Created attachment 47967 [details] reduced testcase (from OpenTTD sources) Compiler output: $ x86_64-pc-linux-gnu-g++ -fanalyzer testcase.C testcase.C: In function 'j* f(B*, int, bool)': testcase.C:18:19: warning: leak of '<unknown>' [CWE-401] [-Wanalyzer-malloc-leak] 18 | return calloc (b, sizeof (int)); | ~~~~~~~^~~~~~~~~~~~~~~~~ 'j* f(B*, int, bool)': events 1-2 | | 25 | j * f (B * b, int h, bool) | | ^ | | | | | (1) entry to 'f' |...... | 28 | return new j (b, h); | | ~ | | | | | (2) calling 'j::operator new' from 'f' | +--> 'static void* j::operator new(long unsigned int)': events 3-4 | | 16 | void *operator new (__SIZE_TYPE__ b) | | ^~~~~~~~ | | | | | (3) entry to 'j::operator new' | 17 | { | 18 | return calloc (b, sizeof (int)); | | ~ | | | | | (4) allocated here | <------+ | 'j* f(B*, int, bool)': events 5-6 | | 18 | return calloc (b, sizeof (int)); | | ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) '<unknown>' leaks here; was allocated at (4) |...... | 28 | return new j (b, h); | | ^ | | | | | (5) returning to 'f' from 'j::operator new' | testcase.C: In constructor 'j::j(B*, int)': testcase.C:22:3: warning: leak of 'this' [CWE-401] [-Wanalyzer-malloc-leak] 22 | } | ^ 'j* f(B*, int, bool)': events 1-2 | | 25 | j * f (B * b, int h, bool) | | ^ | | | | | (1) entry to 'f' |...... | 28 | return new j (b, h); | | ~ | | | | | (2) calling 'j::operator new' from 'f' | +--> 'static void* j::operator new(long unsigned int)': events 3-4 | | 16 | void *operator new (__SIZE_TYPE__ b) | | ^~~~~~~~ | | | | | (3) entry to 'j::operator new' | 17 | { | 18 | return calloc (b, sizeof (int)); | | ~ | | | | | (4) allocated here | <------+ | 'j* f(B*, int, bool)': events 5-7 | | 28 | return new j (b, h); | | ^ | | | | | (5) returning to 'f' from 'j::operator new' | | (6) allocated here | | (7) calling 'j::j' from 'f' | +--> 'j::j(B*, int)': events 8-9 | | 20 | j (B *, int) | | ^ | | | | | (8) entry to 'j::j' | 21 | { | 22 | } | | ~ | | | | | (9) 'this' leaks here; was allocated at (6) | during IPA pass: analyzer testcase.C: At global scope: testcase.C:28:21: internal compiler error: in make_region_for_unexpected_tree_code, at analyzer/region-model.cc:4786 28 | return new j (b, h); | ^ 0x84d2a3 ana::region_model::make_region_for_unexpected_tree_code(ana::region_model_context*, tree_node*, dump_location_t const&) /repo/gcc-trunk/gcc/analyzer/region-model.cc:4786 0x15a7293 ana::region_model::get_lvalue_1(ana::path_var, ana::region_model_context*) /repo/gcc-trunk/gcc/analyzer/region-model.cc:4650 0x15a77d3 ana::region_model::get_lvalue(ana::path_var, ana::region_model_context*) /repo/gcc-trunk/gcc/analyzer/region-model.cc:4811 0x1d2c3e5 get_any_origin /repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:579 0x1d2c3e5 get_any_origin /repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:565 0x1d2e5f7 ana::diagnostic_manager::prune_for_sm_diagnostic(ana::checker_path*, ana::state_machine const*, tree_node*, unsigned int) const /repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:1132 0x1d2eb5e ana::diagnostic_manager::prune_path(ana::checker_path*, ana::state_machine const*, tree_node*, unsigned int) const /repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:1056 0x1d2ed15 ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph const&, ana::saved_diagnostic const&, ana::exploded_path const&, gimple const*, int) /repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:520 0x1d30dbe ana::dedupe_winners::emit_best(ana::diagnostic_manager*, ana::exploded_graph const&) /repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:446 0x1d2f08f ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph const&) /repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:489 0x1589c5e ana::impl_run_checkers(ana::logger*) /repo/gcc-trunk/gcc/analyzer/engine.cc:3807 0x158a6ac ana::run_checkers() /repo/gcc-trunk/gcc/analyzer/engine.cc:3850 0x157f7f8 execute /repo/gcc-trunk/gcc/analyzer/analyzer-pass.cc:84 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See <https://gcc.gnu.org/bugs/> for instructions. $ x86_64-pc-linux-gnu-g++ -v Using built-in specs. COLLECT_GCC=/repo/gcc-trunk/binary-latest/bin/x86_64-pc-linux-gnu-g++ COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r10-7009-20200304090159-g8e480ec1ddb-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/10.0.1/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++ --enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra --with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld --with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch --prefix=/repo/gcc-trunk//binary-trunk-r10-7009-20200304090159-g8e480ec1ddb-checking-yes-rtl-df-extra-amd64 Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 10.0.1 20200304 (experimental) (GCC)
I can no longer reproduce this with r10-7026 , seems to be fixed by r10-7023
Yes, the ICE was fixed by r10-7023-g3d66e153b40ed000af30a9e569a05f34d5d576aa. It's a similar issue to the reproducer for PR analyzer/93993. I'll add your reproducer as a further regression test; thanks.
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:4ac3eb5c5f157bea22b5ae34b0df254d729dac25 commit r10-7028-g4ac3eb5c5f157bea22b5ae34b0df254d729dac25 Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Mar 4 12:10:34 2020 -0500 analyzer: add regression test for fixed ICE [PR94028] The C++ reproducer for PR analyzer/94028 generates a similar ICE to that of the Fortran reproducer for PR analyzer/93993 and, like it, was fixed by r10-7023-g3d66e153b40ed000af30a9e569a05f34d5d576aa. This patch adds the C++ reproducer as a regression test. gcc/testsuite/ChangeLog: PR analyzer/94028 * g++.dg/analyzer/pr94028.C: New test.
Fixed (see comment 2); regression test added (see comment 3); marking as resolved. Thanks for filing this.