public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug middle-end/59309] New: FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors)
@ 2013-11-27 12:34 hjl.tools at gmail dot com
2013-11-27 13:17 ` [Bug middle-end/59309] " hjl.tools at gmail dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2013-11-27 12:34 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59309
Bug ID: 59309
Summary: FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g
-fcilkplus (test for excess errors)
Product: gcc
Version: 4.9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: hjl.tools at gmail dot com
When GCC is bootstraped with -fsanitize=address, I got
==5312==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200001e550
at pc 0x7fb14b
....
[hjl@gnu-mic-2 gcc]$ addr2line -e cc1 0x7fb14b
/export/gnu/import/git/gcc/gcc/c-family/cilk.c:765
[hjl@gnu-mic-2 gcc]$
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/59309] FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors)
2013-11-27 12:34 [Bug middle-end/59309] New: FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors) hjl.tools at gmail dot com
@ 2013-11-27 13:17 ` hjl.tools at gmail dot com
2013-11-27 13:20 ` hjl.tools at gmail dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2013-11-27 13:17 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59309
--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
Breakpoint 4, 0x00000000007fb146 in gimplify_cilk_spawn (spawn_p=<optimized
out>, before=<optimized out>,
after=<optimized out>) at
/export/gnu/import/git/gcc/gcc/c-family/cilk.c:774
774 if (*arg_array == NULL_TREE)
(gdb) bt
#0 0x00000000007fb146 in gimplify_cilk_spawn (spawn_p=<optimized out>,
before=<optimized out>,
after=<optimized out>) at
/export/gnu/import/git/gcc/gcc/c-family/cilk.c:774
#1 0x0000000000d72f04 in gimplify_modify_expr
(expr_p=expr_p@entry=0x7ffff55cc3b8,
pre_p=pre_p@entry=0x7fffffffb540, post_p=post_p@entry=0x7fffffffa9a0,
want_value=<optimized out>)
at /export/gnu/import/git/gcc/gcc/gimplify.c:4442
#2 0x0000000000d5371d in gimplify_expr (expr_p=0x7ffff55cc3b8,
pre_p=pre_p@entry=0x7fffffffb540,
post_p=<optimized out>, post_p@entry=0x0,
gimple_test_f=gimple_test_f@entry=0xd40450 <is_gimple_stmt(tree)>,
fallback=fallback@entry=0) at
/export/gnu/import/git/gcc/gcc/gimplify.c:7436
#3 0x0000000000d5df5b in gimplify_stmt (stmt_p=<optimized out>,
seq_p=seq_p@entry=0x7fffffffb540)
at /export/gnu/import/git/gcc/gcc/gimplify.c:5353
#4 0x0000000000d543f4 in gimplify_statement_list (pre_p=0x7fffffffb540,
expr_p=0x7ffff55c39b8)
at /export/gnu/import/git/gcc/gcc/gimplify.c:1405
#5 gimplify_expr (expr_p=0x7ffff55c39b8, pre_p=pre_p@entry=0x7fffffffb540,
post_p=<optimized out>,
post_p@entry=0x0, gimple_test_f=gimple_test_f@entry=0xd40450
<is_gimple_stmt(tree)>,
fallback=fallback@entry=0) at
/export/gnu/import/git/gcc/gcc/gimplify.c:7844
#6 0x0000000000d5df5b in gimplify_stmt (stmt_p=<optimized out>,
seq_p=seq_p@entry=0x7fffffffb540)
at /export/gnu/import/git/gcc/gcc/gimplify.c:5353
#7 0x0000000000d68320 in gimplify_cond_expr
(expr_p=expr_p@entry=0x7ffff55cc418,
pre_p=pre_p@entry=0x7fffffffc6e0, fallback=fallback@entry=0) at
/export/gnu/import/git/gcc/gcc/gimplify.c:3085
#8 0x0000000000d53773 in gimplify_expr (expr_p=0x7ffff55cc418,
pre_p=pre_p@entry=0x7fffffffc6e0,
post_p=<optimized out>, post_p@entry=0x0,
gimple_test_f=gimple_test_f@entry=0xd40450 <is_gimple_stmt(tree)>,
fallback=fallback@entry=0) at
/export/gnu/import/git/gcc/gcc/gimplify.c:7379
#9 0x0000000000d5df5b in gimplify_stmt (stmt_p=<optimized out>,
seq_p=seq_p@entry=0x7fffffffc6e0)
