Bug 94503 - ICE on C++ return-value-optimization (in saved_diagnostic, at analyzer/diagnostic-manager.cc:84)
Summary: ICE on C++ return-value-optimization (in saved_diagnostic, at analyzer/diagno...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: analyzer (show other bugs)
Version: 10.0
: P3 normal
Target Milestone: 10.3
Assignee: David Malcolm
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-06 16:21 UTC by Arseny Solokha
Modified: 2020-08-13 20:30 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail: 10.0
Last reconfirmed: 2020-04-07 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arseny Solokha 2020-04-06 16:21:00 UTC 
g++-10.0.1-alpha20200405 snapshot (g:2a1a0c8c0db0aae50a2cebce59bd64334cd6ba2a) ICEs when compiling the following testcase, reduced from libstdc++-v3/testsuite/19_diagnostics/system_error/what-big.cc, w/ -fanalyzer:

template <typename> class allocator {
public:
  allocator(const allocator &);
  allocator();
};

template <typename> struct allocator_traits;
template <typename _Tp> struct allocator_traits<allocator<_Tp>> {
  static allocator<_Tp> select_on_container_copy_construction() {
    return allocator<_Tp>();
  }
  static allocator<_Tp> _S_select_on_copy() {
    return select_on_container_copy_construction();
  }
};

class basic_string {
  struct _Alloc_hider {
    _Alloc_hider(allocator<char>);
  } _M_dataplus;

public:
  basic_string(basic_string &)
    : _M_dataplus(allocator_traits<allocator<char>>::_S_select_on_copy()) {}
} xxx(xxx);

% g++-10.0.1 -fanalyzer -c lnxen8r7.cc
during IPA pass: analyzer
lnxen8r7.cc: In static member function 'static allocator<_Tp> allocator_traits<allocator<_Tp> >::select_on_container_copy_construction() [with _Tp = char]':
lnxen8r7.cc:10:27: internal compiler error: in saved_diagnostic, at analyzer/diagnostic-manager.cc:84
   10 |     return allocator<_Tp>();
      |                           ^
0x854771 ana::saved_diagnostic::saved_diagnostic(ana::state_machine const*, ana::exploded_node const*, ana::supernode const*, gimple const*, ana::stmt_finder*, tree_node*, unsigned int, ana::pending_diagnostic*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/diagnostic-manager.cc:84
0x1a1626d ana::diagnostic_manager::add_diagnostic(ana::state_machine const*, ana::exploded_node const*, ana::supernode const*, gimple const*, ana::stmt_finder*, tree_node*, unsigned int, ana::pending_diagnostic*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/diagnostic-manager.cc:175
0x1a16489 ana::diagnostic_manager::add_diagnostic(ana::exploded_node const*, ana::supernode const*, gimple const*, ana::stmt_finder*, ana::pending_diagnostic*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/diagnostic-manager.cc:192
0x133e164 ana::impl_region_model_context::warn(ana::pending_diagnostic*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/engine.cc:114
0x1363fa4 ana::region_model::deref_rvalue(ana::svalue_id, ana::region_model_context*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/region-model.cc:5458
0x136637e ana::region_model::get_or_create_mem_ref(tree_node*, ana::svalue_id, ana::svalue_id, ana::region_model_context*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/region-model.cc:6971
0x1366d13 ana::region_model::get_lvalue(ana::path_var, ana::region_model_context*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/region-model.cc:5068
0x136f637 ana::region_model::update_for_return_superedge(ana::return_superedge const&, ana::region_model_context*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/region-model.cc:6171
0x136f757 ana::region_model::maybe_update_for_edge(ana::superedge const&, gimple const*, ana::region_model_context*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/region-model.cc:6092
0x13538f0 ana::program_state::on_edge(ana::exploded_graph&, ana::exploded_node const&, ana::superedge const*, ana::state_change*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/program-state.cc:829
0x133ecc9 ana::exploded_node::on_edge(ana::exploded_graph&, ana::superedge const*, ana::program_point*, ana::program_state*, ana::state_change*) const
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/engine.cc:1153
0x13466dc ana::exploded_graph::process_node(ana::exploded_node*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/engine.cc:2597
0x1346d0a ana::exploded_graph::process_worklist()
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/engine.cc:2348
0x134743b ana::impl_run_checkers(ana::logger*)
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/engine.cc:4029
0x134800c ana::run_checkers()
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/engine.cc:4097
0x133cbb8 execute
	/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200405/work/gcc-10-20200405/gcc/analyzer/analyzer-pass.cc:84
Comment 1 Martin Liška 2020-04-07 06:32:05 UTC 
Confirmed, started with the first revision r10-5950-g757bf1dff5e8cee3.
Comment 2 David Malcolm 2020-04-07 19:49:47 UTC 
Appears to be due to return slot optimization.
Comment 3 Jakub Jelinek 2020-05-07 11:56:11 UTC 
GCC 10.1 has been released.
Comment 4 Richard Biener 2020-07-23 06:52:00 UTC 
GCC 10.2 is released, adjusting target milestone.
Comment 5 David Malcolm 2020-08-13 20:30:59 UTC 
The ICE (on C++ return-value-optimization) should be fixed by g:808f4dfeb3a95f50f15e71148e5c1067f90a126d (for GCC 11).  Marking this as fixed.