Hi, I have a crafted .cc program named crash1.cc. When I use both gcc-10 and g++-10 compile it, an internal compiler error occurs. I run it on Ubuntu 20.04 x64. Details are attached. --- crash1.cc starts ---- constexpr const short f() { return 1.2345 * 0 / 01e9; try { enum s { } a[] = { 0 };; __attribute__ ((noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } --- crash1.cc ends --- --- g++-10 version starts --- root@c0d53067e55a:~/docker_share/gcc# g++-10 --version g++-10 (Ubuntu 10.2.0-5ubuntu1~20.04) 10.2.0 Copyright (C) 2020 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. root@c0d53067e55a:~/docker_share/gcc# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal --- g++-10 version ends --- --- g++-10 crash log starts --- root@c0d53067e55a:~/docker_share/gcc# g++-10 crash1.cc crash1.cc: In function 'constexpr const short int f()': crash1.cc:1:55: warning: 'try' in 'constexpr' function only available with '-std=c++2a' or '-std=gnu++2a' 1 | constexpr const short f() { return 1.2345 * 0 / 01e9; try { enum s { } a[] = { 0 };; __attribute__ ((noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } | ^~~ crash1.cc:1:83: error: invalid conversion from 'int' to 'f()::s' [-fpermissive] 1 | constexpr const short f() { return 1.2345 * 0 / 01e9; try { enum s { } a[] = { 0 };; __attribute__ ((noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } | ^ | | | int crash1.cc:1:89: warning: attributes at the beginning of statement are ignored [-Wattributes] 1 | constexpr const short f() { return 1.2345 * 0 / 01e9; try { enum s { } a[] = { 0 };; __attribute__ ((noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } | ^~~~~~~~~~~~~ crash1.cc:1:199: warning: 'try' in 'constexpr' function only available with '-std=c++2a' or '-std=gnu++2a' 1 | constexpr const short f() { return 1.2345 * 0 / 01e9; try { enum s { } a[] = { 0 };; __attribute__ ((noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } | ^~~ crash1.cc:1:208: warning: division by zero [-Wdiv-by-zero] 1 | constexpr const short f() { return 1.2345 * 0 / 01e9; try { enum s { } a[] = { 0 };; __attribute__ ((noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } | ~~^~~~ crash1.cc:1:252: error: redeclaration of 'auto x' [-fpermissive] 1 | n 1.2345 * 0 / 01e9; try { enum s { } a[] = { 0 };; __attribute__ ((noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } | ^ crash1.cc:1:242: note: 'int x' previously declared here 1 | () { return 1.2345 * 0 / 01e9; try { enum s { } a[] = { 0 };; __attribute__ ((noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } | ^ crash1.cc:1:322: error: types may not be defined in parameter types 1 | (noinline(2))); a || -1ULL; } catch (int x) { int a[] = { 0 }; struct s { }; struct t: s {} ; try { (x %= 0); (x == 0); l:; } catch (int x) { auto x = f(); struct s {}; struct l: s {} t; 0 - 0; 0 + 0; } [] ( union s {} ) {};f; (sizeof(x) == __builtin_popcount(x)); if (sizeof ((void) sizeof(char[1 - 2 * x]))) { register const ; extern void; ; asm("" : "=a"(x), "=d"(x) : "r" (x), "0" (x), "1" (x)); void; } else { for (unsigned int i = f(); i < .1; i++) { for (unsigned int i = (x == 0); i < &&l; i++) { ; __builtin_inf(); __builtin_alloca(1); alignof(x); ; class s { } ; asm volatile ("" : : : ); ; }; int a[] = {};; x; ; class s { } ; const ; x; ~-1 - 0; }; 0 << 0 >> 0; &f; s; __builtin_constant_p(2); ;; struct s restrict ; struct t: s {} ; }; } class &&l { } ;; } void T( int *x) { f(); } | ^ g++-10: internal compiler error: Segmentation fault signal terminated program cc1plus Please submit a full bug report, with preprocessed source if appropriate. See <file:///usr/share/doc/gcc-10/README.Bugs> for instructions. --- g++-10 crash log ends ---
Thank you for the report. Actually, it's an invalid code and we do have a lot of error recovery ICEs. Or do you have an original test-case that is a valid C++ code?
(In reply to Martin Liška from comment #1) > Thank you for the report. Actually, it's an invalid code and we do have a > lot of error recovery ICEs. > Or do you have an original test-case that is a valid C++ code? Hi, thanks for your prompt reply. I think I do not have a valid C++ code, as this test-case is generated by fuzzer.
I reduced the test-case, and the simplest test-case should be: --- crash1.cc starts --- constexpr p([](register const signed struct s; --- crash1.cc ends --- The bug is also reproduced on the commit 8d0737d8f4b10bffe0411507ad2dc21ba7679883. Hope it can help. Thanks.
Looks like a dup. *** This bug has been marked as a duplicate of bug 93788 ***