public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/105310] New: ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero
@ 2022-04-19 15:34 foreese at gcc dot gnu.org
2022-04-19 16:07 ` [Bug fortran/105310] " foreese at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: foreese at gcc dot gnu.org @ 2022-04-19 15:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105310
Bug ID: 105310
Summary: ICE when UNION is after the 8th field in a DEC
STRUCTURE with -finit-derived -finit-local-zero
Product: gcc
Version: 7.4.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: foreese at gcc dot gnu.org
Target Milestone: ---
Created attachment 52833
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52833&action=edit
Test case exhibiting the ICE
Consider:
$ cat testunion.for
PROGRAM TESTU
IMPLICIT NONE
STRUCTURE /FOO/
INTEGER(4) :: a,b,c,d,e,f,g,h
UNION
MAP
ENDMAP
ENDUNION
ENDSTRUCTURE
RECORD /FOO/ bar
bar.a = 1
END
$ gfortran -O0 -c -ffixed-form -finit-local-zero -finit-derived -fdec-structure
testunion.for
testunion.for:15:0:
end
internal compiler error: Segmentation fault
0xa72a2f crash_signal
/data/gcc-7.4.0/gcc/toplev.c:337
0xcb6a54 compute_reloc_for_constant(tree_node*)
/data/gcc-7.4.0/gcc/varasm.c:4120
0xcb6b5c compute_reloc_for_constant(tree_node*)
/data/gcc-7.4.0/gcc/varasm.c:4174
0xcbc802 get_variable_section(tree_node*, bool)
/data/gcc-7.4.0/gcc/varasm.c:1148
0xcc0cb7 assemble_variable(tree_node*, int, int, int)
/data/gcc-7.4.0/gcc/varasm.c:2225
0xcc4ce2 varpool_node::assemble_decl()
/data/gcc-7.4.0/gcc/varpool.c:588
0x7426fc output_in_order
/data/gcc-7.4.0/gcc/cgraphunit.c:2289
0x742ac3 symbol_table::compile()
/data/gcc-7.4.0/gcc/cgraphunit.c:2530
0x744b16 symbol_table::compile()
/data/gcc-7.4.0/gcc/cgraphunit.c:2629
0x744b16 symbol_table::finalize_compilation_unit()
/data/gcc-7.4.0/gcc/cgraphunit.c:2626
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
ICE occurs with 7.4 and higher, where the -fdec-structure and -finit-derived
options were introduced.
The ICE occurs at -O0 but not for higher optimization levels. The ICE occurs
only when there are (8*2^n) fields preceding the union, regardless of which
fields are in the union.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/105310] ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero
2022-04-19 15:34 [Bug fortran/105310] New: ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero foreese at gcc dot gnu.org
@ 2022-04-19 16:07 ` foreese at gcc dot gnu.org
2022-04-20 7:20 ` rguenth at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: foreese at gcc dot gnu.org @ 2022-04-19 16:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105310
Fritz Reese <foreese at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2022-04-19
Assignee|unassigned at gcc dot gnu.org |foreese at gcc dot gnu.org
--- Comment #1 from Fritz Reese <foreese at gcc dot gnu.org> ---
Created attachment 52834
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52834&action=edit
Patch which fixes the bug based on trunk
The bug is caused by gfc_conv_union_initializer in gcc/fortran/trans-expr.cc,
which accepts a pointer to a vector of constructor trees (vec<constructor_elt,
va_gc>*) as an argument, then appends one or two field constructors to the
vector. The problem is the use of CONSTRUCTOR_APPEND_ELT(v, ...) within
gfc_conv_union_initializer, which modifies the vector pointer v when a
reallocation of the vector occurs, but the pointer is passed by value.
Therefore, when a vector reallocation occurs, the vector caller's
(gfc_conv_structure) vector pointer is not updated and subsequently points to
freed memory. Chaos ensues.
