public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/106066] New: crash dump when "-fdump-analyzer" enabled
@ 2022-06-23 18:59 chipitsine at gmail dot com
2022-06-23 19:26 ` [Bug analyzer/106066] " chipitsine at gmail dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: chipitsine at gmail dot com @ 2022-06-23 18:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066
Bug ID: 106066
Summary: crash dump when "-fdump-analyzer" enabled
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: chipitsine at gmail dot com
Target Milestone: ---
reproduce steps (using latest gcc13 from git):
git clone https://github.com/haproxy/haproxy
cd haproxy
export CC=/path/to/latest/gcc13
export ADDITIONAL_CFLAGS="-fanalyzer -fdump-analyzer"
QUICTLS=yes scripts/build-ssl.sh
make -j3 CC=$CC V=1 ERR=1 TARGET=linux-glibc USE_OPENSSL=1 USE_QUIC=1
USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_SYSTEMD=1
ADDLIB="-Wl,-rpath,${HOME}/opt/lib" SSL_LIB=${HOME}/opt/lib
SSL_INC=${HOME}/opt/include DEBUG_CFLAGS="-g ${ADDITIONAL_CFLAGS}"
stacktrace:
during IPA pass: analyzer
src/ev_epoll.c: In function ‘_do_poll’:
src/ev_epoll.c:239:55: internal compiler error: Segmentation fault
239 | ((e & EPOLLERR) ? FD_EV_ERR_RW : 0);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
0xf3ec3f crash_signal
/home/ilia/gcc/gcc-master/gcc/toplev.cc:322
0x101a64c tree_class_check(tree_node*, tree_code_class, char const*, int, char
const*)
/home/ilia/gcc/gcc-master/gcc/tree.h:3638
0x101a64c dump_mem_ref
/home/ilia/gcc/gcc-master/gcc/tree-pretty-print.cc:1700
0x100ff3f dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool)
/home/ilia/gcc/gcc-master/gcc/tree-pretty-print.cc:2061
0x1011554 dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool)
/home/ilia/gcc/gcc-master/gcc/tree-pretty-print.cc:2425
0x1014d46 dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool)
/home/ilia/gcc/gcc-master/gcc/tree-pretty-print.cc:2910
0x12faef9 ana::dump_tree(pretty_printer*, tree_node*)
/home/ilia/gcc/gcc-master/gcc/analyzer/region-model.cc:87
0x12faef9 ana::dump_quoted_tree(pretty_printer*, tree_node*)
/home/ilia/gcc/gcc-master/gcc/analyzer/region-model.cc:97
0x12ed6f9 ana::sm_state_map::print(ana::region_model const*, bool, bool,
pretty_printer*) const
/home/ilia/gcc/gcc-master/gcc/analyzer/program-state.cc:242
0x12ef45e ana::program_state::dump_to_pp(ana::extrinsic_state const&, bool,
bool, pretty_printer*) const
/home/ilia/gcc/gcc-master/gcc/analyzer/program-state.cc:901
0x12f0283 ana::program_state::detect_leaks(ana::program_state const&,
ana::program_state const&, ana::svalue const*, ana::extrinsic_state const&,
ana::region_model_context*)
/home/ilia/gcc/gcc-master/gcc/analyzer/program-state.cc:1366
0x12f0986 ana::program_state::prune_for_point(ana::exploded_graph&,
ana::program_point const&, ana::exploded_node*, ana::uncertainty_t*) const
/home/ilia/gcc/gcc-master/gcc/analyzer/program-state.cc:1214
0x12de456 ana::exploded_graph::process_node(ana::exploded_node*)
/home/ilia/gcc/gcc-master/gcc/analyzer/engine.cc:3822
0x12df0fa ana::exploded_graph::process_worklist()
