public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/57957] New: Double free or corruption (fasttop)
@ 2013-07-23 0:56 songtao.thu at gmail dot com
2013-07-23 2:14 ` [Bug fortran/57957] " songtao.thu at gmail dot com
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: songtao.thu at gmail dot com @ 2013-07-23 0:56 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57957
Bug ID: 57957
Summary: Double free or corruption (fasttop)
Product: gcc
Version: 4.8.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: songtao.thu at gmail dot com
A simple test:
! Test
program main
implicit none
type :: type1
real, allocatable :: anum(:)
end type type1
type :: type2
type(type1) :: temp
end type type2
type(type1) :: uKnot
type(type2) :: a
uKnot = type1([real :: 0,0,0,1,2,3,4,4,5,5,5])
a = type2(uKnot)
end
which leads to:
*** Error in `./a.out': double free or corruption (fasttop): 0x000000000184bf90
***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x80a46)[0x7fce37214a46]
./a.out[0x400a5a]
./a.out[0x400aa0]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fce371b5ea5]
./a.out[0x400699]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:06 792386
/home/taosong/Dropbox/[Tao]Codes/MyFortran/Try/a.out
00600000-00601000 r--p 00000000 08:06 792386
/home/taosong/Dropbox/[Tao]Codes/MyFortran/Try/a.out
00601000-00602000 rw-p 00001000 08:06 792386
/home/taosong/Dropbox/[Tao]Codes/MyFortran/Try/a.out
01849000-0186a000 rw-p 00000000 00:00 0 [heap]
7fce36a3d000-7fce36a52000 r-xp 00000000 08:06 1310725
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fce36a52000-7fce36c51000 ---p 00015000 08:06 1310725
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fce36c51000-7fce36c52000 r--p 00014000 08:06 1310725
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fce36c52000-7fce36c53000 rw-p 00015000 08:06 1310725
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fce36c53000-7fce36d56000 r-xp 00000000 08:06 1314626
/lib/x86_64-linux-gnu/libm-2.17.so
7fce36d56000-7fce36f56000 ---p 00103000 08:06 1314626
/lib/x86_64-linux-gnu/libm-2.17.so
7fce36f56000-7fce36f57000 r--p 00103000 08:06 1314626
/lib/x86_64-linux-gnu/libm-2.17.so
7fce36f57000-7fce36f58000 rw-p 00104000 08:06 1314626
/lib/x86_64-linux-gnu/libm-2.17.so
7fce36f58000-7fce36f93000 r-xp 00000000 08:06 1057181
/usr/lib/x86_64-linux-gnu/libquadmath.so.0.0.0
7fce36f93000-7fce37192000 ---p 0003b000 08:06 1057181
/usr/lib/x86_64-linux-gnu/libquadmath.so.0.0.0
7fce37192000-7fce37193000 r--p 0003a000 08:06 1057181
/usr/lib/x86_64-linux-gnu/libquadmath.so.0.0.0
7fce37193000-7fce37194000 rw-p 0003b000 08:06 1057181
/usr/lib/x86_64-linux-gnu/libquadmath.so.0.0.0
7fce37194000-7fce37352000 r-xp 00000000 08:06 1314578
/lib/x86_64-linux-gnu/libc-2.17.so
7fce37352000-7fce37551000 ---p 001be000 08:06 1314578
/lib/x86_64-linux-gnu/libc-2.17.so
7fce37551000-7fce37555000 r--p 001bd000 08:06 1314578
/lib/x86_64-linux-gnu/libc-2.17.so
7fce37555000-7fce37557000 rw-p 001c1000 08:06 1314578
/lib/x86_64-linux-gnu/libc-2.17.so
7fce37557000-7fce3755c000 rw-p 00000000 00:00 0
7fce3755c000-7fce37671000 r-xp 00000000 08:06 1048919
/usr/lib/x86_64-linux-gnu/libgfortran.so.3.0.0
7fce37671000-7fce37871000 ---p 00115000 08:06 1048919
/usr/lib/x86_64-linux-gnu/libgfortran.so.3.0.0
7fce37871000-7fce37872000 r--p 00115000 08:06 1048919
/usr/lib/x86_64-linux-gnu/libgfortran.so.3.0.0
7fce37872000-7fce37874000 rw-p 00116000 08:06 1048919
/usr/lib/x86_64-linux-gnu/libgfortran.so.3.0.0
7fce37874000-7fce37897000 r-xp 00000000 08:06 1314554
/lib/x86_64-linux-gnu/ld-2.17.so
7fce37a77000-7fce37a7b000 rw-p 00000000 00:00 0
7fce37a93000-7fce37a96000 rw-p 00000000 00:00 0
7fce37a96000-7fce37a97000 r--p 00022000 08:06 1314554
/lib/x86_64-linux-gnu/ld-2.17.so
7fce37a97000-7fce37a99000 rw-p 00023000 08:06 1314554
/lib/x86_64-linux-gnu/ld-2.17.so
7fff3b3ac000-7fff3b3cd000 rw-p 00000000 00:00 0
[stack]
7fff3b3fe000-7fff3b400000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Program received signal SIGABRT: Process abort signal.
