[Bug analyzer/105074] New: [12 Regression] -fanalyzer ICEs on gnutls-3.7.3: cgraph_node::get_edge(gimple*) SIGSEGV

slyfox at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Mon Mar 28 07:42:03 GMT 2022 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105074

            Bug ID: 105074
           Summary: [12 Regression] -fanalyzer ICEs on gnutls-3.7.3:
                    cgraph_node::get_edge(gimple*) SIGSEGV
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: slyfox at gcc dot gnu.org
  Target Milestone: ---

Initially observed ICE when built gnutls-3.7.3 on this week's gcc. Here is the
minimal reproducer:

$ cat cert-session.c
// gcc-12.0.0 -O2 -fanalyzer -o a.o  cert-session.c
void _gnutls_log(const char *);
static void _gnutls_ocsp_verify_mandatory_stapling(void) {
  _gnutls_log(__func__);
}
void check_ocsp_response_gnutls_x509_cert_verify_peers(void) {
  _gnutls_ocsp_verify_mandatory_stapling();
}

$ /tmp/gb/gcc/xgcc -B/tmp/gb/gcc -O2 -fanalyzer -c cert-session.c
during IPA pass: analyzer
In function ‘_gnutls_ocsp_verify_mandatory_stapling’,
    inlined from ‘check_ocsp_response_gnutls_x509_cert_verify_peers’ at
cert-session.c:7:3:
cert-session.c:4:3: internal compiler error: Segmentation fault
    4 |   _gnutls_log(__func__);
      |   ^~~~~~~~~~~~~~~~~~~~~
0xdd6bc3 crash_signal
        /home/slyfox/dev/git/gcc/gcc/toplev.cc:322
0x8a8120 cgraph_node::get_edge(gimple*)
        /home/slyfox/dev/git/gcc/gcc/cgraph.cc:744
0x121059c ipa_ref_requires_tracking
        /home/slyfox/dev/git/gcc/gcc/analyzer/region.cc:1192
0x121059c symnode_requires_tracking_p
        /home/slyfox/dev/git/gcc/gcc/analyzer/region.cc:1235
0x121059c ana::decl_region::calc_tracked_p(tree_node*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region.cc:1254
0x1234786 ana::decl_region::decl_region(unsigned int, ana::region const*,
tree_node*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region.h:652
0x1234786 ana::region_model_manager::get_region_for_global(tree_node*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model-manager.cc:1339
0x1216889 ana::region_model::get_lvalue_1(ana::path_var,
ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2068
0x1216ad4 ana::region_model::get_lvalue(ana::path_var,
ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2136
0x1216b44 ana::region_model::get_lvalue(tree_node*, ana::region_model_context*)
const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2147
0x1216f7c ana::region_model::get_rvalue_1(ana::path_var,
ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2170
0x1217997 ana::region_model::get_rvalue(ana::path_var,
ana::region_model_context*) const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2270
0x1217a14 ana::region_model::get_rvalue(tree_node*, ana::region_model_context*)
const
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:2285
0x121d3a7 ana::region_model::handle_unrecognized_call(gcall const*,
ana::region_model_context*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:1772
0x121d81d ana::region_model::on_call_post(gcall const*, bool,
ana::region_model_context*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/region-model.cc:1576
0x11ef18c ana::exploded_node::on_stmt_post(gimple const*, ana::program_state*,
bool, ana::region_model_context*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:1450
0x11f56a7 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*,
ana::path_context*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:1387
0x11f8dad ana::exploded_graph::process_node(ana::exploded_node*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:3756
0x11f90ad ana::exploded_graph::process_worklist()
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:3198
0x11fb201 ana::impl_run_checkers(ana::logger*)
        /home/slyfox/dev/git/gcc/gcc/analyzer/engine.cc:5777
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

$ /tmp/gb/gcc/xgcc -B/tmp/gb/gcc -v |& unnix
Reading specs from /tmp/gb/gcc/specs
COLLECT_GCC=/tmp/gb/gcc/xgcc
COLLECT_LTO_WRAPPER=/tmp/gb/gcc/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /home/slyfox/dev/git/gcc/configure --disable-multilib
--disable-bootstrap
--with-native-system-header-dir=/<<NIX>>/glibc-2.33-117-dev/include
--prefix=/tmp/gb/__td__ CFLAGS='-O1 -ggdb3' CXXFLAGS='-O1 -ggdb3' LDFLAGS='-O1
-ggdb3'
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.0.1 20220328 (experimental) (GCC)

More information about the Gcc-bugs mailing list