/home/ilia/gcc/gcc-master/gcc/analyzer/engine.cc:3240
0x12e1467 ana::impl_run_checkers(ana::logger*)
/home/ilia/gcc/gcc-master/gcc/analyzer/engine.cc:5832
0x12e2295 ana::run_checkers()
/home/ilia/gcc/gcc-master/gcc/analyzer/engine.cc:5906
0x12d1c48 execute
/home/ilia/gcc/gcc-master/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/106066] crash dump when "-fdump-analyzer" enabled
2022-06-23 18:59 [Bug analyzer/106066] New: crash dump when "-fdump-analyzer" enabled chipitsine at gmail dot com
@ 2022-06-23 19:26 ` chipitsine at gmail dot com
2022-06-24 16:36 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: chipitsine at gmail dot com @ 2022-06-23 19:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066
--- Comment #1 from Илья Шипицин <chipitsine at gmail dot com> ---
another crash using "-fanalyzer-verbose-state-changes"
stacktrace
during IPA pass: analyzer
src/ssl_crtlist.c:523:17: internal compiler error: Segmentation fault
523 | entry = crtlist_entry_new();
| ^~~~~
0xf3ec3f crash_signal
/home/ilia/gcc/gcc-master/gcc/toplev.cc:322
0x950028 c_tree_printer
/home/ilia/gcc/gcc-master/gcc/c/c-objc-common.cc:305
0x1eea9ef pp_format(pretty_printer*, text_info*)
/home/ilia/gcc/gcc-master/gcc/pretty-print.cc:1475
0x1e65b58 make_label_text(bool, char const*, ...)
/home/ilia/gcc/gcc-master/gcc/analyzer/analyzer.cc:439
0x1e6afc0 ana::state_change_event::get_desc(bool) const
/home/ilia/gcc/gcc-master/gcc/analyzer/checker-path.cc:409
0x1e68232 ana::checker_event::prepare_for_emission(ana::checker_path*,
ana::pending_diagnostic*, diagnostic_event_id_t)
/home/ilia/gcc/gcc-master/gcc/analyzer/checker-path.cc:237
0x1e8622f ana::checker_path::prepare_for_emission(ana::pending_diagnostic*)
/home/ilia/gcc/gcc-master/gcc/analyzer/checker-path.h:652
0x1e8622f ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph
const&, ana::saved_diagnostic const&)
/home/ilia/gcc/gcc-master/gcc/analyzer/diagnostic-manager.cc:1396
0x1e8a0d3 ana::dedupe_winners::emit_best(ana::diagnostic_manager*,
ana::exploded_graph const&)
/home/ilia/gcc/gcc-master/gcc/analyzer/diagnostic-manager.cc:1296
0x1e8677c ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph
const&)
/home/ilia/gcc/gcc-master/gcc/analyzer/diagnostic-manager.cc:1348
0x12e148a ana::impl_run_checkers(ana::logger*)
/home/ilia/gcc/gcc-master/gcc/analyzer/engine.cc:5846
0x12e230e ana::run_checkers()
/home/ilia/gcc/gcc-master/gcc/analyzer/engine.cc:5906
0x12d1c48 execute
/home/ilia/gcc/gcc-master/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/106066] crash dump when "-fdump-analyzer" enabled
2022-06-23 18:59 [Bug analyzer/106066] New: crash dump when "-fdump-analyzer" enabled chipitsine at gmail dot com
2022-06-23 19:26 ` [Bug analyzer/106066] " chipitsine at gmail dot com
@ 2022-06-24 16:36 ` dmalcolm at gcc dot gnu.org
2022-06-24 16:37 ` dmalcolm at gcc dot gnu.org
2022-06-24 16:55 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-24 16:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2022-06-24
Ever confirmed|0 |1
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this bug.