Backtrace for this error:
#0 0x7FCE37575577
#1 0x7FCE37575B7E
#2 0x7FCE371CB0AF
#3 0x7FCE371CB037
#4 0x7FCE371CE697
#5 0x7FCE372085AA
#6 0x7FCE37214A45
#7 0x400A59 in MAIN__ at main.f95:?
Aborted (core dumped)
Anyway, ifort 12.0 works well with it.
Hopefully some experts can figure it out.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug fortran/57957] Double free or corruption (fasttop)
2013-07-23 0:56 [Bug fortran/57957] New: Double free or corruption (fasttop) songtao.thu at gmail dot com
@ 2013-07-23 2:14 ` songtao.thu at gmail dot com
2013-07-23 8:04 ` [Bug fortran/57957] Double free with allocatable components burnus at gcc dot gnu.org
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: songtao.thu at gmail dot com @ 2013-07-23 2:14 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57957
Tao Song <songtao.thu at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |major
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug fortran/57957] Double free with allocatable components
2013-07-23 0:56 [Bug fortran/57957] New: Double free or corruption (fasttop) songtao.thu at gmail dot com
2013-07-23 2:14 ` [Bug fortran/57957] " songtao.thu at gmail dot com
@ 2013-07-23 8:04 ` burnus at gcc dot gnu.org
2013-08-21 12:14 ` [Bug fortran/57957] [F03] " janus at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: burnus at gcc dot gnu.org @ 2013-07-23 8:04 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57957
Tobias Burnus <burnus at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
Status|UNCONFIRMED |NEW
Last reconfirmed| |2013-07-23
CC| |burnus at gcc dot gnu.org
Summary|Double free or corruption |Double free with
|(fasttop) |allocatable components
Ever confirmed|0 |1
Known to fail| |4.5.3, 4.8.1, 4.9.0
--- Comment #1 from Tobias Burnus <burnus at gcc dot gnu.org> ---
Confirmed.
For GCC 4.9, one needs to wrap the code in the main program in BLOCK/END BLOCK
as otherwise the end-of-scope deallocation does not trigger, which causes the
failure.
PR57959 prevents testing whether the problem is related to the array
constructor or not.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug fortran/57957] [F03] Double free with allocatable components
2013-07-23 0:56 [Bug fortran/57957] New: Double free or corruption (fasttop) songtao.thu at gmail dot com
2013-07-23 2:14 ` [Bug fortran/57957] " songtao.thu at gmail dot com
2013-07-23 8:04 ` [Bug fortran/57957] Double free with allocatable components burnus at gcc dot gnu.org
@ 2013-08-21 12:14 ` janus at gcc dot gnu.org
2013-10-25 20:31 ` songtao.thu at gmail dot com
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: janus at gcc dot gnu.org @ 2013-08-21 12:14 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57957
janus at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |janus at gcc dot gnu.org
Summary|Double free with |[F03] Double free with
|allocatable components |allocatable components
--- Comment #2 from janus at gcc dot gnu.org ---
(In reply to Tobias Burnus from comment #1)
> For GCC 4.9, one needs to wrap the code in the main program in BLOCK/END
> BLOCK as otherwise the end-of-scope deallocation does not trigger, which
> causes the failure.
Updated test case:
program main
implicit none
type :: type1
real, allocatable :: anum(:)
end type
type :: type2
type(type1) :: temp
end type
block
type(type1) :: t1
type(type2) :: t2
t1 = type1([0.,1.])
t2 = type2(t1)
end block
end
Note: The double free goes away when changing the line
t2 = type2(t1)
to
t2%temp = t1
That means the actual problem is not the auto-dealloc itself (which is done
properly), but the construction of t2: With the second variant, a deep copy is
done (allocating a separate chunk of memory for t2%temp), while in the first
one t2%temp only gets a reference to the memory allocated for t1 (which is of
course wrong). Since both t1 and t2 are auto-deallocated, we try to free that
memory twice.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug fortran/57957] [F03] Double free with allocatable components
2013-07-23 0:56 [Bug fortran/57957] New: Double free or corruption (fasttop) songtao.thu at gmail dot com
` (2 preceding siblings ...)
