From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 1933238582B3; Fri, 19 Jan 2024 12:49:02 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1933238582B3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1705668542;
	bh=kEj+AeE/73k5nBm+FuYFtM0/4A7462eWtLjFFvDdiKs=;
	h=From:To:Subject:Date:From;
	b=PC/XSaqByi4uY3jN2SkMfqu0C0oX0BZGKWKAKI/SYwO2P+IUZ+y02LrrSHFOV5Tbm
	 +zBq8pmMmYNo64WZGoFFHTQn2wQYQPfA8/XSGjG8Z6YFQ6nW1ybLbZTRzsZNqqVuiO
	 MEtL+ByfcLc9wHCYflLmBDrWjP0tyZY5hWw5zW7s=
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug fortran/113503] New: [14 Regression] xtb test miscompilation
 starting with r14-870
Date: Fri, 19 Jan 2024 12:49:00 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: fortran
X-Bugzilla-Version: 14.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jakub at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-113503-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D113503

            Bug ID: 113503
           Summary: [14 Regression] xtb test miscompilation starting with
                    r14-870
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: fortran
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jakub at gcc dot gnu.org
  Target Milestone: ---

Since r14-870-g6c95fe9bc0553743098eeaa739f14b885050fa42 4 xtb tests seem to=
 be
miscompiled, they crash due to memcpy into NULL pointer.

Reduced testcase is:
module xtb_solv_input
   implicit none
   private
   public :: TSolvInput
   type :: TSolvInput
      character(len=3D:), allocatable :: solvent
   end type
end module
module xtb_main_setup
   use xtb_solv_input, only : TSolvInput
   private
   public :: addSolvationModel
contains
subroutine addSolvationModel(input)
   type(TSolvInput), intent(in) :: input
end subroutine
end module
program xtb
    use xtb_solv_input, only : TSolvInput
    use xtb_main_setup, only : addSolvationModel
    integer :: iMol
    character(len=3D*), parameter :: solvents(10) =3D [character(len=3D20) =
::&
      & "h2o", "chcl3", "thf", "acetonitrile", "toluene", &
      & "ch2cl2", "ether", "methanol", "cs2", "dmso"]
    do iMol =3D 1, 10
      call addSolvationModel(TSolvInput(solvent=3Dtrim(solvents(iMol))))
    end do
end program

When compiled with -O2 -fno-inline -Wuninitialized starting with that revis=
ion
it emits:
xtb.f90:26:70:

   26 |       call addSolvationModel(TSolvInput(solvent=3Dtrim(solvents(iMo=
l))))
      |                                                                    =
  ^
Warning: =E2=80=98len.8=E2=80=99 is used uninitialized [-Wuninitialized]
xtb.f90:26:70:

   26 |       call addSolvationModel(TSolvInput(solvent=3Dtrim(solvents(iMo=
l))))
      |                                                                    =
  ^
note: =E2=80=98len.8=E2=80=99 declared here
warning.  This reduced test doesn't crash, but the unreduced one crashes
exactly because of the uninitialized use - when the uninitialized var happe=
ns
to contain some huge value (0x7fffffffffffe0b0 or so in my case), that valu=
e is
passed to malloc,
malloc obviously returns NULL as I don't have that much memory and the code
then tries to memcpy "h2o" into NULL.

The bug is visible in the gimple dump already:
            integer(kind=3D8) len.8;
            integer(kind=3D8) slen.9;

            try
              {
                slen.9 =3D len.8;
                slen.18_1 =3D (sizetype) slen.9;
                _2 =3D MAX_EXPR <slen.18_1, 1>;
                _3 =3D __builtin_malloc (_2);
                tsolvinput.6.solvent =3D _3;
                tsolvinput.6._solvent_length =3D slen.9;
                _4 =3D (integer(kind=3D8)) imol;
                _5 =3D _4 + -1;
                _6 =3D &solvents[_5];
                _gfortran_string_trim (&len.8, &pstr.7, 20, _6);
                len.19_7 =3D len.8;
                len.20_8 =3D (unsigned long) len.19_7;
                pstr.21_9 =3D pstr.7;
                _10 =3D tsolvinput.6.solvent;
                __builtin_memcpy (_10, pstr.21_9, len.20_8);
                len.22_11 =3D len.8;
In r14-868 instead it looked like
            integer(kind=3D8) len.8;
            integer(kind=3D8) D.4372;
            character(kind=3D1) * pstr.9;
            integer(kind=3D8) len.10;

            try
              {
                _1 =3D (integer(kind=3D8)) imol;
                _2 =3D _1 + -1;
                _3 =3D &solvents[_2];
                _gfortran_string_trim (&len.8, &pstr.7, 20, _3);
                len.19_4 =3D len.8;
                if (len.19_4 > 0) goto <D.4416>; else goto <D.4417>;
                <D.4416>:
                pstr.20_5 =3D pstr.7;
                __builtin_free (pstr.20_5);=