public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization
@ 2014-04-03 15:51 sshannin at gmail dot com
2014-04-03 18:12 ` [Bug c++/60750] " redi at gcc dot gnu.org
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: sshannin at gmail dot com @ 2014-04-03 15:51 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
Bug ID: 60750
Summary: double free after std::move on string inside throw
when compiled with optimization
Product: gcc
Version: 4.8.2
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: sshannin at gmail dot com
Host: Linux hostname 3.2.0-29-generic #46-Ubuntu SMP Fri Jul
27 17:03:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Target: x86_64-unknown-linux-gnu
Build: ../gcc-4.8.2/configure --disable-multilib
--enable-languages=c++ --program-suffix=-4.8.2
Created attachment 32535
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=32535&action=edit
Source
If I compile the attached source without optimization and run it (g++-4.8.2
--std=c++11 -o sample sample.cpp; ./sample), it behaves as expected.
If I compile with even O1 (g++-4.8.2 --std=c++11 -O1 -o sample sample.cpp), I
get the glibc double free warning dump.
I considered this source small enough (with standard headers) to not require
the preprocessed to be attached. Let me know if that, or any other info, is
desired as well
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
@ 2014-04-03 18:12 ` redi at gcc dot gnu.org
2014-04-03 18:19 ` trippels at gcc dot gnu.org
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: redi at gcc dot gnu.org @ 2014-04-03 18:12 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target|x86_64-unknown-linux-gnu |
Status|UNCONFIRMED |NEW
Last reconfirmed| |2014-04-03
Host|Linux hostname |
|3.2.0-29-generic #46-Ubuntu |
|SMP Fri Jul 27 17:03:23 UTC |
|2012 x86_64 x86_64 x86_64 |
|GNU/Linux |
Ever confirmed|0 |1
Build|../gcc-4.8.2/configure |
|--disable-multilib |
|--enable-languages=c++ |
|--program-suffix=-4.8.2 |
--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to sshannin from comment #0)
> I considered this source small enough (with standard headers) to not require
> the preprocessed to be attached.
Yep, it's fine, thanks.
Preprocessed source compiles and runs OK with clang, so I don't think it's a
library bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
2014-04-03 18:12 ` [Bug c++/60750] " redi at gcc dot gnu.org
@ 2014-04-03 18:19 ` trippels at gcc dot gnu.org
2014-04-03 19:41 ` sshannin at gmail dot com
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: trippels at gcc dot gnu.org @ 2014-04-03 18:19 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
Markus Trippelsdorf <trippels at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |trippels at gcc dot gnu.org
--- Comment #2 from Markus Trippelsdorf <trippels at gcc dot gnu.org> ---
-fsanitize=address shows:
markus@x4 tmp % g++ -g -fsanitize=address -std=c++11 -O2 sample.cpp
markus@x4 tmp % ./a.out
=================================================================
==568==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300000eff0
at pc 0x4014b0 bp 0x7fff5e3564a0 sp 0x7fff5e356498
READ of size 4 at 0x60300000eff0 thread T0
#0 0x4014af in __exchange_and_add_single
/var/tmp/gcc_test/usr/local/include/c++/4.9.0/ext/atomicity.h:67
#1 0x4014af in __exchange_and_add_dispatch
/var/tmp/gcc_test/usr/local/include/c++/4.9.0/ext/atomicity.h:84
#2 0x4014af in std::string::_Rep::_M_dispose(std::allocator<char> const&)
/var/tmp/gcc_test/usr/local/include/c++/4.9.0/bits/basic_string.h:246
#3 0x4011aa in std::string::_Rep::_M_dispose(std::allocator<char> const&)
/var/tmp/gcc_test/usr/local/include/c++/4.9.0/bits/basic_string.h:240
#4 0x4011aa in ~basic_string
