From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-469188-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 15012 invoked by alias); 2 Dec 2014 11:59:22 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 14962 invoked by uid 48); 2 Dec 2014 11:59:19 -0000
From: "Joost.VandeVondele at mat dot ethz.ch" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug fortran/53379] [4.8/4.9/5 Regression] No backtrace generated for array bounds violation
Date: Tue, 02 Dec 2014 11:59:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: fortran
X-Bugzilla-Version: 4.7.0
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: Joost.VandeVondele at mat dot ethz.ch
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P4
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 4.8.4
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cf_reconfirmed_on cc
Message-ID: <bug-53379-4-AEUGAIZYi5@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-53379-4@http.gcc.gnu.org/bugzilla/>
References: <bug-53379-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-12/txt/msg00195.txt.bz2

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53379

Joost VandeVondele <Joost.VandeVondele at mat dot ethz.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|2013-12-29 00:00:00         |2014-12-2
                 CC|                            |Joost.VandeVondele at mat dot ethz
                   |                            |.ch

--- Comment #15 from Joost VandeVondele <Joost.VandeVondele at mat dot ethz.ch> ---
still fails with trunk, while this really was a useful feature.

> cat test.f90
MODULE m1
CONTAINS
SUBROUTINE foo(b)
 INTEGER, POINTER :: b(:)
 b(-1)=0
END SUBROUTINE foo
END MODULE

USE m1
INTEGER, POINTER :: a(:)
ALLOCATE(a(0:1))
CALL foo(a)
END

> gfortran -g -fbacktrace -fbounds-check test.f90 && ./a.out
At line 5 of file test.f90
Fortran runtime error: Index '-1' of dimension 1 of array 'b' below lower bound
of 0

While if we use -fsanitize=address (at greatly increased cost), we actually get
a Christmas tree with losts of colourful lights:
> gfortran -g -fsanitize=address test.f90 && ./a.out
=================================================================
==32762==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000ef8c at pc 0x000000400c17 bp 0x7fff7f4bd220 sp 0x7fff7f4bd218
WRITE of size 4 at 0x60200000ef8c thread T0
    #0 0x400c16 in __m1_MOD_foo /data/vjoost/gnu/bugs/test.f90:5
    #1 0x400d1a in MAIN__ /data/vjoost/gnu/bugs/test.f90:12
    #2 0x400da2 in main /data/vjoost/gnu/bugs/test.f90:9
    #3 0x3094e1ed5c in __libc_start_main (/lib64/libc.so.6+0x3094e1ed5c)
    #4 0x400a48  (/data/vjoost/gnu/bugs/a.out+0x400a48)

0x60200000ef8c is located 4 bytes to the left of 8-byte region
[0x60200000ef90,0x60200000ef98)
allocated by thread T0 here:
    #0 0x7fb401b2ab1a in __interceptor_malloc
../../../../gcc/libsanitizer/asan/asan_malloc_linux.cc:38
    #1 0x400cc2 in MAIN__ /data/vjoost/gnu/bugs/test.f90:11
    #2 0x400da2 in main /data/vjoost/gnu/bugs/test.f90:9
    #3 0x3094e1ed5c in __libc_start_main (/lib64/libc.so.6+0x3094e1ed5c)

SUMMARY: AddressSanitizer: heap-buffer-overflow
/data/vjoost/gnu/bugs/test.f90:5 __m1_MOD_foo
Shadow bytes around the buggy address:
  0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9df0: fa[fa]00 fa fa fa 07 fa fa fa 07 fa fa fa 06 fa
  0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==32762==ABORTING