From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18290 invoked by alias); 13 Feb 2014 17:18:08 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 17963 invoked by uid 48); 13 Feb 2014 17:18:03 -0000 From: "xguerin@tower-research.com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/60182] New: g++ segfault within template expansion using "using" aliasing Date: Thu, 13 Feb 2014 17:18:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 4.8.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: xguerin@tower-research.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-02/txt/msg01251.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D60182 Bug ID: 60182 Summary: g++ segfault within template expansion using "using" aliasing Product: gcc Version: 4.8.2 Status: UNCONFIRMED Severity: major Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: xguerin@tower-research.com Created attachment 32129 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=3D32129&action=3Dedit Code producing the issue G++ segfault while passing a class member that has been declared using a "using" alias to a templates function that uses templated type reduction. [g++48 -std=3Dc++11 -o test test.cpp] test.cpp: In constructor =E2=80=98A::A(const string&)=E2=80=99: test.cpp:28:25: internal compiler error: Segmentation fault doSomething(m_elements); 0x90661f crash_signal ../../gcc-4.8.2/gcc/toplev.c:332 0x58bedc unify ../../gcc-4.8.2/gcc/cp/pt.c:16580 0x58e9e1 unify_one_argument ../../gcc-4.8.2/gcc/cp/pt.c:15470 0x588dca type_unification_real ../../gcc-4.8.2/gcc/cp/pt.c:15542 0x58faf9 fn_type_unification(tree_node*, tree_node*, tree_node*, tree_node* const*, unsigned int, tree_node*, unification_kind_t, int, bool) ../../gcc-4.8.2/gcc/cp/pt.c:15124 0x5516b1 add_template_candidate_real ../../gcc-4.8.2/gcc/cp/call.c:2925 0x54f0a1 add_template_candidate ../../gcc-4.8.2/gcc/cp/call.c:3022 0x54f0a1 add_candidates ../../gcc-4.8.2/gcc/cp/call.c:5023 0x5537fd perform_overload_resolution ../../gcc-4.8.2/gcc/cp/call.c:3817 0x55727a build_new_function_call(tree_node*, vec**, bool, int) ../../gcc-4.8.2/gcc/cp/call.c:3894 0x606911 finish_call_expr(tree_node*, vec**, b= ool, bool, int) ../../gcc-4.8.2/gcc/cp/semantics.c:2231 0x5c4d5a cp_parser_postfix_expression ../../gcc-4.8.2/gcc/cp/parser.c:5862 0x5c6edd cp_parser_unary_expression ../../gcc-4.8.2/gcc/cp/parser.c:6736 0x5c7a0f cp_parser_binary_expression ../../gcc-4.8.2/gcc/cp/parser.c:7428 0x5c7ebf cp_parser_assignment_expression ../../gcc-4.8.2/gcc/cp/parser.c:7664 0x5c9ab3 cp_parser_expression ../../gcc-4.8.2/gcc/cp/parser.c:7826 0x5ca21c cp_parser_expression ../../gcc-4.8.2/gcc/cp/parser.c:7865 0x5ca21c cp_parser_expression_statement ../../gcc-4.8.2/gcc/cp/parser.c:9127 0x5c13c7 cp_parser_statement ../../gcc-4.8.2/gcc/cp/parser.c:8979 0x5c259e cp_parser_statement_seq_opt ../../gcc-4.8.2/gcc/cp/parser.c:9245 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See for instructions. >>From gcc-bugs-return-443495-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Thu Feb 13 17:21:01 2014 Return-Path: Delivered-To: listarch-gcc-bugs@gcc.gnu.org Received: (qmail 21903 invoked by alias); 13 Feb 2014 17:21:00 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Delivered-To: mailing list gcc-bugs@gcc.gnu.org Received: (qmail 21867 invoked by uid 48); 13 Feb 2014 17:20:57 -0000 From: "jakub at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/60183] New: [4.7/4.8/4.9 Regression] phiprop creates invalid code Date: Thu, 13 Feb 2014 17:21:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 4.8.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: jakub at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-02/txt/msg01252.txt.bz2 Content-length: 1515 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60183 Bug ID: 60183 Summary: [4.7/4.8/4.9 Regression] phiprop creates invalid code Product: gcc Version: 4.8.2 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: jakub at gcc dot gnu.org On: unsigned long c[32] = { 1 }; static void foo (unsigned long *x, unsigned long *y) { int i; unsigned long w = x[0]; for (i = 0; i < 8; i++) { w ^= *y++; w += *y++; w ^= *y++; w += *y++; } x[1] = w; } __attribute__((noinline, noclone)) void bar (unsigned long *x) { foo (x, c); } int main () { unsigned long a[2] = { 0, -1UL }; asm volatile ("" : : "r" (c) : "memory"); c[0] = 0; bar (a); if (a[1] != 0) __builtin_abort (); return 0; } at -O1 or higher phiprop causes invalid code to be generated, where the loop body reads the next *y value into a SSA_NAME and in loop preheader it reads c[0] into a SSA_NAME which is then used in a PHI on the loop header and the result of the PHI is used instead of the first *y read. In this particular case, I don't even see any advantages of doing that, but more importantly it can read one past the end of the array. With -O{1,2,3} -fsanitize=address this fails loudly, otherwise if you are unlucky enough and the variable is at the end of some mmapped area, you could get a crash as well.