/var/tmp/gcc_test/usr/local/include/c++/4.9.0/bits/basic_string.h:547
#5 0x4011aa in main /var/tmp/sample.cpp:13
#6 0x7f10d26e6faf in __libc_start_main (/lib/libc.so.6+0x1ffaf)
#7 0x401354 (/var/tmp/a.out+0x401354)
0x60300000eff0 is located 16 bytes inside of 30-byte region
[0x60300000efe0,0x60300000effe)
freed by thread T0 here:
#0 0x7f10d2d2bb97 in free
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/libasan.so.1+0x5eb97)
#1 0x7f10d3b88809 in std::string::_Rep::_M_dispose(std::allocator<char>
const&)
/var/tmp/gcc_build_dir/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.h:249
#2 0x7f10d3b88809 in std::string::_M_mutate(unsigned long, unsigned long,
unsigned long)
/var/tmp/gcc_build_dir/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:487
previously allocated by thread T0 here:
#0 0x7f10d2d2bdcf in malloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/libasan.so.1+0x5edcf)
#1 0x7f10d3b28b97 in operator new(unsigned long)
../../../../gcc/libstdc++-v3/libsupc++/new_op.cc:49
SUMMARY: AddressSanitizer: heap-use-after-free
/var/tmp/gcc_test/usr/local/include/c++/4.9.0/ext/atomicity.h:67
__exchange_and_add_single
Shadow bytes around the buggy address:
0x0c067fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c067fff9df0: fa fa fa fa fa fa fa fa fa fa fa fa fd fd[fd]fd
0x0c067fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==568==ABORTING
markus@x4 tmp % g++ -g -fsanitize=address -std=c++11 -O1 sample.cpp
markus@x4 tmp % ./a.out
=================================================================
==754==ERROR: AddressSanitizer: attempting double-free on 0x60300000efe0 in
thread T0:
#0 0x7f78aae87b97 in free
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/libasan.so.1+0x5eb97)
#1 0x4012b6 in ~basic_string
/var/tmp/gcc_test/usr/local/include/c++/4.9.0/bits/basic_string.h:547
#2 0x4012b6 in main /var/tmp/sample.cpp:13
#3 0x7f78aa842faf in __libc_start_main (/lib/libc.so.6+0x1ffaf)
#4 0x401028 (/var/tmp/a.out+0x401028)
0x60300000efe0 is located 0 bytes inside of 30-byte region
[0x60300000efe0,0x60300000effe)
freed by thread T0 here:
#0 0x7f78aae87b97 in free
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/libasan.so.1+0x5eb97)
#1 0x7f78abce4809 in std::string::_Rep::_M_dispose(std::allocator<char>
const&)
/var/tmp/gcc_build_dir/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.h:249
#2 0x7f78abce4809 in std::string::_M_mutate(unsigned long, unsigned long,
unsigned long)
/var/tmp/gcc_build_dir/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:487
previously allocated by thread T0 here:
#0 0x7f78aae87dcf in malloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.0/libasan.so.1+0x5edcf)
#1 0x7f78abc84b97 in operator new(unsigned long)
../../../../gcc/libstdc++-v3/libsupc++/new_op.cc:49
SUMMARY: AddressSanitizer: double-free ??:0 free
==754==ABORTING
markus@x4 tmp %
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
2014-04-03 18:12 ` [Bug c++/60750] " redi at gcc dot gnu.org
2014-04-03 18:19 ` trippels at gcc dot gnu.org
@ 2014-04-03 19:41 ` sshannin at gmail dot com
2014-04-04 9:43 ` [Bug c++/60750] [4.8/4.9 Regression] " rguenth at gcc dot gnu.org
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: sshannin at gmail dot com @ 2014-04-03 19:41 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
--- Comment #3 from sshannin at gmail dot com ---
As a note that may help pin things down, removing either call to std::move() or
removing the concatenation with err_prefix done in call to the
std::runtime_error constructor seems to resolve this (or mask it).
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8/4.9 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (2 preceding siblings ...)