2013-08-21 12:14 ` [Bug fortran/57957] [F03] " janus at gcc dot gnu.org
@ 2013-10-25 20:31 ` songtao.thu at gmail dot com
2015-04-18 9:24 ` mikael at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: songtao.thu at gmail dot com @ 2013-10-25 20:31 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57957
--- Comment #3 from Tao Song <songtao.thu at gmail dot com> ---
(In reply to janus from comment #2)
> (In reply to Tobias Burnus from comment #1)
> > For GCC 4.9, one needs to wrap the code in the main program in BLOCK/END
> > BLOCK as otherwise the end-of-scope deallocation does not trigger, which
> > causes the failure.
>
> Updated test case:
>
>
> program main
>
> implicit none
>
> type :: type1
> real, allocatable :: anum(:)
> end type
>
> type :: type2
> type(type1) :: temp
> end type
>
>
> block
> type(type1) :: t1
> type(type2) :: t2
>
> t1 = type1([0.,1.])
> t2 = type2(t1)
> end block
> end
>
>
>
> Note: The double free goes away when changing the line
>
> t2 = type2(t1)
>
> to
>
> t2%temp = t1
>
> That means the actual problem is not the auto-dealloc itself (which is done
> properly), but the construction of t2: With the second variant, a deep copy
> is done (allocating a separate chunk of memory for t2%temp), while in the
> first one t2%temp only gets a reference to the memory allocated for t1
> (which is of course wrong). Since both t1 and t2 are auto-deallocated, we
> try to free that memory twice.
Do you mean in fortran the default structure constructor would yield a shadow
copying? Is this in the standard?
Thank you.
Tao Song
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug fortran/57957] [F03] Double free with allocatable components
2013-07-23 0:56 [Bug fortran/57957] New: Double free or corruption (fasttop) songtao.thu at gmail dot com
` (3 preceding siblings ...)
2013-10-25 20:31 ` songtao.thu at gmail dot com
@ 2015-04-18 9:24 ` mikael at gcc dot gnu.org
2015-04-18 9:50 ` dominiq at lps dot ens.fr
2015-10-21 0:20 ` dominiq at lps dot ens.fr
6 siblings, 0 replies; 8+ messages in thread
From: mikael at gcc dot gnu.org @ 2015-04-18 9:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57957
Mikael Morin <mikael at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mikael at gcc dot gnu.org
--- Comment #4 from Mikael Morin <mikael at gcc dot gnu.org> ---
(In reply to janus from comment #2)
> Updated test case:
>
That one seems to be memory-clean with current trunk. FIXED?
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug fortran/57957] [F03] Double free with allocatable components
2013-07-23 0:56 [Bug fortran/57957] New: Double free or corruption (fasttop) songtao.thu at gmail dot com
` (4 preceding siblings ...)
2015-04-18 9:24 ` mikael at gcc dot gnu.org
@ 2015-04-18 9:50 ` dominiq at lps dot ens.fr
2015-10-21 0:20 ` dominiq at lps dot ens.fr
6 siblings, 0 replies; 8+ messages in thread
From: dominiq at lps dot ens.fr @ 2015-04-18 9:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57957
--- Comment #5 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> That one seems to be memory-clean with current trunk. FIXED?
Confirmed for gcc 5 and trunk (6.0). The test in comment 0 succeeds with 4.9.2,
but not the one in comment 2 (!?). Both tests fail with 4.8.5.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug fortran/57957] [F03] Double free with allocatable components
2013-07-23 0:56 [Bug fortran/57957] New: Double free or corruption (fasttop) songtao.thu at gmail dot com
` (5 preceding siblings ...)
2015-04-18 9:50 ` dominiq at lps dot ens.fr
@ 2015-10-21 0:20 ` dominiq at lps dot ens.fr
6 siblings, 0 replies; 8+ messages in thread
From: dominiq at lps dot ens.fr @ 2015-10-21 0:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57957
Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #6 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> Confirmed for gcc 5 and trunk (6.0). The test in comment 0 succeeds with 4.9.2,
> but not the one in comment 2 (!?). Both tests fail with 4.8.5.
The first test has been fixed between revisions r199435 (2013-05-30) and
r199960 (2013-06-11) and the second test between r219797 (2015-01-17) and
r219823 (2015-01-18). Closing as FIXED.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-10-21 0:20 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-23 0:56 [Bug fortran/57957] New: Double free or corruption (fasttop) songtao.thu at gmail dot com
2013-07-23 2:14 ` [Bug fortran/57957] " songtao.thu at gmail dot com
2013-07-23 8:04 ` [Bug fortran/57957] Double free with allocatable components burnus at gcc dot gnu.org
2013-08-21 12:14 ` [Bug fortran/57957] [F03] " janus at gcc dot gnu.org
2013-10-25 20:31 ` songtao.thu at gmail dot com
2015-04-18 9:24 ` mikael at gcc dot gnu.org
2015-04-18 9:50 ` dominiq at lps dot ens.fr
2015-10-21 0:20 ` dominiq at lps dot ens.fr
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).