[Bug sanitizer/63788] New: ICE: SIGSEGV in contains_struct_check with -O -fsanitize=undefined on almost any fortran code

[Bug sanitizer/63788] New: ICE: SIGSEGV in contains_struct_check with -O -fsanitize=undefined on almost any fortran code

[zsojka at seznam dot cz]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63788

            Bug ID: 63788
           Summary: ICE: SIGSEGV in contains_struct_check with -O
                    -fsanitize=undefined on almost any fortran code
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: zsojka at seznam dot cz
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org

Created attachment 33925
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33925&action=edit
reduced testcase

Compiler output:
$ gcc -O -fsanitize=undefined testcase.f
==32638== Invalid read of size 2
==32638==    at 0xEA80B8: contains_struct_check (tree.h:2864)
==32638==    by 0xEA80B8: build_call_expr_loc_array(unsigned int, tree_node*,
int, tree_node**) (tree.c:10556)
==32638==    by 0xEA8240: build_call_expr_loc(unsigned int, tree_node*, int,
...) (tree.c:10589)
==32638==    by 0xC62757: instrument_object_size(gimple_stmt_iterator*, bool)
(ubsan.c:1522)
==32638==    by 0xC664F0: (anonymous namespace)::pass_ubsan::execute(function*)
(ubsan.c:1670)
==32638==    by 0xB4E9D8: execute_one_pass(opt_pass*) (passes.c:2269)
==32638==    by 0xB4EF85: execute_pass_list_1(opt_pass*) (passes.c:2321)
==32638==    by 0xB4EFD8: execute_pass_list(function*, opt_pass*)
(passes.c:2332)
==32638==    by 0xB4D734: do_per_function_toporder(void (*)(function*, void*),
void*) (passes.c:1638)
==32638==    by 0xB4F5C6: execute_ipa_pass_list(opt_pass*) (passes.c:2670)
==32638==    by 0x85A7B4: ipa_passes (cgraphunit.c:2049)
==32638==    by 0x85A7B4: symbol_table::compile() (cgraphunit.c:2172)
==32638==    by 0x85C357: symbol_table::finalize_compilation_unit()
(cgraphunit.c:2325)
==32638==    by 0xAAF1C7: write_global_declarations() (langhooks.c:339)
==32638==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==32638== 
testcase.f:3:0:

       end
 ^
internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.


Almost any fortran code causes this ICE.

Tested revisions:
r217250 - ICE

[Bug sanitizer/63788] ICE: SIGSEGV in contains_struct_check with -O -fsanitize=undefined on almost any fortran code

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63788

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2014-11-09
     Ever confirmed|0                           |1

--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
I see the ICE at r216153 (2014-10-13), r216016 (2014-10-08) is OK.

[Bug sanitizer/63788] ICE: SIGSEGV in contains_struct_check with -O -fsanitize=undefined on almost any fortran code

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63788

--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Supposed BUILT_IN_OBJECT_SIZE builtin decl isn't wired.  So, either you need to
avoid instrumenting -fsanitize=object-size, if it is NULL, or e.g.
initialize_sanitizer_builtins
needs to create the __builtin_object_size builtin if it is not created by the
FE.
As that built-in isn't a sanitizer built-in, thus not in sanitizer.def,
supposedly you could just copy the:
DEF_GCC_BUILTIN        (BUILT_IN_OBJECT_SIZE, "object_size",
BT_FN_SIZE_CONST_PTR_INT, ATTR_PURE_NOTHROW_LEAF_LIST)
line below #include "sanitizer.def" in asan.c.

[Bug sanitizer/63788] ICE: SIGSEGV in contains_struct_check with -O -fsanitize=undefined on almost any fortran code

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63788

Marek Polacek <mpolacek at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Joost.VandeVondele at mat dot ethz
                   |                            |.ch

--- Comment #4 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
*** Bug 63976 has been marked as a duplicate of this bug. ***

[Bug sanitizer/63788] ICE: SIGSEGV in contains_struct_check with -O -fsanitize=undefined on almost any fortran code

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63788

--- Comment #5 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Author: mpolacek
Date: Wed Nov 26 14:05:21 2014
New Revision: 218084

URL: https://gcc.gnu.org/viewcvs?rev=218084&root=gcc&view=rev
Log:
    PR sanitizer/63788
    * asan.c (initialize_sanitizer_builtins): Add BT_FN_SIZE_CONST_PTR_INT
    var.  Conditionally build BUILT_IN_OBJECT_SIZE decl.
    (ATTR_PURE_NOTHROW_LEAF_LIST): Define.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/asan.c

[Bug sanitizer/63788] ICE: SIGSEGV in contains_struct_check with -O -fsanitize=undefined on almost any fortran code

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63788

Marek Polacek <mpolacek at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Fixed.