* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
@ 2021-10-15 9:47 ` marxin at gcc dot gnu.org
2021-10-15 10:19 ` zhendong.su at inf dot ethz.ch
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-10-15 9:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |INVALID
CC| |marxin at gcc dot gnu.org
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
I think it's invalid code:
gcc-11 pr102769.c -g -fsanitize=address,undefined && ./a.out
=================================================================
==27019==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7fffffffdd00 at pc 0x000000400bfd bp 0x7fffffffdcd0 sp 0x7fffffffdcc8
READ of size 4 at 0x7fffffffdd00 thread T0
#0 0x400bfc in main /home/marxin/Programming/testcases/pr102769.c:5
#1 0x7ffff6a7553f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#2 0x7ffff6a755eb in __libc_start_main_impl ../csu/libc-start.c:409
#3 0x400a44 in _start (/home/marxin/Programming/testcases/a.out+0x400a44)
Address 0x7fffffffdd00 is located in stack of thread T0 at offset 32 in frame
#0 0x400b15 in main /home/marxin/Programming/testcases/pr102769.c:2
This frame has 2 object(s):
[32, 36) 'h' (line 7) <== Memory access at offset 32 is inside this
variable
[48, 128) 'g' (line 3)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope
/home/marxin/Programming/testcases/pr102769.c:5 in main
Shadow bytes around the buggy address:
0x10007fff7b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b90: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x10007fff7ba0:[f8]f2 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
0x10007fff7bb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==27019==ABORTING
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
2021-10-15 9:47 ` [Bug tree-optimization/102769] " marxin at gcc dot gnu.org
@ 2021-10-15 10:19 ` zhendong.su at inf dot ethz.ch
2021-10-15 10:23 ` jakub at gcc dot gnu.org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: zhendong.su at inf dot ethz.ch @ 2021-10-15 10:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #2 from Zhendong Su <zhendong.su at inf dot ethz.ch> ---
Interesting --- it was missed by clang-10 sanitizers and the CompCert
interpreter (a pretty rare occurrence):
[565] % ccomp -interp -fall small.c
small.c:13: warning: implicit declaration of function '__builtin_abort' is
invalid in C99 [-Wimplicit-function-declaration]
small.c:13: warning: '__builtin_abort' is declared without a function prototype
Time 114: program terminated (exit code = 0)
[566] % clang-10 -Xclang -disable-llvm-optzns -w -m64 -O0 -fwrapv -ftrapv
-fsanitize=undefined,address small.c; ./a.out
[567] % clang-10 -pie -fPIE -pie -Xclang -disable-llvm-optzns -w -O0 -m64
-fsanitize=memory small.c; ./a.out
[568] %
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
2021-10-15 9:47 ` [Bug tree-optimization/102769] " marxin at gcc dot gnu.org
2021-10-15 10:19 ` zhendong.su at inf dot ethz.ch
@ 2021-10-15 10:23 ` jakub at gcc dot gnu.org
2021-10-15 10:23 ` marxin at gcc dot gnu.org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-10-15 10:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
It is still UB, the b = &h; happens inside of the scope, then the scope is left
and on a next iteration rentered again and *b dereferenced.
I don't think C/C++ have anything that would special case {}s around body of
the loop, though in most versions of the languages there is an extra for scope
around it.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
` (2 preceding siblings ...)
2021-10-15 10:23 ` jakub at gcc dot gnu.org
@ 2021-10-15 10:23 ` marxin at gcc dot gnu.org
2021-10-15 10:28 ` zhendong.su at inf dot ethz.ch
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-10-15 10:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #4 from Martin Liška <marxin at gcc dot gnu.org> ---
Clang I have (12) reports that as well:
clang-12 pr102769.c -g -fsanitize=address,undefined && ./a.out
/usr/bin/ld: warning: Cannot export local symbol '__asan_extra_spill_area'
=================================================================
==30045==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7fffffffdcd0 at pc 0x0000004cbe5e bp 0x7fffffffdc30 sp 0x7fffffffdc28
READ of size 4 at 0x7fffffffdcd0 thread T0
#0 0x4cbe5d in main /home/marxin/Programming/testcases/pr102769.c:5:19
#1 0x7ffff7cbd53f in __libc_start_call_main
/usr/src/debug/glibc-2.34-2.1.x86_64/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#2 0x7ffff7cbd5eb in __libc_start_main@GLIBC_2.2.5
/usr/src/debug/glibc-2.34-2.1.x86_64/csu/../csu/libc-start.c:409:3
#3 0x41f814 in _start
/home/abuild/rpmbuild/BUILD/glibc-2.34/csu/../sysdeps/x86_64/start.S:116
Address 0x7fffffffdcd0 is located in stack of thread T0 at offset 144 in frame
#0 0x4cbccf in main /home/marxin/Programming/testcases/pr102769.c:2
This frame has 2 object(s):
[32, 112) 'g' (line 3)
[144, 148) 'h' (line 7) <== Memory access at offset 144 is inside this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope
/home/marxin/Programming/testcases/pr102769.c:5:19 in main
Shadow bytes around the buggy address:
0x10007fff7b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
=>0x10007fff7b90: 00 00 00 00 00 00 f2 f2 f2 f2[f8]f3 00 00 00 00
0x10007fff7ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7bd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==30045==ABORTING
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
` (3 preceding siblings ...)