---Type <return> to continue, or q <return> to quit---
at /export/gnu/import/git/gcc/gcc/gimplify.c:5353
#10 0x0000000000d543f4 in gimplify_statement_list (pre_p=0x7fffffffc6e0,
expr_p=0x7fffffffc620)
at /export/gnu/import/git/gcc/gcc/gimplify.c:1405
#11 gimplify_expr (expr_p=0x7fffffffc620, pre_p=pre_p@entry=0x7fffffffc6e0,
post_p=<optimized out>,
post_p@entry=0x0, gimple_test_f=gimple_test_f@entry=0xd40450
<is_gimple_stmt(tree)>,
fallback=fallback@entry=0) at
/export/gnu/import/git/gcc/gcc/gimplify.c:7844
#12 0x0000000000d5df5b in gimplify_stmt (stmt_p=stmt_p@entry=0x7fffffffc620,
seq_p=seq_p@entry=0x7fffffffc6e0)
at /export/gnu/import/git/gcc/gcc/gimplify.c:5353
#13 0x0000000000d53b80 in gimplify_and_add (seq_p=0x7fffffffc6e0,
t=0x7ffff55cd3a0)
at /export/gnu/import/git/gcc/gcc/gimplify.c:384
#14 gimplify_expr (expr_p=0x7ffff55cc4f0, pre_p=pre_p@entry=0x7fffffffcfa0,
post_p=<optimized out>,
post_p@entry=0x0, gimple_test_f=gimple_test_f@entry=0xd40450
<is_gimple_stmt(tree)>,
fallback=fallback@entry=0) at
/export/gnu/import/git/gcc/gcc/gimplify.c:7766
#15 0x0000000000d5df5b in gimplify_stmt (stmt_p=<optimized out>,
seq_p=seq_p@entry=0x7fffffffcfa0)
at /export/gnu/import/git/gcc/gcc/gimplify.c:5353
#16 0x0000000000d543f4 in gimplify_statement_list (pre_p=0x7fffffffcfa0,
expr_p=0x7ffff55c39e0)
at /export/gnu/import/git/gcc/gcc/gimplify.c:1405
#17 gimplify_expr (expr_p=0x7ffff55c39e0, pre_p=pre_p@entry=0x7fffffffcfa0,
post_p=<optimized out>,
post_p@entry=0x0, gimple_test_f=gimple_test_f@entry=0xd40450
<is_gimple_stmt(tree)>,
fallback=fallback@entry=0) at
/export/gnu/import/git/gcc/gcc/gimplify.c:7844
#18 0x0000000000d5df5b in gimplify_stmt (stmt_p=<optimized out>,
seq_p=seq_p@entry=0x7fffffffcfa0)
at /export/gnu/import/git/gcc/gcc/gimplify.c:5353
#19 0x0000000000d603e9 in gimplify_bind_expr
(expr_p=expr_p@entry=0x7ffff55c8798,
---Type <return> to continue, or q <return> to quit---
pre_p=pre_p@entry=0x7fffffffd780) at
/export/gnu/import/git/gcc/gcc/gimplify.c:1072
#20 0x0000000000d538a5 in gimplify_expr (expr_p=0x7ffff55c8798,
pre_p=pre_p@entry=0x7fffffffd780,
post_p=<optimized out>, post_p@entry=0x0,
gimple_test_f=gimple_test_f@entry=0xd40450 <is_gimple_stmt(tree)>,
fallback=fallback@entry=0) at
/export/gnu/import/git/gcc/gcc/gimplify.c:7626
#21 0x0000000000d5df5b in gimplify_stmt (stmt_p=stmt_p@entry=0x7ffff55c8798,
seq_p=seq_p@entry=0x7fffffffd780)
at /export/gnu/import/git/gcc/gcc/gimplify.c:5353
#22 0x0000000000d61f4b in gimplify_body (fndecl=fndecl@entry=0x7ffff55c8700,
do_parms=do_parms@entry=true)
at /export/gnu/import/git/gcc/gcc/gimplify.c:8536
#23 0x0000000000d62d93 in gimplify_function_tree
(fndecl=fndecl@entry=0x7ffff55c8700)
at /export/gnu/import/git/gcc/gcc/gimplify.c:8674
#24 0x0000000000957c48 in analyze_function (node=node@entry=0x7ffff5952ea0)
at /export/gnu/import/git/gcc/gcc/cgraphunit.c:649
#25 0x000000000095b1b5 in analyze_functions () at
/export/gnu/import/git/gcc/gcc/cgraphunit.c:1017
#26 0x000000000095ef6c in finalize_compilation_unit () at
/export/gnu/import/git/gcc/gcc/cgraphunit.c:2271
#27 0x000000000061fc9d in c_write_global_declarations () at
/export/gnu/import/git/gcc/gcc/c/c-decl.c:10388
#28 0x00000000012076b5 in compile_file () at
/export/gnu/import/git/gcc/gcc/toplev.c:561
#29 0x000000000120c144 in do_compile () at
/export/gnu/import/git/gcc/gcc/toplev.c:1893
#30 toplev_main (argc=23, argv=0x7fffffffdf18) at
/export/gnu/import/git/gcc/gcc/toplev.c:1969
#31 0x0000003cdda21b45 in __libc_start_main () from /lib64/libc.so.6
#32 0x000000000059b721 in _start ()
(gdb) c
Continuing.
