[Bug fortran/64397] [OOP] Runtime segfault with type-bound assignment and parenthesis

[Bug fortran/64397] [OOP] Runtime segfault with type-bound assignment and parenthesis

[janus at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64397

janus at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |wrong-code
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2014-12-23
                 CC|                            |janus at gcc dot gnu.org
            Summary|memory allocation failed    |[OOP] Runtime segfault with
                   |with parenthesis            |type-bound assignment and
                   |                            |parenthesis
     Ever confirmed|0                           |1

--- Comment #1 from janus at gcc dot gnu.org ---
I'm not actually sure that the segfault is related to memory allocation. In any
case, the output of the test case in comment 0 is:


$ ./a.out 
 called ass
 C: 
 called ass
 C:    1.00000000    
 called ass

Program received signal SIGSEGV: Segmentation fault - invalid memory reference.

Backtrace for this error:
#0  0x7F73005265F7
#1  0x7F7300526C3E
#2  0x7F72FFA23D9F
#3  0x7F72FFA85B5E
#4  0x401926 in MAIN__ at c0.f90:32 (discriminator 1)
Speicherzugriffsfehler (Speicherabzug geschrieben)


This means that the call to 'ass' generated from 'c = (a)' is performed
alright, but something goes wrong after that. Possibly related to cleaning up a
temporary which is generated for '(a)'?

[Bug fortran/64397] [OOP] Runtime segfault with type-bound assignment and parenthesis

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64397

--- Comment #2 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
The difference in the dumps for

program main
  use num
  type(my_integer) :: a, c
  a=my_integer([1])
  c = a                       ! -
end

and

program main
  use num
  type(my_integer) :: a, c
  a=my_integer([1])
  c = (a)                     ! +
end

is

--- pr64397_red.f90.003t.original    2014-12-23 22:44:37.000000000 +0100
+++ pr64397_red_1.f90.003t.original    2014-12-23 22:45:12.000000000 +0100
@@ -276,7 +276,7 @@ ass (struct __class_num_My_integer_t & r
             {
               if (a->_data->x.data != 0B)
                 {
-                  _gfortran_runtime_error_at (&"At line 17 of file
pr64397_red.f90"[1]{lb: 1 sz: 1}, &"Attempting to allocate already allocated
variable \'%s\'"[1]{lb: 1 sz: 1}, &"a"[1]{lb: 1 sz: 1});
+                  _gfortran_runtime_error_at (&"At line 17 of file
pr64397_red_1.f90"[1]{lb: 1 sz: 1}, &"Attempting to allocate already allocated
variable \'%s\'"[1]{lb: 1 sz: 1}, &"a"[1]{lb: 1 sz: 1});
                 }
               else
                 {
@@ -445,14 +445,40 @@ MAIN__ ()
     class.11._data->x.data = 0B;
   }
   {
+    void * restrict D.3563;
+    integer(kind=8) D.3562;
+    integer(kind=8) D.3561;
+    integer(kind=8) D.3560;
+    struct __class_num_My_integer_t D.3559;
+    struct my_integer D.3558;
     struct __class_num_My_integer_t class.16;
     struct __class_num_My_integer_t class.15;

     class.15._vptr = (struct __vtype_num_My_integer * {ref-all})
&__vtab_num_My_integer;
     class.15._data = (struct my_integer *) &c;
     class.16._vptr = (struct __vtype_num_My_integer * {ref-all})
&__vtab_num_My_integer;
-    class.16._data = (struct my_integer *) &a;
+    D.3558 = a;
+    class.16._data = (struct my_integer *) &D.3558;
+    D.3559 = class.16;
     ass (&class.15, &class.16);
+    if ((void *) D.3559.x.data != 0B)
+      {
+        D.3560 = (D.3559.x.dim[0].ubound - D.3559.x.dim[0].lbound) + 1;
+        D.3561 = NON_LVALUE_EXPR <D.3560>;
+      }
+    if (class.16._data->x.data != 0B)
+      {
+        __builtin_free ((void *) class.16._data->x.data);
+      }
+    class.16._data->x.data = 0B;
   }
 }

[Bug fortran/64397] [OOP] Runtime segfault with type-bound assignment and parenthesis

[janus at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64397

--- Comment #3 from janus at gcc dot gnu.org ---
Actually one can reduce it even further:


program main

  type :: my_integer
    real, allocatable :: x(:)
  end type
  type(my_integer) :: a

  a=my_integer([1])
  write (*,*) "A"
  call ass(a)
  write (*,*) "B"
  call ass((a))
  write (*,*) "C"

contains

  subroutine ass(b)
    class(my_integer), intent(in) :: b
    print *,'called ass'
  end subroutine

end


This program does not do anything useful any more, but it still shows the same
segfault at/after the call to "ass((a))":

$ ./a.out 
 A
 called ass
 B
 called ass

Program received signal SIGSEGV: Segmentation fault - invalid memory reference.


Making 'b' a TYPE instead of a CLASS makes the error go away.

