachable. Note that C++ support is out-of-scope for the analyzer for GCC 10.
This fixes it, though to do this "properly" would also need DejaGnu infrastructure for adding C++ testcases. diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 7a863e020e23..1366987512e5 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -5997,7 +5997,7 @@ make_region_for_type (region_id parent_rid, tree type) if (TREE_CODE (type) == UNION_TYPE) return new union_region (parent_rid, type); - if (TREE_CODE (type) == FUNCTION_TYPE) + if (FUNC_OR_METHOD_TYPE_P (type)) return new function_region (parent_rid, type); /* If we have a void *, make a new symbolic region. */ diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h index cdce812d7d22..1e4e9c5a47c9 100644 --- a/gcc/analyzer/region-model.h +++ b/gcc/analyzer/region-model.h @@ -1233,7 +1233,7 @@ public: function_region (region_id parent_rid, tree type) : map_region (parent_rid, type) { - gcc_assert (TREE_CODE (type) == FUNCTION_TYPE); + gcc_assert (FUNC_OR_METHOD_TYPE_P (type)); } function_region (const function_region &other) : map_region (other)
Patch pushed to the dmalcolm/analyzer branch on the GCC git mirror: https://gcc.gnu.org/ml/gcc-patches/2020-01/msg00514.html Will close this if/once the analyzer is on trunk and this fix is committed there.
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:32077b693df8e3ed0424031a322df23822bf2f7e commit r10-5970-g32077b693df8e3ed0424031a322df23822bf2f7e Author: David Malcolm <dmalcolm@redhat.com> Date: Thu Jan 9 10:12:59 2020 -0500 analyzer: fix ICE on METHOD_TYPE (PR 93212) PR analyzer/93212 reports an ICE when attempting to use -fanalyzer on a C++ source file. That isn't supported yet, but the fix is trivial (handling METHOD_TYPE as well as FUNCTION_TYPE). gcc/analyzer/ChangeLog: PR analyzer/93212 * region-model.cc (make_region_for_type): Use FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE. * region-model.h (function_region::function_region): Likewise.
Should now be closed on master.
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:35e24106fc1b782e70f8339e0a1321a2bc7a7f15 commit r10-6588-g35e24106fc1b782e70f8339e0a1321a2bc7a7f15 Author: David Malcolm <dmalcolm@redhat.com> Date: Thu Nov 21 12:30:45 2019 -0500 analyzer: g++ testsuite support PR analyzer/93288 reports a C++-specific ICE with -fanalyzer. This patch creates the beginnings of a C++ test suite for the analyzer, so that there's a place to put test coverage for the fix. It adds a regression test for PR analyzer/93212, an ICE fixed in r10-5970-g32077b693df8e3ed0424031a322df23822bf2f7e. gcc/testsuite/ChangeLog: PR analyzer/93212 * g++.dg/analyzer/analyzer.exp: New subdirectory and .exp suite. * g++.dg/analyzer/malloc.C: New test. * g++.dg/analyzer/pr93212.C: New test.