public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control
@ 2023-10-16 15:12 vladimir.fuka at gmail dot com
2023-10-16 16:57 ` [Bug fortran/111837] [8/9/10/11/12/13/14 " anlauf at gcc dot gnu.org
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: vladimir.fuka at gmail dot com @ 2023-10-16 15:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
Bug ID: 111837
Summary: [8,9,10,11,12,13 Regression] Out of bounds access with
optimization inside io-implied-do-control
Product: gcc
Version: 13.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: vladimir.fuka at gmail dot com
Target Milestone: ---
The following code causes an out-of bounds access in array ni(1) when optimized
with -O1 or higher with GCC 8 and higher. Based on
https://stackoverflow.com/questions/77300746/how-does-gfortran-with-optimization-flags-interpret-nested-implied-do-loops
program implied_do_bug
implicit none
integer :: i,j,k
real :: arr(1,1,1)
integer, dimension(:) :: ni(1)
ni(1) = 1
arr = 1
write(*,*) (((arr(i,j,k), i=1,ni(k)), j=1,1), k=1,1)
end program
With error checker:
> gfortran-13 -O1 q77300746.f90 -fcheck=all -g
> ./a.out
At line 10 of file q77300746.f90
Fortran runtime error: Index '0' of dimension 1 of array 'ni' below lower bound
of 1
Error termination. Backtrace:
#0 0x4006e6 in implied_do_bug
at /home/lada/f/testy/stackoverflow//q77300746.f90:10
#1 0x400717 in main
at /home/lada/f/testy/stackoverflow//q77300746.f90:11
With address sanitization:
> gfortran-13 -O1 q77300746.f90 -fsanitize=address,undefined
> ./a.out
=================================================================
==30012==ERROR: AddressSanitizer: stack-buffer-underflow on address
0x7fdf3930002c at pc 0x00000040128b bp 0x7ffe56f222b0 sp 0x7ffe56f222a8
READ of size 4 at 0x7fdf3930002c thread T0
#0 0x40128a in MAIN__ (/home/lada/f/testy/stackoverflow/a.out+0x40128a)
(BuildId: 4f112b517d93d007bc1b001caf3ac9b317046f1c)
#1 0x401358 in main (/home/lada/f/testy/stackoverflow/a.out+0x401358)
(BuildId: 4f112b517d93d007bc1b001caf3ac9b317046f1c)
#2 0x7fdf3b76e24c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId:
171a59c1c43a8f7b93c3dff765aae0b675fe10f6)
#3 0x400b59 in _start ../sysdeps/x86_64/start.S:120
Address 0x7fdf3930002c is located in stack of thread T0 at offset 44 in frame
#0 0x400c15 in MAIN__ (/home/lada/f/testy/stackoverflow/a.out+0x400c15)
(BuildId: 4f112b517d93d007bc1b001caf3ac9b317046f1c)
This frame has 4 object(s):
[48, 52) 'ni' (line 5) <== Memory access at offset 44 underflows this
variable
[64, 96) 'arr' (line 4)
[128, 240) 'parm.4' (line 10)
[272, 800) 'dt_parm.3' (line 10)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow
(/home/lada/f/testy/stackoverflow/a.out+0x40128a) (BuildId:
4f112b517d93d007bc1b001caf3ac9b317046f1c) in MAIN__
Shadow bytes around the buggy address:
0x7fdf392ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fdf392ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fdf392ffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fdf392fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fdf392fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x7fdf39300000: f1 f1 f1 f1 f1[f1]04 f2 00 00 00 00 f2 f2 f2 f2
0x7fdf39300080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2
0x7fdf39300100: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fdf39300180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fdf39300200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7fdf39300280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==30012==ABORTING
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [8/9/10/11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
@ 2023-10-16 16:57 ` anlauf at gcc dot gnu.org
2023-10-16 18:03 ` anlauf at gcc dot gnu.org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: anlauf at gcc dot gnu.org @ 2023-10-16 16:57 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
anlauf at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |anlauf at gcc dot gnu.org
Priority|P3 |P4
Keywords| |wrong-code
Summary|[8,9,10,11,12,13 |[8/9/10/11/12/13/14
|Regression] Out of bounds |Regression] Out of bounds
|access with optimization |access with optimization
|inside |inside
|io-implied-do-control |io-implied-do-control
Known to fail| |8.5.0
Known to work| |7.5.0
Target Milestone|--- |11.5
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
Last reconfirmed| |2023-10-16
--- Comment #1 from anlauf at gcc dot gnu.org ---
Confirmed.
