From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id E94F93857348; Mon, 15 May 2023 21:35:20 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E94F93857348
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1684186520;
	bh=X95nqMya+/BvSSmIo5yb6uH5YRE0Wfzo4X0NcFjdIsU=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=OhbMrSrIQ7V3tHP2gbAsZ+Mnj7Kew004S98JuHPtNcThjeA7H6Ag5Z2/n3WOfRaX3
	 /gBMkk39NFYvCQVT57PtE+DxCgx7N+G1K+15lzqh4/+jo7JVH6dDrs0lNEaY2uSsdc
	 3BgT3mUd6YWZsl2f6v3YFwJmarrIcUvQDpGv6+I8=
From: "sjames at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/109806] [13/14 Regression] 13.1.0 cc1plus
 stack smashing crash with C array of complex structs
Date: Mon, 15 May 2023 21:35:19 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 13.1.0
X-Bugzilla-Keywords: ice-on-valid-code, memory-hog
X-Bugzilla-Severity: critical
X-Bugzilla-Who: sjames at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 13.2
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc see_also
Message-ID: <bug-109806-4-ES1r8aAOwc@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-109806-4@http.gcc.gnu.org/bugzilla/>
References: <bug-109806-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109806

Sam James <sjames at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aldyh at gcc dot gnu.org
           See Also|                            |https://bugs.gentoo.org/sho
                   |                            |w_bug.cgi?id=3D906380

--- Comment #12 from Sam James <sjames at gcc dot gnu.org> ---
I think I'm hitting this on musl too. Reported in Gentoo at
https://bugs.gentoo.org/906380.

For me, this crashes on x86_64-gentoo-linux-musl:
```
struct SimpleRefCounted {
  virtual void addRef();
};
struct timespec {
  long tv_nsec;
  int : 0;
};
struct ClockImpl : SimpleRefCounted {
  timespec _startTime;
};
struct Clock {
  Clock();
};
Clock::Clock() { ClockImpl(); }
```

with:
```
# g++ /tmp/foo.cxx -O2 -wrapper valgrind
=3D=3D1239523=3D=3D Memcheck, a memory error detector
=3D=3D1239523=3D=3D Copyright (C) 2002-2022, and GNU GPL'd, by Julian Sewar=
d et al.
=3D=3D1239523=3D=3D Using Valgrind-3.21.0 and LibVEX; rerun with -h for cop=
yright info
=3D=3D1239523=3D=3D Command: /usr/libexec/gcc/x86_64-gentoo-linux-musl/13/c=
c1plus
-quiet -D_GNU_SOURCE /tmp/foo.cxx -quiet -dumpdir a- -dumpbase foo.cxx
-dumpbase-ext .cxx -mtune=3Dgeneric -march=3Dx86-64 -O2 -fcf-protection -o
/tmp/ccigHfiN.s
=3D=3D1239523=3D=3D
=3D=3D1239523=3D=3D Invalid read of size 1
=3D=3D1239523=3D=3D    at 0x97844C: to_wide (tree.h:6257)
=3D=3D1239523=3D=3D    by 0x97844C: irange::set_varying(tree_node*) (value-=
range.h:959)
=3D=3D1239523=3D=3D    by 0x10C1A45: range_query::get_tree_range(vrange&, t=
ree_node*,
gimple*) (value-query.cc:252)
=3D=3D1239523=3D=3D    by 0x1B52256: gimple_ranger::range_of_stmt(vrange&, =
gimple*,
tree_node*) (gimple-range.cc:298)
=3D=3D1239523=3D=3D    by 0x1B52778: gimple_ranger::register_inferred_range=
s(gimple*)
(gimple-range.cc:474)
=3D=3D1239523=3D=3D    by 0x109FB19: rvrp_folder::fold_stmt(gimple_stmt_ite=
rator*)
(tree-vrp.cc:1079)
=3D=3D1239523=3D=3D    by 0xFA9ED3:
substitute_and_fold_dom_walker::before_dom_children(basic_block_def*)
(tree-ssa-propagate.cc:848)
=3D=3D1239523=3D=3D    by 0x1B24C2E: dom_walker::walk(basic_block_def*)
(domwalk.cc:311)
=3D=3D1239523=3D=3D    by 0xFA9312:
substitute_and_fold_engine::substitute_and_fold(basic_block_def*)
(tree-ssa-propagate.cc:971)
=3D=3D1239523=3D=3D    by 0x109DB80: execute_ranger_vrp(function*, bool, bo=
ol)
(tree-vrp.cc:1107)
=3D=3D1239523=3D=3D    by 0xD3A0EA: execute_one_pass(opt_pass*) (passes.cc:=
2651)
=3D=3D1239523=3D=3D    by 0xD3A9AF: execute_pass_list_1(opt_pass*) (passes.=
cc:2760)
=3D=3D1239523=3D=3D    by 0xD3A9C1: execute_pass_list_1(opt_pass*) (passes.=
cc:2761)
=3D=3D1239523=3D=3D  Address 0x4 is not stack'd, malloc'd or (recently) fre=
e'd
=3D=3D1239523=3D=3D
during GIMPLE pass: evrp
/tmp/foo.cxx: In constructor 'Clock::Clock()':
/tmp/foo.cxx:14:31: internal compiler error: Segmentation fault
   14 | Clock::Clock() { ClockImpl(); }
      |                               ^

0xe10df3 crash_signal
=20=20=20=20=20=20=20
/usr/src/debug/sys-devel/gcc-13.1.1_p20230513/gcc-13-20230513/gcc/toplev.cc=
:314
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://bugs.gentoo.org/> for instructions.
```

(Obviously crashes w/o valgrind too, just the output is way less helpful.)

Note that musl has a small default stack size, as I mentioned at
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109695#c18.=