2021-10-15 10:23 ` marxin at gcc dot gnu.org
@ 2021-10-15 10:28 ` zhendong.su at inf dot ethz.ch
2021-10-15 10:33 ` marxin at gcc dot gnu.org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: zhendong.su at inf dot ethz.ch @ 2021-10-15 10:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #5 from Zhendong Su <zhendong.su at inf dot ethz.ch> ---
Yes, it's clear that the code is invalid. I should update my reduction script
to use more recent clang and gcc for ruling out UBs.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
` (4 preceding siblings ...)
2021-10-15 10:28 ` zhendong.su at inf dot ethz.ch
@ 2021-10-15 10:33 ` marxin at gcc dot gnu.org
2021-10-15 10:38 ` zhendong.su at inf dot ethz.ch
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-10-15 10:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #6 from Martin Liška <marxin at gcc dot gnu.org> ---
(In reply to Zhendong Su from comment #5)
> Yes, it's clear that the code is invalid. I should update my reduction
> script to use more recent clang and gcc for ruling out UBs.
Yes, please include also ASAN and UBSAN checks made by the GCC compiler.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
` (5 preceding siblings ...)
2021-10-15 10:33 ` marxin at gcc dot gnu.org
@ 2021-10-15 10:38 ` zhendong.su at inf dot ethz.ch
2021-10-15 10:43 ` marxin at gcc dot gnu.org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: zhendong.su at inf dot ethz.ch @ 2021-10-15 10:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #7 from Zhendong Su <zhendong.su at inf dot ethz.ch> ---
(In reply to Martin Liška from comment #6)
> (In reply to Zhendong Su from comment #5)
> > Yes, it's clear that the code is invalid. I should update my reduction
> > script to use more recent clang and gcc for ruling out UBs.
>
> Yes, please include also ASAN and UBSAN checks made by the GCC compiler.
Yes, will also do; sorry for the invalid report and noise.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
` (6 preceding siblings ...)
2021-10-15 10:38 ` zhendong.su at inf dot ethz.ch
@ 2021-10-15 10:43 ` marxin at gcc dot gnu.org
2021-10-15 11:39 ` zhendong.su at inf dot ethz.ch
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-10-15 10:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #8 from Martin Liška <marxin at gcc dot gnu.org> ---
> Yes, will also do; sorry for the invalid report and noise.
Thanks!
Don't apologize, you have created very many wrong-code issues.
We appreciate the effort of your team.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
` (7 preceding siblings ...)
2021-10-15 10:43 ` marxin at gcc dot gnu.org
@ 2021-10-15 11:39 ` zhendong.su at inf dot ethz.ch
2021-10-15 11:42 ` jakub at gcc dot gnu.org
2021-10-15 15:17 ` zhendong.su at inf dot ethz.ch
10 siblings, 0 replies; 12+ messages in thread
From: zhendong.su at inf dot ethz.ch @ 2021-10-15 11:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #9 from Zhendong Su <zhendong.su at inf dot ethz.ch> ---
> Don't apologize, you have created very many wrong-code issues.
> We appreciate the effort of your team.
Thanks, Martin :)
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
` (8 preceding siblings ...)
2021-10-15 11:39 ` zhendong.su at inf dot ethz.ch
@ 2021-10-15 11:42 ` jakub at gcc dot gnu.org
2021-10-15 15:17 ` zhendong.su at inf dot ethz.ch
10 siblings, 0 replies; 12+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-10-15 11:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to Martin Liška from comment #8)
> Don't apologize, you have created very many wrong-code issues.
s/created/reported/
We as GCC developers have created them.
Anyway, thanks for all the bug reports.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/102769] wrong code at -O1 and above on x86_64-linux-gnu
2021-10-15 9:36 [Bug tree-optimization/102769] New: wrong code at -O1 and above on x86_64-linux-gnu zhendong.su at inf dot ethz.ch
` (9 preceding siblings ...)
2021-10-15 11:42 ` jakub at gcc dot gnu.org
@ 2021-10-15 15:17 ` zhendong.su at inf dot ethz.ch
10 siblings, 0 replies; 12+ messages in thread
From: zhendong.su at inf dot ethz.ch @ 2021-10-15 15:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102769
--- Comment #11 from Zhendong Su <zhendong.su at inf dot ethz.ch> ---
> s/created/reported/
> We as GCC developers have created them.
Thanks for this clarification, Jakob :)
> Anyway, thanks for all the bug reports.
Sure thing. Thanks to all you folks for the great work in maintaining and
improving GCC!
^ permalink raw reply [flat|nested] 12+ messages in thread