This is a frontend-optimization bug.
Workaround: compile with -fno-frontend-optimize .
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [8/9/10/11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
2023-10-16 16:57 ` [Bug fortran/111837] [8/9/10/11/12/13/14 " anlauf at gcc dot gnu.org
@ 2023-10-16 18:03 ` anlauf at gcc dot gnu.org
2023-10-16 19:12 ` anlauf at gcc dot gnu.org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: anlauf at gcc dot gnu.org @ 2023-10-16 18:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
--- Comment #2 from anlauf at gcc dot gnu.org ---
Lightly tested, probably obvious patch:
diff --git a/gcc/fortran/frontend-passes.cc b/gcc/fortran/frontend-passes.cc
index 136a292807d..536884b13f0 100644
--- a/gcc/fortran/frontend-passes.cc
+++ b/gcc/fortran/frontend-passes.cc
@@ -1326,7 +1326,7 @@ traverse_io_block (gfc_code *code, bool *has_reached,
gfc_code *prev)
if (iters[i])
{
gfc_expr *var = iters[i]->var;
- for (int j = i - 1; j < i; j++)
+ for (int j = 0; j < i; j++)
{
if (iters[j]
&& (var_in_expr (var, iters[j]->start)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [8/9/10/11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
2023-10-16 16:57 ` [Bug fortran/111837] [8/9/10/11/12/13/14 " anlauf at gcc dot gnu.org
2023-10-16 18:03 ` anlauf at gcc dot gnu.org
@ 2023-10-16 19:12 ` anlauf at gcc dot gnu.org
2023-10-17 17:06 ` [Bug fortran/111837] [11/12/13/14 " cvs-commit at gcc dot gnu.org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: anlauf at gcc dot gnu.org @ 2023-10-16 19:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
anlauf at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at gcc dot gnu.org |anlauf at gcc dot gnu.org
Status|NEW |ASSIGNED
--- Comment #3 from anlauf at gcc dot gnu.org ---
Submitted: https://gcc.gnu.org/pipermail/fortran/2023-October/059832.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
` (2 preceding siblings ...)
2023-10-16 19:12 ` anlauf at gcc dot gnu.org
@ 2023-10-17 17:06 ` cvs-commit at gcc dot gnu.org
2023-10-21 19:51 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-10-17 17:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Harald Anlauf <anlauf@gcc.gnu.org>:
https://gcc.gnu.org/g:5ac63ec5da2e93226457bea4dbb3a4f78d5d82c2
commit r14-4688-g5ac63ec5da2e93226457bea4dbb3a4f78d5d82c2
Author: Harald Anlauf <anlauf@gmx.de>
Date: Mon Oct 16 21:02:20 2023 +0200
Fortran: out of bounds access with nested implied-do IO [PR111837]
gcc/fortran/ChangeLog:
PR fortran/111837
* frontend-passes.cc (traverse_io_block): Dependency check of loop
nest shall be triangular, not banded.
gcc/testsuite/ChangeLog:
PR fortran/111837
* gfortran.dg/implied_do_io_8.f90: New test.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
` (3 preceding siblings ...)
2023-10-17 17:06 ` [Bug fortran/111837] [11/12/13/14 " cvs-commit at gcc dot gnu.org
@ 2023-10-21 19:51 ` cvs-commit at gcc dot gnu.org
2023-10-21 20:06 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-10-21 19:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-13 branch has been updated by Harald Anlauf
<anlauf@gcc.gnu.org>:
https://gcc.gnu.org/g:c83907b9fad802a5c38ed4ca75d9415b8f57f619
commit r13-7972-gc83907b9fad802a5c38ed4ca75d9415b8f57f619
Author: Harald Anlauf <anlauf@gmx.de>
Date: Mon Oct 16 21:02:20 2023 +0200
Fortran: out of bounds access with nested implied-do IO [PR111837]
gcc/fortran/ChangeLog:
PR fortran/111837
* frontend-passes.cc (traverse_io_block): Dependency check of loop
nest shall be triangular, not banded.
gcc/testsuite/ChangeLog:
PR fortran/111837
* gfortran.dg/implied_do_io_8.f90: New test.