=================================================================
==8174==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200001e8b0
at pc 0x7fb14b bp 0x7fffffffa2d0 sp 0x7fffffffa2c8
READ of size 8 at 0x60200001e8b0 thread T0
#0 0x7fb14a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x7fb14a)
#1 0xd72f03
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd72f03)
#2 0xd5371c
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd5371c)
#3 0xd5df5a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd5df5a)
#4 0xd543f3
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd543f3)
#5 0xd5df5a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd5df5a)
#6 0xd6831f
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd6831f)
#7 0xd53772
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd53772)
#8 0xd5df5a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd5df5a)
#9 0xd543f3
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd543f3)
#10 0xd5df5a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd5df5a)
#11 0xd53b7f
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd53b7f)
#12 0xd5df5a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd5df5a)
#13 0xd543f3
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd543f3)
#14 0xd5df5a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd5df5a)
#15 0xd603e8
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd603e8)
#16 0xd538a4
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd538a4)
#17 0xd5df5a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd5df5a)
#18 0xd61f4a
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd61f4a)
#19 0xd62d92
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0xd62d92)
#20 0x957c47
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x957c47)
#21 0x95b1b4
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x95b1b4)
#22 0x95ef6b
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x95ef6b)
#23 0x61fc9c
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x61fc9c)
#24 0x12076b4
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x12076b4)
#25 0x120c143
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x120c143)
#26 0x3cdda21b44 (/lib64/libc.so.6+0x3cdda21b44)
#27 0x59b720
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x59b720)
0x60200001e8b1 is located 0 bytes to the right of 1-byte region
[0x60200001e8b0,0x60200001e8b1)
allocated by thread T0 here:
#0 0x5c51d4
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x5c51d4)
#1 0x224d367
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/cc1+0x224d367)
Shadow bytes around the buggy address:
0x0c047fffbcc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffbcd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffbce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffbcf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffbd00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fffbd10: fa fa fa fa fa fa[01]fa fa fa 00 fa fa fa fd fd
0x0c047fffbd20: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c047fffbd30: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c047fffbd40: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c047fffbd50: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
0x0c047fffbd60: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==8174==ABORTING
[Inferior 1 (process 8174) exited with code 01]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/59309] FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors)
2013-11-27 12:34 [Bug middle-end/59309] New: FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors) hjl.tools at gmail dot com
2013-11-27 13:17 ` [Bug middle-end/59309] " hjl.tools at gmail dot com
@ 2013-11-27 13:20 ` hjl.tools at gmail dot com
2013-11-28 16:06 ` [Bug c/59309] " hjl.tools at gmail dot com
2013-11-29 13:22 ` hjl.tools at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2013-11-27 13:20 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59309
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bviyer at gmail dot com
--- Comment #2 from H.J. Lu <hjl.tools at gmail dot com> ---
There are
/* This should give the number of parameters. */
total_args = list_length (new_args);
arg_array = XNEWVEC (tree, total_args);
ii_args = new_args;
for (ii = 0; ii < total_args; ii++)
{
arg_array[ii] = TREE_VALUE (ii_args);
ii_args = TREE_CHAIN (ii_args);
}
TREE_USED (function) = 1;
rest_of_decl_compilation (function, 0, 0);
call1 = cilk_call_setjmp (cfun->cilk_frame_decl);
if (*arg_array == NULL_TREE)
call2 = build_call_expr (function, 0);
else
call2 = build_call_expr_loc_array (EXPR_LOCATION (*spawn_p), function,
total_args, arg_array);
When total_args == 0, XNEWVEC (tree, total_args) doesn't return
NULL and "*arg_array" will be wrong.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/59309] FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors)
2013-11-27 12:34 [Bug middle-end/59309] New: FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors) hjl.tools at gmail dot com
2013-11-27 13:17 ` [Bug middle-end/59309] " hjl.tools at gmail dot com
2013-11-27 13:20 ` hjl.tools at gmail dot com
@ 2013-11-28 16:06 ` hjl.tools at gmail dot com
2013-11-29 13:22 ` hjl.tools at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2013-11-28 16:06 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59309
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2013-11-28
Component|middle-end |c
Target Milestone|--- |4.9.0
Ever confirmed|0 |1
--- Comment #3 from H.J. Lu <hjl.tools at gmail dot com> ---
A patch is posted at
http://gcc.gnu.org/ml/gcc-patches/2013-11/msg03673.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/59309] FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors)
2013-11-27 12:34 [Bug middle-end/59309] New: FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors) hjl.tools at gmail dot com
` (2 preceding siblings ...)
2013-11-28 16:06 ` [Bug c/59309] " hjl.tools at gmail dot com
@ 2013-11-29 13:22 ` hjl.tools at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2013-11-29 13:22 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59309
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from H.J. Lu <hjl.tools at gmail dot com> ---
Fixed.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-11-29 13:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-27 12:34 [Bug middle-end/59309] New: FAIL: c-c++-common/cilk-plus/CK/spawnee_inline.c -g -fcilkplus (test for excess errors) hjl.tools at gmail dot com
2013-11-27 13:17 ` [Bug middle-end/59309] " hjl.tools at gmail dot com
2013-11-27 13:20 ` hjl.tools at gmail dot com
2013-11-28 16:06 ` [Bug c/59309] " hjl.tools at gmail dot com
2013-11-29 13:22 ` hjl.tools at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).