https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114408
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to work| |12.3.0
Target Milestone|--- |13.3
Assignee|unassigned at gcc dot gnu.org |dmalcolm at gcc dot
gnu.org
Summary|ICE when invoking strcmp |[13/14 Regression] ICE when
|multiple times with |invoking strcmp multiple
|-fsanitize=undefined -O1 |times with
|-fanalyzer -flto |-fsanitize=undefined -O1
| |-fanalyzer -flto
CC| |dmalcolm at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Known to fail| |13.2.1
Component|ipa |analyzer
Ever confirmed|0 |1
Last reconfirmed| |2024-03-21
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
Confirmed also with GCC 13, works with GCC 12.
The diagnostic is because of UBSAN instrumentation, it's already visible
without -flto.
The issue with the ICE is likely that the sanitizer computes dominance info at
IPA time but fails to release it?
I see in sm-malloc.cc:
/* Reject the warning if the deref's BB doesn't dominate that
of the check, so that we don't warn e.g. for shared cleanup
code that checks a pointer for NULL, when that code is sometimes
used before a deref and sometimes after.
Using the dominance code requires setting cfun. */
auto_cfun sentinel (m_deref_enode->get_function ());
calculate_dominance_info (CDI_DOMINATORS);
if (!dominated_by_p (CDI_DOMINATORS,
m_check_enode->get_supernode ()->m_bb,
m_deref_enode->get_supernode ()->m_bb))
return false;
return ctxt.warn ("check of %qE for NULL after already"
" dereferencing it",
m_arg);
but no free_dominance_info anywhere. It would of course be quite expensive
to re-compute all dominance info every time here, so analyzer needs to
loop over all functions releasing dominance info when done.
