[Bug analyzer/93544] New: ICE in get_lvalue_1, at analyzer/region-model.cc:4613

asolokha at gmx dot com gcc-bugzilla@gcc.gnu.org
Mon Feb 3 04:12:00 GMT 2020 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93544

            Bug ID: 93544
           Summary: ICE in get_lvalue_1, at analyzer/region-model.cc:4613
           Product: gcc
           Version: 10.0
            Status: UNCONFIRMED
          Keywords: ice-on-invalid-code
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: asolokha at gmx dot com
  Target Milestone: ---

gcc-10.0.1-alpha20200202 snapshot (g:b817be038d94c987e02c26ed2d81b6f2ebb5f97a)
ICEs when compiling the following testcase w/ -O1 -fanalyzer:

int ja;

int *
qd (void);

void
lk (void)
{
  int *bs, *dx;

  bs = dx = !!ja ? qd () : 0;

  __builtin_free (dx);
  __builtin_free (bs);
}

% gcc-10.0.1 -O1 -fanalyzer -c ui5dzqbe.c
during IPA pass: analyzer
ui5dzqbe.c:13:3: internal compiler error: in get_lvalue_1, at
analyzer/region-model.cc:4613
   13 |   __builtin_free (dx);
      |   ^~~~~~~~~~~~~~~~~~~
0x71dc18 ana::region_model::get_lvalue_1(ana::path_var,
ana::region_model_context*)
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/region-model.cc:4613
0x1104933 ana::region_model::get_lvalue(ana::path_var,
ana::region_model_context*)
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/region-model.cc:4720
0x17afff5 get_any_origin
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/diagnostic-manager.cc:539
0x17afff5 get_any_origin
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/diagnostic-manager.cc:525
0x17b24f7 ana::diagnostic_manager::prune_for_sm_diagnostic(ana::checker_path*,
ana::state_machine const*, tree_node*, unsigned int) const
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/diagnostic-manager.cc:1009
0x17b271e ana::diagnostic_manager::prune_path(ana::checker_path*,
ana::state_machine const*, tree_node*, unsigned int) const
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/diagnostic-manager.cc:940
0x17b28ce ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph
const&, ana::saved_diagnostic const&, ana::exploded_path const&, gimple const*,
int)
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/diagnostic-manager.cc:479
0x17b47dd ana::dedupe_winners::emit_best(ana::diagnostic_manager*,
ana::exploded_graph const&)
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/diagnostic-manager.cc:410
0x17b2c62 ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph
const&)
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/diagnostic-manager.cc:453
0x10e6ade ana::impl_run_checkers(ana::logger*)
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/engine.cc:3566
0x10e755c ana::run_checkers()
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/engine.cc:3609
0x10dd178 execute
       
/var/tmp/portage/sys-devel/gcc-10.0.1_alpha20200202/work/gcc-10-20200202/gcc/analyzer/analyzer-pass.cc:84

(BTW, w/o -O1 the analysis seems to be wrong in that double-free happens
following "false" branch, but that's a different issue.)

More information about the Gcc-bugs mailing list