I can reproduce both crashes with trunk.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/106066] crash dump when "-fdump-analyzer" enabled
2022-06-23 18:59 [Bug analyzer/106066] New: crash dump when "-fdump-analyzer" enabled chipitsine at gmail dot com
2022-06-23 19:26 ` [Bug analyzer/106066] " chipitsine at gmail dot com
2022-06-24 16:36 ` dmalcolm at gcc dot gnu.org
@ 2022-06-24 16:37 ` dmalcolm at gcc dot gnu.org
2022-06-24 16:55 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-24 16:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Minimal reproducer for crash in comment #0 (crash in dump_mem_ref seen with
_do_poll:
struct s {
unsigned int f;
};
int use(unsigned int);
static struct s *arr;
void test(int n) {
int i;
for (i = 0; i < n; i++) {
unsigned int n, e;
e = arr[i].f;
n = e ? 42 : 0;
use(n);
}
}
$ ./xgcc -B. -fanalyzer -fdump-analyzer -O1
../../src/gcc/testsuite/gcc.dg/analyzer/pr106066.c
during IPA pass: analyzer
../../src/gcc/testsuite/gcc.dg/analyzer/pr106066.c:12:16: internal compiler
error: Segmentation fault
12 | n = e ? 42 : 0;
| ~~~~~~~^~~
0x13fac05 crash_signal
../../src/gcc/toplev.cc:322
0xa3c54f tree_class_check(tree_node*, tree_code_class, char const*, int, char
const*)
../../src/gcc/tree.h:3638
0x15428d7 dump_mem_ref
../../src/gcc/tree-pretty-print.cc:1700
0x1544ce3 dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool)
../../src/gcc/tree-pretty-print.cc:2061
0x1547439 dump_generic_node(pretty_printer*, tree_node*, int, dump_flag, bool)
../../src/gcc/tree-pretty-print.cc:2425
0x19af603 ana::dump_tree(pretty_printer*, tree_node*)
../../src/gcc/analyzer/region-model.cc:87
0x19af646 ana::dump_quoted_tree(pretty_printer*, tree_node*)
../../src/gcc/analyzer/region-model.cc:97
0x199d935 ana::sm_state_map::print(ana::region_model const*, bool, bool,
pretty_printer*) const
../../src/gcc/analyzer/program-state.cc:240
0x199fa94 ana::program_state::dump_to_pp(ana::extrinsic_state const&, bool,
bool, pretty_printer*) const
../../src/gcc/analyzer/program-state.cc:899
0x19761d5 ana::exploded_graph::get_or_create_node(ana::program_point const&,
ana::program_state const&, ana::exploded_node*)
../../src/gcc/analyzer/engine.cc:2584
0x1978504
ana::exploded_graph::maybe_process_run_of_before_supernode_enodes(ana::exploded_node*)
../../src/gcc/analyzer/engine.cc:3447
0x1977706 ana::exploded_graph::process_worklist()
../../src/gcc/analyzer/engine.cc:3113
0x197d252 ana::impl_run_checkers(ana::logger*)
../../src/gcc/analyzer/engine.cc:5833
0x197d66b ana::run_checkers()
../../src/gcc/analyzer/engine.cc:5907
0x1970646 execute
../../src/gcc/analyzer/analyzer-pass.cc:88
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/106066] crash dump when "-fdump-analyzer" enabled
2022-06-23 18:59 [Bug analyzer/106066] New: crash dump when "-fdump-analyzer" enabled chipitsine at gmail dot com
` (2 preceding siblings ...)
2022-06-24 16:37 ` dmalcolm at gcc dot gnu.org
@ 2022-06-24 16:55 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-24 16:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106066
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to David Malcolm from comment #2)
> Thanks for filing this bug.
>
> I can reproduce both crashes with trunk.
Correction: for src/ssl_crtlist.c I'm seeing the same crash as in comment #0
(in dump_mem_ref), rather than in c_tree_printer.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-06-24 16:55 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-23 18:59 [Bug analyzer/106066] New: crash dump when "-fdump-analyzer" enabled chipitsine at gmail dot com
2022-06-23 19:26 ` [Bug analyzer/106066] " chipitsine at gmail dot com
2022-06-24 16:36 ` dmalcolm at gcc dot gnu.org
2022-06-24 16:37 ` dmalcolm at gcc dot gnu.org
2022-06-24 16:55 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).