https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119787
Bug ID: 119787
Summary: internal compiler error: in build2, at tree.cc:5093
Product: gcc
Version: 14.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: collin.funk1 at gmail dot com
Target Milestone: ---
Created attachment 61099
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=61099&action=edit
preprocessed source dump
I see the following crash in the analyzer pass:
CC src/numfmt.o
during IPA pass: analyzer
src/numfmt.c: In function 'unit_to_umax':
src/numfmt.c:842:53: internal compiler error: in build2, at tree.cc:5093
842 | if (*end == 'i' && 2 <= n_len && ! c_isdigit (*(end - 1)))
| ^~~~~~~~~~
Please submit a full bug report, with preprocessed source.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
Preprocessed source stored into /tmp/cchQhziJ.out file, please attach this to
your bugreport.
Here is my GCC version:
$ gcc --version | sed 1q
gcc (GCC) 14.2.1 20250110 (Red Hat 14.2.1-7)
Here is steps to reproduce:
$ git clone https://git.savannah.gnu.org/git/coreutils.git
$ cd coreutils
$ git checkout
$ ./bootstrap
$ ./configure CFLAGS='-O2 -g -fanalyzer -Wall -Warith-conversion
-Wcast-align=strict -Wdate-time -Wdisabled-optimization -Wduplicated-cond
-Wextra -Wformat-signedness -Winit-self -Winvalid-pch -Wlogical-op
-Wmissing-include-dirs -Wnull-dereference -Wopenmp-simd -Woverlength-strings
-Wpacked -Wpointer-arith -Wstrict-overflow -Wsuggest-attribute=format
-Wsuggest-final-methods -Wsuggest-final-types -Wsync-nand -Wsystem-headers
-Wtrampolines -Wuninitialized -Wunknown-pragmas -Wunsafe-loop-optimizations
-Wvariadic-macros -Wvector-operation-performance -Wwrite-strings
-Warray-bounds=2 -Wattribute-alias=2 -Wformat-overflow=2 -Wformat=2
-Wformat-truncation=2 -Wimplicit-fallthrough=5 -Wshift-overflow=2
-Wunused-const-variable=2 -Wvla-larger-than=4031 -Wno-empty-body
-Wno-analyzer-double-fclose -Wno-analyzer-double-free
-Wno-analyzer-free-of-non-heap -Wno-analyzer-malloc-leak
-Wno-analyzer-null-argument -Wno-analyzer-null-dereference
-Wno-analyzer-use-after-free -Wno-attribute-warning -Wno-cast-align
-Wno-clobbered -Wno-format-nonliteral -Wno-sign-compare -Wno-type-limits
-Wno-unused-parameter -Wnested-externs -Wshadow=local'
$ find . -name 'Makefile' | xargs sed -i -e 's/-Werror//g'
$ make
I am not familiar with the analyzer, but here is the assertion that fails in
build2 of tree.cc:
if ((code == MINUS_EXPR || code == PLUS_EXPR || code == MULT_EXPR)
&& arg0 && arg1 && tt && POINTER_TYPE_P (tt)
/* When sizetype precision doesn't match that of pointers
we need to be able to build explicit extensions or truncations
of the offset argument. */
&& TYPE_PRECISION (sizetype) == TYPE_PRECISION (tt))
gcc_assert (TREE_CODE (arg0) == INTEGER_CST
&& TREE_CODE (arg1) == INTEGER_CST);
This assertion is satisfied in the other passes by the following in
expand_expr_real_2 of expr.cc:
case POINTER_PLUS_EXPR:
/* Even though the sizetype mode and the pointer's mode can be different
expand is able to handle this correctly and get the correct result out
of the PLUS_EXPR code. */
/* Make sure to sign-extend the sizetype offset in a POINTER_PLUS_EXPR
if sizetype precision is smaller than pointer precision. */
if (TYPE_PRECISION (sizetype) < TYPE_PRECISION (type))
treeop1 = fold_convert_loc (loc, type,
fold_convert_loc (loc, ssizetype,
treeop1));
/* If sizetype precision is larger than pointer precision, truncate the
offset to have matching modes. */
else if (TYPE_PRECISION (sizetype) > TYPE_PRECISION (type))
treeop1 = fold_convert_loc (loc, type, treeop1);
So I assume the type conversion is missing somewhere in the analyzer?