2014-04-03 19:41 ` sshannin at gmail dot com
@ 2014-04-04 9:43 ` rguenth at gcc dot gnu.org
2014-04-04 11:00 ` trippels at gcc dot gnu.org
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-04-04 9:43 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
Priority|P3 |P2
Target Milestone|--- |4.8.3
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
valgrind says
==12050== Invalid free() / delete / delete[] / realloc()
==12050== at 0x4C28FAC: operator delete(void*) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12050== by 0x400DA3: main (basic_string.h:547)
==12050== Address 0x5a0b0b0 is 0 bytes inside a block of size 30 free'd
==12050== at 0x4C28FAC: operator delete(void*) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12050== by 0x4EF6879: std::string::_M_mutate(unsigned long, unsigned long,
unsigned long) (in /usr/lib64/libstdc++.so.6.0.20)
==12050== by 0x4EF6D1D: std::string::_M_replace_safe(unsigned long, unsigned
long, char const*, unsigned long) (in /usr/lib64/libstdc++.so.6.0.20)
==12050== by 0x400CF3: thrower(std::string) (basic_string.h:1277)
==12050== by 0x400D8F: main (t.C:13)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8/4.9 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (3 preceding siblings ...)
2014-04-04 9:43 ` [Bug c++/60750] [4.8/4.9 Regression] " rguenth at gcc dot gnu.org
@ 2014-04-04 11:00 ` trippels at gcc dot gnu.org
2014-04-04 11:22 ` rguenth at gcc dot gnu.org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: trippels at gcc dot gnu.org @ 2014-04-04 11:00 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
--- Comment #5 from Markus Trippelsdorf <trippels at gcc dot gnu.org> ---
-fno-ipa-pure-const "fixes" the issue.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8/4.9 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (4 preceding siblings ...)
2014-04-04 11:00 ` trippels at gcc dot gnu.org
@ 2014-04-04 11:22 ` rguenth at gcc dot gnu.org
2014-04-04 11:37 ` rguenth at gcc dot gnu.org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-04-04 11:22 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Markus Trippelsdorf from comment #5)
> -fno-ipa-pure-const "fixes" the issue.
local pure const computes thrower() as noreturn. Adding noreturn to it in
the source reproduces the problem even with -fno-ipa-pure-const (but not
with -O0 or GCC 4.7).
Thus, adjusted testcase:
#include <string>
#include <stdexcept>
#include <stdio.h>
const std::string err_prefix = "Problem: ";
void __attribute__((noreturn)) thrower (std::string msg) {
throw std::runtime_error(err_prefix + std::move(msg));
}
int main(int argc, char **argv) {
try {
std::string base = "hello";
thrower(std::move(base));
} catch (const std::runtime_error &e) {
printf( "Leaving catch. %s\n", e.what());
}
printf( "exiting nbd\n");
return 0;
}
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8/4.9 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (5 preceding siblings ...)
2014-04-04 11:22 ` rguenth at gcc dot gnu.org
@ 2014-04-04 11:37 ` rguenth at gcc dot gnu.org
2014-04-04 12:14 ` rguenth at gcc dot gnu.org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-04-04 11:37 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |rguenth at gcc dot gnu.org
--- Comment #7 from Richard Biener <rguenth at gcc dot gnu.org> ---
For some reason thrower() is pure(!?) (no vdef) and thus FRE maybe does some
invalid transform. Oh.
/* A 'pure' or a 'const' function never call-clobbers anything.
A 'noreturn' function might, but since we don't return anyway
there is no point in recording that. */
if (!(call_flags & (ECF_PURE | ECF_CONST | ECF_NORETURN)))
add_virtual_operand (fn, stmt, opf_def);
that's of course "true", but only if the function doesn't return otherwise
(like via EH):
# VUSE <.MEM_11>
thrower (&D.20915);
;; succ: 5 (EH)
it doesn't save us much when we remove that optimization (we "save" a
VDEF), but I can imagine other analyses being confused about this because
generally "no VDEF" -> doesn't store.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8/4.9 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (6 preceding siblings ...)