(cherry picked from commit 5ac63ec5da2e93226457bea4dbb3a4f78d5d82c2)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
` (4 preceding siblings ...)
2023-10-21 19:51 ` cvs-commit at gcc dot gnu.org
@ 2023-10-21 20:06 ` cvs-commit at gcc dot gnu.org
2023-10-21 20:22 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-10-21 20:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-12 branch has been updated by Harald Anlauf
<anlauf@gcc.gnu.org>:
https://gcc.gnu.org/g:4d4d191e03d102d5afeb4b091e947560351004c3
commit r12-9934-g4d4d191e03d102d5afeb4b091e947560351004c3
Author: Harald Anlauf <anlauf@gmx.de>
Date: Mon Oct 16 21:02:20 2023 +0200
Fortran: out of bounds access with nested implied-do IO [PR111837]
gcc/fortran/ChangeLog:
PR fortran/111837
* frontend-passes.cc (traverse_io_block): Dependency check of loop
nest shall be triangular, not banded.
gcc/testsuite/ChangeLog:
PR fortran/111837
* gfortran.dg/implied_do_io_8.f90: New test.
(cherry picked from commit 5ac63ec5da2e93226457bea4dbb3a4f78d5d82c2)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
` (5 preceding siblings ...)
2023-10-21 20:06 ` cvs-commit at gcc dot gnu.org
@ 2023-10-21 20:22 ` cvs-commit at gcc dot gnu.org
2023-10-21 20:23 ` anlauf at gcc dot gnu.org
2023-12-24 22:23 ` pinskia at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-10-21 20:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Harald Anlauf
<anlauf@gcc.gnu.org>:
https://gcc.gnu.org/g:9b569e0a1cf79519eea2e62422232c8d2d483f07
commit r11-11071-g9b569e0a1cf79519eea2e62422232c8d2d483f07
Author: Harald Anlauf <anlauf@gmx.de>
Date: Mon Oct 16 21:02:20 2023 +0200
Fortran: out of bounds access with nested implied-do IO [PR111837]
gcc/fortran/ChangeLog:
PR fortran/111837
* frontend-passes.c (traverse_io_block): Dependency check of loop
nest shall be triangular, not banded.
gcc/testsuite/ChangeLog:
PR fortran/111837
* gfortran.dg/implied_do_io_8.f90: New test.
(cherry picked from commit 5ac63ec5da2e93226457bea4dbb3a4f78d5d82c2)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
` (6 preceding siblings ...)
2023-10-21 20:22 ` cvs-commit at gcc dot gnu.org
@ 2023-10-21 20:23 ` anlauf at gcc dot gnu.org
2023-12-24 22:23 ` pinskia at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: anlauf at gcc dot gnu.org @ 2023-10-21 20:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
anlauf at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #8 from anlauf at gcc dot gnu.org ---
Fixed.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/111837] [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
` (7 preceding siblings ...)
2023-10-21 20:23 ` anlauf at gcc dot gnu.org
@ 2023-12-24 22:23 ` pinskia at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-12-24 22:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111837
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gigor-ads at yandex dot ru
--- Comment #9 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 113128 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2023-12-24 22:23 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-16 15:12 [Bug fortran/111837] New: [8,9,10,11,12,13 Regression] Out of bounds access with optimization inside io-implied-do-control vladimir.fuka at gmail dot com
2023-10-16 16:57 ` [Bug fortran/111837] [8/9/10/11/12/13/14 " anlauf at gcc dot gnu.org
2023-10-16 18:03 ` anlauf at gcc dot gnu.org
2023-10-16 19:12 ` anlauf at gcc dot gnu.org
2023-10-17 17:06 ` [Bug fortran/111837] [11/12/13/14 " cvs-commit at gcc dot gnu.org
2023-10-21 19:51 ` cvs-commit at gcc dot gnu.org
2023-10-21 20:06 ` cvs-commit at gcc dot gnu.org
2023-10-21 20:22 ` cvs-commit at gcc dot gnu.org
2023-10-21 20:23 ` anlauf at gcc dot gnu.org
2023-12-24 22:23 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).