[Bug fortran/64397] [OOP] Runtime segfault with parenthesis expression passed to polymorphic dummy argument

[janus at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64397

janus at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[OOP] Runtime segfault with |[OOP] Runtime segfault with
                   |type-bound assignment and   |parenthesis expression
                   |parenthesis                 |passed to polymorphic dummy
                   |                            |argument

--- Comment #4 from janus at gcc dot gnu.org ---
As shown by -fdump-tree-original, the first call to 'ass' is translated to:

  {
    struct __class_main_My_integer_t class.11;

    class.11._vptr = (struct __vtype_main_My_integer * {ref-all})
&__vtab_main_My_integer;
    class.11._data = (struct my_integer *) &a;
    ass (&class.11);
  }


The second call, however, is translated to:

  {
    void * restrict D.3514;
    integer(kind=8) D.3513;
    integer(kind=8) D.3512;
    integer(kind=8) D.3511;
    struct __class_main_My_integer_t D.3510;
    struct my_integer D.3509;
    struct __class_main_My_integer_t class.13;

    class.13._vptr = (struct __vtype_main_My_integer * {ref-all})
&__vtab_main_My_integer;
    D.3509 = a;
    class.13._data = (struct my_integer *) &D.3509;
    D.3510 = class.13;
    ass (&class.13);
    if ((void *) D.3510.x.data != 0B)
      {
        D.3511 = (D.3510.x.dim[0].ubound - D.3510.x.dim[0].lbound) + 1;
        D.3512 = NON_LVALUE_EXPR <D.3511>;
        D.3513 = D.3512 * 4;
        D.3514 = (void * restrict) __builtin_malloc (MAX_EXPR <(unsigned long)
D.3513, 1>);
        class.13.x.data = D.3514;
        __builtin_memcpy ((real(kind=4)[0:] * restrict) class.13.x.data,
(real(kind=4)[0:] * restrict) D.3510.x.data, (unsigned long) (D.3512 * 4));
      }
    else
      {
        class.13.x.data = 0B;
      }
    if (class.13._data->x.data != 0B)
      {
        __builtin_free ((void *) class.13._data->x.data);
      }
    class.13._data->x.data = 0B;
  }


While nothing is done after the call itself in the first case, quite a bit of
cleanup-code is added in the second case (which is also seen in comment 2.

[Bug fortran/64397] [OOP] Runtime segfault with parenthesis expression passed to polymorphic dummy argument

[patnel97269-gfortran at yahoo dot fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64397

--- Comment #5 from patnel97269-gfortran at yahoo dot fr ---
(In reply to janus from comment #3)
> Actually one can reduce it even further:
> 
> 
> program main
> 
>   type :: my_integer
>     real, allocatable :: x(:)
>   end type
>   type(my_integer) :: a
> 
>   a=my_integer([1])
>   write (*,*) "A"
>   call ass(a)
>   write (*,*) "B"
>   call ass((a))
>   write (*,*) "C"
> 
> contains
> 
>   subroutine ass(b)
>     class(my_integer), intent(in) :: b
>     print *,'called ass'
>   end subroutine
> 
> end
> 
> 
> This program does not do anything useful any more, but it still shows the
> same segfault at/after the call to "ass((a))":
> 
> $ ./a.out 
>  A
>  called ass
>  B
>  called ass
> 
> Program received signal SIGSEGV: Segmentation fault - invalid memory
> reference.
> 
> 
> Making 'b' a TYPE instead of a CLASS makes the error go away.



I agree that this example still trigger a bug, but I remember in my original
(more complicated) code, the segfault appears when it tries to access the
allocatable components of the type in the subroutine before computation and
before returning. So the problem might be at entrance and not necessarily after
the call. This need to be confirmed.

[Bug fortran/64397] [OOP] Runtime segfault with parenthesis expression passed to polymorphic dummy argument

[janus at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64397

--- Comment #6 from janus at gcc dot gnu.org ---
(In reply to patnel97269-gfortran from comment #5)
> I agree that this example still trigger a bug, but I remember in my original
> (more complicated) code, the segfault appears when it tries to access the
> allocatable components of the type in the subroutine

Are you sure? In my debugging sessions, it always seemed like the segfault
happened after the subroutine call.

[Bug fortran/64397] [OOP] Runtime segfault with parenthesis expression passed to polymorphic dummy argument

[patnel97269-gfortran at yahoo dot fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64397

--- Comment #7 from patnel97269-gfortran at yahoo dot fr ---
(In reply to janus from comment #6)
> (In reply to patnel97269-gfortran from comment #5)
> > I agree that this example still trigger a bug, but I remember in my original
> > (more complicated) code, the segfault appears when it tries to access the
> > allocatable components of the type in the subroutine
> 
> Are you sure? In my debugging sessions, it always seemed like the segfault
> happened after the subroutine call.

My bad, can't reproduce that. Appears to be in between the a multiplication
call and the assignment call, so at the return.