public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/113509] New: ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes
@ 2024-01-19 20:57 zsojka at seznam dot cz
2024-01-30 18:51 ` [Bug analyzer/113509] " dmalcolm at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: zsojka at seznam dot cz @ 2024-01-19 20:57 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113509
Bug ID: 113509
Summary: ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341)
with -fanalyzer -fanalyzer-verbose-state-changes
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Created attachment 57165
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57165&action=edit
auto-reduced testcase
Compiler output:
$ x86_64-pc-linux-gnu-gcc -fanalyzer -fanalyzer-verbose-state-changes
cryptlib.i -wrapper valgrind,-q
==26950== Invalid read of size 2
==26950== at 0xE46470: c_tree_printer(pretty_printer*, text_info*, char
const*, int, bool, bool, bool, bool*, char const**) (c-objc-common.cc:341)
==26950== by 0x29E8159: pp_format(pretty_printer*, text_info*, urlifier
const*) (pretty-print.cc:1704)
==26950== by 0x290686B: make_label_text(bool, char const*, ...)
(analyzer.cc:494)
==26950== by 0x291319E: ana::state_change_event::get_desc(bool) const
(checker-event.cc:464)
==26950== by 0x2911478:
ana::checker_event::prepare_for_emission(ana::checker_path*,
ana::pending_diagnostic*, diagnostic_event_id_t) (checker-event.cc:230)
==26950== by 0x29300F3: prepare_for_emission (checker-path.h:108)
==26950== by 0x29300F3:
ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph const&,
ana::saved_diagnostic&) (diagnostic-manager.cc:1601)
==26950== by 0x2933FC6:
ana::dedupe_winners::emit_best(ana::diagnostic_manager*, ana::exploded_graph
const&) (diagnostic-manager.cc:1472)
==26950== by 0x2930733:
ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph const&)
(diagnostic-manager.cc:1524)
==26950== by 0x1911447: ana::impl_run_checkers(ana::logger*)
(engine.cc:6226)
==26950== by 0x1912326: ana::run_checkers() (engine.cc:6300)
==26950== by 0x1900F98: (anonymous
namespace)::pass_analyzer::execute(function*) (analyzer-pass.cc:87)
==26950== by 0x13CC0EA: execute_one_pass(opt_pass*) (passes.cc:2646)
==26950== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==26950==
during IPA pass: analyzer
cryptlib.i:4:1: internal compiler error: Segmentation fault
4 | }
| ^
0x150de9f crash_signal
/repo/gcc-trunk/gcc/toplev.cc:317
0xe46470 c_tree_printer
/repo/gcc-trunk/gcc/c/c-objc-common.cc:341
0x29e8159 pp_format(pretty_printer*, text_info*, urlifier const*)
/repo/gcc-trunk/gcc/pretty-print.cc:1704
0x290686b make_label_text(bool, char const*, ...)
/repo/gcc-trunk/gcc/analyzer/analyzer.cc:494
0x291319e ana::state_change_event::get_desc(bool) const
/repo/gcc-trunk/gcc/analyzer/checker-event.cc:464
0x2911478 ana::checker_event::prepare_for_emission(ana::checker_path*,
ana::pending_diagnostic*, diagnostic_event_id_t)
/repo/gcc-trunk/gcc/analyzer/checker-event.cc:230
0x29300f3 ana::checker_path::prepare_for_emission(ana::pending_diagnostic*)
/repo/gcc-trunk/gcc/analyzer/checker-path.h:108
0x29300f3 ana::diagnostic_manager::emit_saved_diagnostic(ana::exploded_graph
const&, ana::saved_diagnostic&)
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:1601
0x2933fc6 ana::dedupe_winners::emit_best(ana::diagnostic_manager*,
ana::exploded_graph const&)
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:1472
0x2930733 ana::diagnostic_manager::emit_saved_diagnostics(ana::exploded_graph
const&)
/repo/gcc-trunk/gcc/analyzer/diagnostic-manager.cc:1524
0x1911447 ana::impl_run_checkers(ana::logger*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:6226
0x1912326 ana::run_checkers()
/repo/gcc-trunk/gcc/analyzer/engine.cc:6300
0x1900f98 execute
/repo/gcc-trunk/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r14-8284-20240119180625-g54519030b05-checking-yes-rtl-df-extra-nobootstrap-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/14.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--disable-bootstrap --with-cloog --with-ppl --with-isl
--build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu
--target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r14-8284-20240119180625-g54519030b05-checking-yes-rtl-df-extra-nobootstrap-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 14.0.1 20240119 (experimental) (GCC)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/113509] ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes
