From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 94B4C384B0C1; Tue, 21 Apr 2020 12:10:37 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 94B4C384B0C1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
 s=default; t=1587471037;
 bh=qLP9Hzsm81qE/fqunfkg5afIveQ1KVjJePrb1sPBeSY=;
 h=From:To:Subject:Date:From;
 b=TKeX8o1nE3h3PxtS3Vy80ZTrmDQT7JK+7ZlPkrLv19vWLx0rwJAVli4jq9hK2kzNR
 PX9SpzhSwBKRclNQHqm2zLeYqBbVt2ik6V+MBLrv1olIt09m+YGNwa/A5vv2hmm2gN
 VY9h0KurcerQZa+wYytW9nEOMcoiiXKSk8bKbfHA=
From: "pmatos at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/94688] New: ice caused by analyzer
Date: Tue, 21 Apr 2020 12:10:37 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: unknown
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: pmatos at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-94688-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <http://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <http://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 12:10:37 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D94688

            Bug ID: 94688
           Summary: ice caused by analyzer
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: pmatos at gcc dot gnu.org
  Target Milestone: ---

While reducing a testcase for a separate bug I found an analyzer ice.

///
a, b;
c() { d((void (*)()) & a + b); }
///=20

Compiled with todays (2020.04.21) head:
  gcc -O2 -g -fanalyzer  -Wall   -I./.. -I./../include -I./../../rktio
-I../../rktio -pthread -I/usr/lib64/libffi/include   -DUSE_SENORA_GC    -c
foreign.i -o foreign.o
foreign.i:1:1: warning: data definition has no type or storage class
    1 | a, b;
      | ^
foreign.i:1:1: warning: type defaults to 'int' in declaration of 'a'
[-Wimplicit-int]
foreign.i:1:4: warning: type defaults to 'int' in declaration of 'b'
[-Wimplicit-int]
    1 | a, b;
      |    ^
foreign.i:2:1: warning: return type defaults to 'int' [-Wimplicit-int]
    2 | c() { d((void (*)()) & a + b); }
      | ^
foreign.i: In function 'c':
foreign.i:2:7: warning: implicit declaration of function 'd'
[-Wimplicit-function-declaration]
    2 | c() { d((void (*)()) & a + b); }
      |       ^
foreign.i:2:32: warning: control reaches end of non-void function
[-Wreturn-type]
    2 | c() { d((void (*)()) & a + b); }
      |                                ^
during IPA pass: analyzer
foreign.i:2:7: internal compiler error: in get_or_create_mem_ref, at
analyzer/region-model.cc:6969
    2 | c() { d((void (*)()) & a + b); }
      |       ^
0x763ce6 ana::region_model::get_or_create_mem_ref(tree_node*, ana::svalue_i=
d,
ana::svalue_id, ana::region_model_context*)
        ../../gcc/gcc/analyzer/region-model.cc:6969
0x11c9585 ana::region_model::get_or_create_pointer_plus_expr(tree_node*,
ana::svalue_id, ana::svalue_id, ana::region_model_context*)
        ../../gcc/gcc/analyzer/region-model.cc:7058
0x11c9585 ana::region_model::on_assignment(gassign const*,
ana::region_model_context*)
        ../../gcc/gcc/analyzer/region-model.cc:4237
0x119bee2 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::state_change*) const
        ../../gcc/gcc/analyzer/engine.cc:1019
0x119c841 ana::exploded_graph::process_node(ana::exploded_node*)
        ../../gcc/gcc/analyzer/engine.cc:2530
0x119ccb2 ana::exploded_graph::process_worklist()
        ../../gcc/gcc/analyzer/engine.cc:2348
0x119f07e ana::impl_run_checkers(ana::logger*)
        ../../gcc/gcc/analyzer/engine.cc:4029
0x11a0a7c ana::run_checkers()
        ../../gcc/gcc/analyzer/engine.cc:4097
0x1194808 execute
        ../../gcc/gcc/analyzer/analyzer-pass.cc:84
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.



However without the -fanalyzer flag it compiles and returns exit code 0.=