http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60914
--- Comment #3 from Zdenek Sojka <zsojka at seznam dot cz> --- (In reply to ctice from comment #2) > Running your tests, I get a different ICE: > > gcc-fsf-root/usr/local/bin/gcc -O -flto -fvtable-verify=preinit pr59437.C > pr59437.C: In function ‘_GLOBAL__sub_I.00099_cout’: > pr59437.C:24:1: internal compiler error: Segmentation fault > } > ^ > 0xd6bfc1 crash_signal > ../../gcc-fsf.clean/gcc/toplev.c:337 > 0x8a8ea5 bitmap_obstack_free(bitmap_head*) > ../../gcc-fsf.clean/gcc/bitmap.c:408 > 0xdb3a83 cleanup_tree_cfg_1 > ../../gcc-fsf.clean/gcc/tree-cfgcleanup.c:698 > 0xdb3ae8 cleanup_tree_cfg_noloop > ../../gcc-fsf.clean/gcc/tree-cfgcleanup.c:731 > 0xdb3bf5 cleanup_tree_cfg() > ../../gcc-fsf.clean/gcc/tree-cfgcleanup.c:786 > 0xc7a8dc execute_function_todo > ../../gcc-fsf.clean/gcc/passes.c:1741 > 0xc79cd8 do_per_function > ../../gcc-fsf.clean/gcc/passes.c:1504 > 0xc7ab37 execute_todo > ../../gcc-fsf.clean/gcc/passes.c:1817 > Please submit a full bug report, > with preprocessed source if appropriate. > Please include the complete backtrace with any bug report. > See <http://gcc.gnu.org/bugs.html> for instructions. > > > I will investigate this, but I am concerned that I cannot seem to reproduce > your problem? I see the error only when run under valgrind: $ g++ /mnt/svn/gcc-trunk/gcc/testsuite/g++.dg/ubsan/pr59437.C -fvtable-verify=std -flto -c -wrapper valgrind,-q ==13523== Invalid write of size 8 ==13523== at 0x8B9421: bitmap_obstack_alloc_stat(bitmap_obstack*) (bitmap.h:277) ==13523== by 0xD5B512: (anonymous namespace)::pass_build_ssa::execute(function*) (tree-into-ssa.c:2234) ==13523== by 0xBFDAD1: execute_one_pass(opt_pass*) (passes.c:2163) ==13523== by 0xBFDDC5: execute_pass_list(opt_pass*) (passes.c:2216) ==13523== by 0x93B4FE: cgraph_process_new_functions() [clone .part.42] (cgraphunit.c:338) ==13523== by 0x845696: vtv_generate_init_routine() (vtable-class-hierarchy.c:1191) ==13523== by 0x721F8D: cp_write_global_declarations() (decl2.c:4628) ==13523== by 0xCF18CC: compile_file() (toplev.c:562) ==13523== by 0xCF389F: toplev_main(int, char**) (toplev.c:1914) ==13523== by 0x5A46BF4: (below main) (in /lib64/libc-2.17.so) ==13523== Address 0x686ebb0 is 96 bytes inside a block of size 4,064 free'd ==13523== at 0x4C2B57C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13523== by 0x5AA8144: obstack_free (in /lib64/libc-2.17.so) ==13523== by 0x93AC12: analyze_function(cgraph_node*) (cgraphunit.c:665) ==13523== by 0x93B4BF: cgraph_process_new_functions() [clone .part.42] (cgraphunit.c:334) ==13523== by 0x845696: vtv_generate_init_routine() (vtable-class-hierarchy.c:1191) ==13523== by 0x721F8D: cp_write_global_declarations() (decl2.c:4628) ==13523== by 0xCF18CC: compile_file() (toplev.c:562) ==13523== by 0xCF389F: toplev_main(int, char**) (toplev.c:1914) ==13523== by 0x5A46BF4: (below main) (in /lib64/libc-2.17.so) ==13523== ... and 100s of other similar errors. Due to the nature of the bug, writing to an already free'd memory, the bug may end in a SIGSEGV, glibc reported memory corruption, any random-looking ICE, or it may not cause any error at all.