2024-01-19 20:57 [Bug analyzer/113509] New: ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes zsojka at seznam dot cz
@ 2024-01-30 18:51 ` dmalcolm at gcc dot gnu.org
2024-01-30 19:11 ` dmalcolm at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-01-30 18:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113509
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Last reconfirmed| |2024-01-30
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Confirmed with trunk; happens here in ana::state_change_event::get_desc due to
var being NULL:
445 /* Append debug version. */
446 if (m_origin)
447 return make_label_text
448 (can_colorize,
449 "%s (state of %qE: %qs -> %qs, origin: %qE, meaning:
%s)",
450 custom_desc.get (),
451 var,
452 m_from->get_name (),
453 m_to->get_name (),
454 origin,
455 pp_formatted_text (&meaning_pp));
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/113509] ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes
2024-01-19 20:57 [Bug analyzer/113509] New: ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes zsojka at seznam dot cz
2024-01-30 18:51 ` [Bug analyzer/113509] " dmalcolm at gcc dot gnu.org
@ 2024-01-30 19:11 ` dmalcolm at gcc dot gnu.org
2024-01-31 1:08 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-01-30 19:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113509
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks; am testing a fix.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/113509] ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes
2024-01-19 20:57 [Bug analyzer/113509] New: ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes zsojka at seznam dot cz
2024-01-30 18:51 ` [Bug analyzer/113509] " dmalcolm at gcc dot gnu.org
2024-01-30 19:11 ` dmalcolm at gcc dot gnu.org
@ 2024-01-31 1:08 ` cvs-commit at gcc dot gnu.org
2024-01-31 13:59 ` dmalcolm at gcc dot gnu.org
2024-02-15 14:29 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-01-31 1:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113509
--- Comment #3 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:18aabe7d203aa1276e6cbacfb3ffc8d8fcb14966
commit r14-8640-g18aabe7d203aa1276e6cbacfb3ffc8d8fcb14966
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue Jan 30 20:06:31 2024 -0500
analyzer: handle null "var" in state_change_event::get_desc [PR113509]
Avoid ICE with -fanalyzer-verbose-state-changes when
region_model::get_representative_tree returns nullptr in
state_change_event::get_desc.
gcc/analyzer/ChangeLog:
PR analyzer/113509
* checker-event.cc (state_change_event::get_desc): Don't assume
"var" is non-NULL.
gcc/testsuite/ChangeLog:
PR analyzer/113509
* c-c++-common/analyzer/stdarg-pr113509.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/113509] ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes
2024-01-19 20:57 [Bug analyzer/113509] New: ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes zsojka at seznam dot cz
` (2 preceding siblings ...)
2024-01-31 1:08 ` cvs-commit at gcc dot gnu.org
@ 2024-01-31 13:59 ` dmalcolm at gcc dot gnu.org
2024-02-15 14:29 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-01-31 13:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113509
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be resolved by the above patch.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/113509] ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes
2024-01-19 20:57 [Bug analyzer/113509] New: ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes zsojka at seznam dot cz
` (3 preceding siblings ...)
2024-01-31 13:59 ` dmalcolm at gcc dot gnu.org
@ 2024-02-15 14:29 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-02-15 14:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113509
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vultkayn at gcc dot gnu.org
--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
*** Bug 110907 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-02-15 14:29 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-19 20:57 [Bug analyzer/113509] New: ICE: SIGSEGV in c_tree_printer (c-objc-common.cc:341) with -fanalyzer -fanalyzer-verbose-state-changes zsojka at seznam dot cz
2024-01-30 18:51 ` [Bug analyzer/113509] " dmalcolm at gcc dot gnu.org
2024-01-30 19:11 ` dmalcolm at gcc dot gnu.org
2024-01-31 1:08 ` cvs-commit at gcc dot gnu.org
2024-01-31 13:59 ` dmalcolm at gcc dot gnu.org
2024-02-15 14:29 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).