2014-04-04 11:37 ` rguenth at gcc dot gnu.org
@ 2014-04-04 12:14 ` rguenth at gcc dot gnu.org
2014-04-07 8:39 ` [Bug c++/60750] [4.8 " rguenth at gcc dot gnu.org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-04-04 12:14 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
--- Comment #8 from Richard Biener <rguenth at gcc dot gnu.org> ---
Patch posted and in testing - the underlying issue is present at least since
4.1 (didn't check 4.0 sources).
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8/4.9 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (8 preceding siblings ...)
2014-04-07 8:39 ` [Bug c++/60750] [4.8 " rguenth at gcc dot gnu.org
@ 2014-04-07 8:39 ` rguenth at gcc dot gnu.org
2014-05-05 13:49 ` [Bug c++/60750] [4.8 " rguenth at gcc dot gnu.org
2014-05-05 13:50 ` rguenth at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-04-07 8:39 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
--- Comment #9 from Richard Biener <rguenth at gcc dot gnu.org> ---
Author: rguenth
Date: Mon Apr 7 08:38:23 2014
New Revision: 209179
URL: http://gcc.gnu.org/viewcvs?rev=209179&root=gcc&view=rev
Log:
2014-04-07 Richard Biener <rguenther@suse.de>
PR middle-end/60750
* tree-ssa-operands.c (maybe_add_call_vops): Also add VDEFs
for noreturn calls.
* tree-cfgcleanup.c (fixup_noreturn_call): Do not remove VDEFs.
* g++.dg/torture/pr60750.C: New testcase.
* gcc.dg/tree-ssa/20040517-1.c: Adjust.
Added:
trunk/gcc/testsuite/g++.dg/torture/pr60750.C
Modified:
trunk/gcc/ChangeLog
trunk/gcc/testsuite/ChangeLog
trunk/gcc/testsuite/gcc.dg/tree-ssa/20040517-1.c
trunk/gcc/tree-cfgcleanup.c
trunk/gcc/tree-ssa-operands.c
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (7 preceding siblings ...)
2014-04-04 12:14 ` rguenth at gcc dot gnu.org
@ 2014-04-07 8:39 ` rguenth at gcc dot gnu.org
2014-04-07 8:39 ` [Bug c++/60750] [4.8/4.9 " rguenth at gcc dot gnu.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-04-07 8:39 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to work| |4.9.0
Summary|[4.8/4.9 Regression] double |[4.8 Regression] double
|free after std::move on |free after std::move on
|string inside throw when |string inside throw when
|compiled with optimization |compiled with optimization
Known to fail|4.9.0 |
--- Comment #10 from Richard Biener <rguenth at gcc dot gnu.org> ---
Fixed on trunk sofar.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (9 preceding siblings ...)
2014-04-07 8:39 ` [Bug c++/60750] [4.8/4.9 " rguenth at gcc dot gnu.org
@ 2014-05-05 13:49 ` rguenth at gcc dot gnu.org
2014-05-05 13:50 ` rguenth at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-05-05 13:49 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
--- Comment #11 from Richard Biener <rguenth at gcc dot gnu.org> ---
Author: rguenth
Date: Mon May 5 13:48:42 2014
New Revision: 210070
URL: http://gcc.gnu.org/viewcvs?rev=210070&root=gcc&view=rev
Log:
2014-05-05 Richard Biener <rguenther@suse.de>
Backport from mainline
2014-04-23 Richard Biener <rguenther@suse.de>
PR middle-end/60895
* tree-inline.c (declare_return_variable): Use mark_addressable.
* g++.dg/torture/pr60895.C: New testcase.
2014-04-07 Richard Biener <rguenther@suse.de>
PR middle-end/60750
* tree-ssa-operands.c (maybe_add_call_vops): Also add VDEFs
for noreturn calls.
