public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "resence at parsoma dot net" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/107769] New: -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata
Date: Sun, 20 Nov 2022 15:54:39 +0000 [thread overview]
Message-ID: <bug-107769-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107769
Bug ID: 107769
Summary: -flto with -Os/-O2/-O3 emitted code with gcc 12.x
segfaults via mutated global in .rodata
Product: gcc
Version: 12.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: resence at parsoma dot net
Target Milestone: ---
Created attachment 53931
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53931&action=edit
Small, preprocessed testcase to reproduce this issue via -save-temps
On a Debian unstable amd64 system running "gcc (Debian 12.2.0-9) 12.2.0"
running any of:
gcc -flto -Wall -Wextra -pedantic -fopt-info -finline-limit=150 -Os
-fno-strict-aliasing -o r.OsNoG repro.c
gcc -flto -Wall -g -Wextra -pedantic -finline-limit=150 -Os
-fno-strict-aliasing -o r.Os repro.c
gcc -flto -Wall -Wextra -pedantic -fopt-info -finline-limit=150 -O2
-fno-strict-aliasing -o r.O2NoG repro.c
gcc -flto -Wall -g -Wextra -pedantic -finline-limit=150 -O2
-fno-strict-aliasing -o r.O2 repro.c
gcc -flto -Wall -Wextra -pedantic -finline-limit=150 -O3 -fno-strict-aliasing
-o r.O3noG repro.c
gcc -flto -Wall -Wextra -g -pedantic -finline-limit=150 -O3
-fno-strict-aliasing -o r.O3 repro.c
on the attached repro.c test case results in
repro.c: In function ‘incRef__system_5450’:
repro.c:12:39: warning: unused parameter ‘c’ [-Wunused-parameter]
12 | static void incRef__system_5450(void* c) {
| ~~~~~~^
repro.c: In function ‘isOnStack__system_5438’:
repro.c:15:74: warning: unused parameter ‘p’ [-Wunused-parameter]
15 | unsigned char __attribute__((__noinline__)) isOnStack__system_5438(void
*p) {
|
~~~~~~^
and a binary which segfaults:
$ for i in r.O*; do echo $i; ./$i; done
r.O2
Segmentation fault
r.O2NoG
Segmentation fault
r.O3
Segmentation fault
r.O3noG
Segmentation fault
r.Os
Segmentation fault
r.OsNoG
Segmentation fault
Running valgrind results in:
==1048150== Memcheck, a memory error detector
==1048150== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==1048150== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==1048150== Command: ./r.Os
==1048150==
==1048150==
==1048150== Process terminating with default action of signal 11 (SIGSEGV)
==1048150== Bad permissions for mapped region at address 0x10A008
==1048150== at 0x109098: UnknownInlinedFun (repro.c:24)
==1048150== by 0x109098: UnknownInlinedFun (repro.c:45)
==1048150== by 0x109098: main (repro.c:50)
(with similar output for other optimization settings, less for settings without
debug information)
The proximate cause of this is that the global variable g__r_1 has been placed
in the .rodata section:
(gdb) p &g__r_1
$2 = (void **) 0x555555556008 <g.r_1>
(gdb) info file
...
0x0000555555556000 - 0x0000555555556010 is .rodata
...
This seems to only happen with a combination of all of (a) -flto (even with one
source file), (b) some greater-than-O1 level optimization level, (c) absence of
-fno-inline-small-functions option; and (d) gcc 12.x or newer.
Running gcc UBSAN on this reveals nothing obviously additional:
$ rm -v a.out && gcc -Og -flto -finline-limit=150 -fsanitize=undefined -Wall
-Wextra -pedantic -fno-strict-aliasing repro.c && ./a.out && echo gcc UBSAN
complete
removed 'a.out'
repro.c: In function ‘incRef__system_5450’:
repro.c:12:39: warning: unused parameter ‘c’ [-Wunused-parameter]
12 | static void incRef__system_5450(void* c) {
| ~~~~~~^
repro.c: In function ‘isOnStack__system_5438’:
repro.c:15:74: warning: unused parameter ‘p’ [-Wunused-parameter]
15 | unsigned char __attribute__((__noinline__)) isOnStack__system_5438(void
*p) {
|
~~~~~~^
gcc UBSAN complete
next reply other threads:[~2022-11-20 15:54 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-20 15:54 resence at parsoma dot net [this message]
2022-11-20 18:23 ` [Bug ipa/107769] [12/13 Regression] " pinskia at gcc dot gnu.org
2022-11-21 8:45 ` [Bug ipa/107769] [12/13 Regression] -flto with -Os/-O2/-O3 emitted code with gcc 12.x segfaults via mutated global in .rodata since r12-2887-ga6da2cddcf0e959d marxin at gcc dot gnu.org
2022-11-21 10:29 ` hubicka at gcc dot gnu.org
2022-11-22 8:33 ` rguenth at gcc dot gnu.org
2023-03-24 13:51 ` jamborm at gcc dot gnu.org
2023-03-30 3:35 ` yinyuefengyi at gmail dot com
2023-03-31 11:09 ` jamborm at gcc dot gnu.org
2023-04-06 17:01 ` jamborm at gcc dot gnu.org
2023-04-17 11:06 ` cvs-commit at gcc dot gnu.org
2023-04-17 14:17 ` [Bug ipa/107769] [12 " jamborm at gcc dot gnu.org
2023-04-26 16:45 ` cvs-commit at gcc dot gnu.org
2023-04-26 16:46 ` jamborm at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-107769-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).