https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118814
Bug ID: 118814
Summary: -Warray-bounds causes internal compiler error:
Segmentation fault during GIMPLE pass: vrp
Product: gcc
Version: 14.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: lukeshu at lukeshu dot com
Target Milestone: ---
System / GCC version / GCC options:
$ /usr/bin/gcc -v
Using built-in specs.
COLLECT_GCC=/bin/gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-pc-linux-gnu/14.2.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /build/gcc/src/gcc/configure
--enable-languages=ada,c,c++,d,fortran,go,lto,m2,objc,obj-c++,rust
--enable-bootstrap --prefix=/usr --libdir=/usr/lib --libexecdir=/usr/lib
--mandir=/usr/share/man --infodir=/usr/share/info
--with-bugurl=https://gitlab.archlinux.org/archlinux/packaging/packages/gcc/-/issues
--with-build-config=bootstrap-lto --with-linker-hash-style=gnu
--with-system-zlib --enable-__cxa_atexit --enable-cet=auto
--enable-checking=release --enable-clocale=gnu --enable-default-pie
--enable-default-ssp --enable-gnu-indirect-function --enable-gnu-unique-object
--enable-libstdcxx-backtrace --enable-link-serialization=1
--enable-linker-build-id --enable-lto --enable-multilib --enable-plugin
--enable-shared --enable-threads=posix --disable-libssp --disable-libstdcxx-pch
--disable-werror
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 14.2.1 20250207 (GCC)
Reproducer source code:
struct inner {};
struct outer {
struct inner self;
int members[];
};
static struct outer *root = &(struct outer){
.members = {0},
};
struct inner *get_root(void) {
return &root->self;
}
Reproducer command and output:
$ /usr/bin/gcc -O3 -Warray-bounds=1 -o bug.o -c bug.c
during GIMPLE pass: vrp
bug.c: In function ‘get_root’:
bug.c:13:15: internal compiler error: Segmentation fault
13 | struct inner *get_root(void) {
| ^~~~~~~~
0x1f93416 internal_error(char const*, ...)
???:0
0x106f234 tree_to_poly_int64(tree_node const*)
???:0
0x10bf1be component_ref_size(tree_node*, special_array_member*)
???:0
0xe5a847 decl_init_size(tree_node*, bool)
???:0
0xc89c96 compute_objsize(tree_node*, gimple*, int, access_ref*,
pointer_query*)
???:0
0xc89e0e pointer_query::get_ref(tree_node*, gimple*, access_ref*, int)
???:0
0x1c90a69 array_bounds_checker::check_mem_ref(unsigned int, tree_node*,
bool)
???:0
0x1c91548 array_bounds_checker::check_addr_expr(unsigned int, tree_node*,
gimple*)
???:0
0x1c91760 array_bounds_checker::check_array_bounds(tree_node**, int*,
void*)
???:0
0x10ad639 walk_tree_1(tree_node**, tree_node* (*)(tree_node**, int*,
void*), void*, hash_set<tree_node*, false, default_hash_traits<tree_node*> >*,
tree_node* (*)(tree_node**, int*, tree_node* (*)(tree_node**, int*, void*),
void*, hash_set<tree_node*, false, default_hash_traits<tree_node*> >*))
???:0
0xa3c630 walk_gimple_op(gimple*, tree_node* (*)(tree_node**, int*, void*),
walk_stmt_info*)
???:0
0x1c7fdf5
check_array_bounds_dom_walker::before_dom_children(basic_block_def*)
???:0
0x1c6ed0f dom_walker::walk(basic_block_def*)
???:0
0x10a3b6e execute_ranger_vrp(function*, bool, bool)
???:0
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See
<https://gitlab.archlinux.org/archlinux/packaging/packages/gcc/-/issues> for
instructions.
