g++-11.0.0-alpha20201018 snapshot (g:1e70b1a358b6ce3b894f284d88fbb90518d45cc0) ICEs when compiling the following testcase, extracted from test/CodeGenCXX/pr34163.cpp from the clang 10.0.1 test suite, w/ -fanalyzer: struct X { virtual ~X() {} virtual void key_function(); }; void X::key_function() {} % g++-11.0.0 -fanalyzer -c dkuvlwww.cpp during IPA pass: analyzer dkuvlwww.cpp:6:25: internal compiler error: Segmentation fault 6 | void X::key_function() {} | ^ 0x1020adf crash_signal /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/toplev.c:330 0x13aeb92 ana::supergraph::get_node_for_function_entry(function*) const /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/supergraph.h:96 0x13aeb92 ana::function_point::from_function_entry(ana::supergraph const&, function*) /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/program-point.cc:215 0x139f36f ana::program_point::from_function_entry(ana::supergraph const&, function*) /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/program-point.h:253 0x139f36f ana::exploded_graph::add_function_entry(function*) /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/engine.cc:1949 0x139fa07 ana::exploded_graph::on_escaped_function(tree_node*) /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/engine.cc:3985 0x139fa7b add_any_callbacks /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/engine.cc:2290 0x12ff60a walk_tree_1(tree_node**, tree_node* (*)(tree_node**, int*, void*), void*, hash_set<tree_node*, false, default_hash_traits<tree_node*> >*, tree_node* (*)(tree_node**, int*, tree_node* (*)(tree_node**, int*, void*), void*, hash_set<tree_node*, false, default_hash_traits<tree_node*> >*)) /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/tree.c:12001 0x12ff9f1 walk_tree_1(tree_node**, tree_node* (*)(tree_node**, int*, void*), void*, hash_set<tree_node*, false, default_hash_traits<tree_node*> >*, tree_node* (*)(tree_node**, int*, tree_node* (*)(tree_node**, int*, void*), void*, hash_set<tree_node*, false, default_hash_traits<tree_node*> >*)) /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/tree.c:12078 0x139f8fa ana::exploded_graph::build_initial_worklist() /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/engine.cc:2330 0x13a37e0 ana::impl_run_checkers(ana::logger*) /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/engine.cc:4576 0x13a463c ana::run_checkers() /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/engine.cc:4650 0x1397628 execute /var/tmp/portage/sys-devel/gcc-11.0.0_alpha20201018/work/gcc-11-20201018/gcc/analyzer/analyzer-pass.cc:84
Confirmed, started with r10-5950-g757bf1dff5e8cee3.
Thanks; confirmed, though for me I see the ICE with g:af66094d037793773eb8a49597866457f2f6a104, and do not see the ICE with its predecessor; in particular the backtrace shows add_any_callbacks which I added in that commit. It's crashing on "__dt_comp ", finding the dtor in the vtable when building the initial worklist, here: 96 return get_node_for_block (ENTRY_BLOCK_PTR_FOR_FN (fun)); where fun->cfg is NULL. Working on a fix.
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:b7f2cfbf0fc7bcd5c1e60fca354de8bf60f9acfa commit r11-4220-gb7f2cfbf0fc7bcd5c1e60fca354de8bf60f9acfa Author: David Malcolm <dmalcolm@redhat.com> Date: Thu Oct 22 06:12:31 2020 -0400 analyzer: fix ICE on dtor [PR97489] gcc/analyzer/ChangeLog: PR analyzer/97489 * engine.cc (exploded_graph::add_function_entry): Assert that we have a function body. (exploded_graph::on_escaped_function): Reject fndecls that don't have a function body. gcc/testsuite/ChangeLog: PR analyzer/97489 * g++.dg/analyzer/pr97489.C: New test.
Should be fixed by the above commit.