* tree-cfgcleanup.c (fixup_noreturn_call): Do not remove VDEFs.
* g++.dg/torture/pr60750.C: New testcase.
* gcc.dg/tree-ssa/20040517-1.c: Adjust.
2014-04-14 Richard Biener <rguenther@suse.de>
PR tree-optimization/59817
PR tree-optimization/60453
* graphite-scop-detection.c (graphite_can_represent_scev): Complete
recursion to catch all CHRECs in the scalar evolution and restrict
the predicate for the remains appropriately.
* gfortran.dg/graphite/pr59817.f: New testcase.
* gcc.dg/graphite/pr59817-1.c: Likewise.
* gcc.dg/graphite/pr59817-2.c: Likewise.
2014-04-17 Richard Biener <rguenther@suse.de>
PR tree-optimization/60836
* tree-vect-loop.c (vect_create_epilog_for_reduction): Force
initial PHI args to be gimple values.
* g++.dg/vect/pr60836.cc: New testcase.
Added:
branches/gcc-4_8-branch/gcc/testsuite/g++.dg/torture/pr60750.C
branches/gcc-4_8-branch/gcc/testsuite/g++.dg/torture/pr60895.C
branches/gcc-4_8-branch/gcc/testsuite/g++.dg/vect/pr60836.cc
branches/gcc-4_8-branch/gcc/testsuite/gcc.dg/graphite/pr59817-1.c
branches/gcc-4_8-branch/gcc/testsuite/gcc.dg/graphite/pr59817-2.c
branches/gcc-4_8-branch/gcc/testsuite/gfortran.dg/graphite/pr59817.f
Modified:
branches/gcc-4_8-branch/gcc/ChangeLog
branches/gcc-4_8-branch/gcc/graphite-scop-detection.c
branches/gcc-4_8-branch/gcc/testsuite/ChangeLog
branches/gcc-4_8-branch/gcc/testsuite/gcc.dg/tree-ssa/20040517-1.c
branches/gcc-4_8-branch/gcc/tree-cfgcleanup.c
branches/gcc-4_8-branch/gcc/tree-inline.c
branches/gcc-4_8-branch/gcc/tree-ssa-operands.c
branches/gcc-4_8-branch/gcc/tree-vect-loop.c
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug c++/60750] [4.8 Regression] double free after std::move on string inside throw when compiled with optimization
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
` (10 preceding siblings ...)
2014-05-05 13:49 ` [Bug c++/60750] [4.8 " rguenth at gcc dot gnu.org
@ 2014-05-05 13:50 ` rguenth at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-05-05 13:50 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60750
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Known to work| |4.8.3
Resolution|--- |FIXED
--- Comment #12 from Richard Biener <rguenth at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2014-05-05 13:50 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-03 15:51 [Bug c++/60750] New: double free after std::move on string inside throw when compiled with optimization sshannin at gmail dot com
2014-04-03 18:12 ` [Bug c++/60750] " redi at gcc dot gnu.org
2014-04-03 18:19 ` trippels at gcc dot gnu.org
2014-04-03 19:41 ` sshannin at gmail dot com
2014-04-04 9:43 ` [Bug c++/60750] [4.8/4.9 Regression] " rguenth at gcc dot gnu.org
2014-04-04 11:00 ` trippels at gcc dot gnu.org
2014-04-04 11:22 ` rguenth at gcc dot gnu.org
2014-04-04 11:37 ` rguenth at gcc dot gnu.org
2014-04-04 12:14 ` rguenth at gcc dot gnu.org
2014-04-07 8:39 ` [Bug c++/60750] [4.8 " rguenth at gcc dot gnu.org
2014-04-07 8:39 ` [Bug c++/60750] [4.8/4.9 " rguenth at gcc dot gnu.org
2014-05-05 13:49 ` [Bug c++/60750] [4.8 " rguenth at gcc dot gnu.org
2014-05-05 13:50 ` rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).