The bug only occurs when gfc_conv_union_initializer itself triggers the
reallocation, which is whenever the vector is "full" (v->m_vecpfx.m_alloc ==
v->m_vecpfx.m_num). Since the vector defaults to allocating 8 elements and
doubles in size for every reallocation, the bug only occurs when there are 8,
16, 32, etc... fields with initializers prior to the union, causing the vector
of constructors to be resized when entering gfc_conv_union_initializer. The
-finit-derived and -finit-local-zero options together ensure each field has an
initializer, triggering the bug.
The patch fixes the bug by passing the vector pointer to
gfc_conv_union_initializer by reference, matching the signature of
vec_safe_push from within the CONSTRUCTOR_APPEND_ELT macro.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/105310] ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero
2022-04-19 15:34 [Bug fortran/105310] New: ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero foreese at gcc dot gnu.org
2022-04-19 16:07 ` [Bug fortran/105310] " foreese at gcc dot gnu.org
@ 2022-04-20 7:20 ` rguenth at gcc dot gnu.org
2022-04-21 14:15 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-04-20 7:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105310
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
Please always post patches to the gcc-patches mailing lists, otherwise they
tend to get lost. Thanks for discovering and tracking this down.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/105310] ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero
2022-04-19 15:34 [Bug fortran/105310] New: ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero foreese at gcc dot gnu.org
2022-04-19 16:07 ` [Bug fortran/105310] " foreese at gcc dot gnu.org
2022-04-20 7:20 ` rguenth at gcc dot gnu.org
@ 2022-04-21 14:15 ` cvs-commit at gcc dot gnu.org
2022-04-21 14:26 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-21 14:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105310
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Fritz Reese <foreese@gcc.gnu.org>:
https://gcc.gnu.org/g:c049f638da4f7b32b11e4d895184e0960bae5291
commit r12-8215-gc049f638da4f7b32b11e4d895184e0960bae5291
Author: Fritz Reese <foreese@gcc.gnu.org>
Date: Tue Apr 19 16:45:46 2022 -0400
fortran: Fix conv of UNION constructors [PR105310]
This fixes an ICE when a UNION is the (1+8*2^n)-th field in a DEC
STRUCTURE when compiled with -finit-derived -finit-local-zero.
The problem was CONSTRUCTOR_APPEND_ELT from within
gfc_conv_union_initializer
modified the vector pointer, but the pointer was passed by-value,
so the old pointer from the caller (gfc_conv_structure) pointed to freed
memory.
PR fortran/105310
gcc/fortran/ChangeLog:
* trans-expr.cc (gfc_conv_union_initializer): Pass vec* by
reference.
gcc/testsuite/ChangeLog:
* gfortran.dg/dec_union_12.f90: New test.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/105310] ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero
2022-04-19 15:34 [Bug fortran/105310] New: ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero foreese at gcc dot gnu.org
` (2 preceding siblings ...)
2022-04-21 14:15 ` cvs-commit at gcc dot gnu.org
@ 2022-04-21 14:26 ` cvs-commit at gcc dot gnu.org
2022-04-21 14:42 ` cvs-commit at gcc dot gnu.org
2022-04-21 14:51 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-21 14:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105310
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Fritz Reese
<foreese@gcc.gnu.org>:
https://gcc.gnu.org/g:15798c5d50f1318fcc0c0e7b0e71281f9a38433c
commit r11-9922-g15798c5d50f1318fcc0c0e7b0e71281f9a38433c
Author: Fritz Reese <foreese@gcc.gnu.org>
Date: Tue Apr 19 16:45:46 2022 -0400
fortran: Fix conv of UNION constructors [PR105310]
This fixes an ICE when a UNION is the (1+8*2^n)-th field in a DEC
STRUCTURE when compiled with -finit-derived -finit-local-zero.
The problem was CONSTRUCTOR_APPEND_ELT from within
gfc_conv_union_initializer
modified the vector pointer, but the pointer was passed by-value,
so the old pointer from the caller (gfc_conv_structure) pointed to freed
memory.
PR fortran/105310
gcc/fortran/ChangeLog:
* trans-expr.c (gfc_conv_union_initializer): Pass vec* by
reference.
gcc/testsuite/ChangeLog:
* gfortran.dg/dec_union_12.f90: New test.
(cherry picked from commit c049f638da4f7b32b11e4d895184e0960bae5291)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/105310] ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero
2022-04-19 15:34 [Bug fortran/105310] New: ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero foreese at gcc dot gnu.org
` (3 preceding siblings ...)
2022-04-21 14:26 ` cvs-commit at gcc dot gnu.org
@ 2022-04-21 14:42 ` cvs-commit at gcc dot gnu.org
2022-04-21 14:51 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-21 14:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105310
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Fritz Reese
<foreese@gcc.gnu.org>:
https://gcc.gnu.org/g:592a59bcee098060493ffe8847f69fb3bd22b4aa
commit r10-10550-g592a59bcee098060493ffe8847f69fb3bd22b4aa
Author: Fritz Reese <foreese@gcc.gnu.org>
Date: Tue Apr 19 16:45:46 2022 -0400
fortran: Fix conv of UNION constructors [PR105310]
This fixes an ICE when a UNION is the (1+8*2^n)-th field in a DEC
STRUCTURE when compiled with -finit-derived -finit-local-zero.
The problem was CONSTRUCTOR_APPEND_ELT from within
gfc_conv_union_initializer
modified the vector pointer, but the pointer was passed by-value,
so the old pointer from the caller (gfc_conv_structure) pointed to freed
memory.
PR fortran/105310
gcc/fortran/ChangeLog:
* trans-expr.c (gfc_conv_union_initializer): Pass vec* by
reference.
gcc/testsuite/ChangeLog:
* gfortran.dg/dec_union_12.f90: New test.
(cherry picked from commit c049f638da4f7b32b11e4d895184e0960bae5291)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/105310] ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero
2022-04-19 15:34 [Bug fortran/105310] New: ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero foreese at gcc dot gnu.org
` (4 preceding siblings ...)
2022-04-21 14:42 ` cvs-commit at gcc dot gnu.org
@ 2022-04-21 14:51 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-21 14:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105310
--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-9 branch has been updated by Fritz Reese
<foreese@gcc.gnu.org>:
https://gcc.gnu.org/g:30e6e43f0bbd84ac01cfcbfbd4b60f4495365b7d
commit r9-10022-g30e6e43f0bbd84ac01cfcbfbd4b60f4495365b7d
Author: Fritz Reese <foreese@gcc.gnu.org>
Date: Tue Apr 19 16:45:46 2022 -0400
fortran: Fix conv of UNION constructors [PR105310]
This fixes an ICE when a UNION is the (1+8*2^n)-th field in a DEC
STRUCTURE when compiled with -finit-derived -finit-local-zero.
The problem was CONSTRUCTOR_APPEND_ELT from within
gfc_conv_union_initializer
modified the vector pointer, but the pointer was passed by-value,
so the old pointer from the caller (gfc_conv_structure) pointed to freed
memory.
PR fortran/105310
gcc/fortran/ChangeLog:
* trans-expr.c (gfc_conv_union_initializer): Pass vec* by
reference.
gcc/testsuite/ChangeLog:
* gfortran.dg/dec_union_12.f90: New test.
(cherry picked from commit c049f638da4f7b32b11e4d895184e0960bae5291)
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-04-21 14:51 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-19 15:34 [Bug fortran/105310] New: ICE when UNION is after the 8th field in a DEC STRUCTURE with -finit-derived -finit-local-zero foreese at gcc dot gnu.org
2022-04-19 16:07 ` [Bug fortran/105310] " foreese at gcc dot gnu.org
2022-04-20 7:20 ` rguenth at gcc dot gnu.org
2022-04-21 14:15 ` cvs-commit at gcc dot gnu.org
2022-04-21 14:26 ` cvs-commit at gcc dot gnu.org
2022-04-21 14:42 ` cvs-commit at gcc dot gnu.org
2022-04-21 14:51 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).