From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 88919 invoked by alias); 29 Aug 2015 16:35:26 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 88878 invoked by uid 48); 29 Aug 2015 16:35:21 -0000 From: "trippels at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/65970] [C++14] Endless loop with constexpr Date: Sat, 29 Aug 2015 16:35:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 5.1.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: trippels at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cf_reconfirmed_on cc everconfirmed Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-08/txt/msg02008.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D65970 Markus Trippelsdorf changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Last reconfirmed| |2015-08-29 CC| |trippels at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #1 from Markus Trippelsdorf --- Confirmed. Loops in: 3014 static tree=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 3015 cxx_eval_loop_expr (const constexpr_ctx *ctx, tree t,=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 3016 bool *non_constant_p, bool *overflow_p,=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20 3017 tree *jump_target)=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20 3018 {=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20 3019 tree body =3D TREE_OPERAND (t, 0);=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20 3020 while (true)=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 3021 {=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 3022 cxx_eval_statement_list (ctx, body,=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 3023 non_constant_p, overflow_p, jump_target= );=20=20=20 3024 if (returns (jump_target) || breaks (jump_target) || *non_constant_p)=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 3025 break;=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 3026 }=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 3027 if (breaks (jump_target))=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20 3028 *jump_target =3D NULL_TREE;=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20 3029 return NULL_TREE;=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20 3030 } A variant ICEs: markus@x4 tmp % cat const.ii constexpr int foo() { while (true) ; return 0; } int i =3D foo(); markus@x4 tmp % g++ -std=3Dc++14 -c const.ii const.ii:7:12: in constexpr expansion of =E2=80=98foo()=E2=80=99 const.ii:7:13: internal compiler error: tree check: expected statement_list, have nop_expr in tsi_start, at tree-iterator.h:42 int i =3D foo(); ^ 0xeef92c tree_check_failed(tree_node const*, char const*, int, char const*, ...) ../../gcc/gcc/tree.c:9499 0x59db9a tree_check(tree_node*, char const*, int, char const*, tree_code) ../../gcc/gcc/tree.h:2858 0x59db9a tsi_start ../../gcc/gcc/tree-iterator.h:42 0x7f085f tsi_start ../../gcc/gcc/cp/constexpr.c:2949 0x7f085f cxx_eval_statement_list ../../gcc/gcc/cp/constexpr.c:2980 0x7eacb6 cxx_eval_loop_expr ../../gcc/gcc/cp/constexpr.c:3023 0x7eacb6 cxx_eval_constant_expression ../../gcc/gcc/cp/constexpr.c:3646 0x7f06e6 cxx_eval_statement_list ../../gcc/gcc/cp/constexpr.c:2996 0x7eb3a4 cxx_eval_constant_expression ../../gcc/gcc/cp/constexpr.c:3580 0x7ea3ba cxx_eval_call_expression ../../gcc/gcc/cp/constexpr.c:1379 0x7eb191 cxx_eval_constant_expression ../../gcc/gcc/cp/constexpr.c:3205 0x7f0991 cxx_eval_outermost_constant_expr ../../gcc/gcc/cp/constexpr.c:3740 0x7f2b3f maybe_constant_init(tree_node*, tree_node*) ../../gcc/gcc/cp/constexpr.c:3943 0x67f5dc store_init_value(tree_node*, tree_node*, vec**, int) ../../gcc/gcc/cp/typeck2.c:826 0x5e83df check_initializer ../../gcc/gcc/cp/decl.c:6089 0x607884 cp_finish_decl(tree_node*, tree_node*, bool, tree_node*, int) ../../gcc/gcc/cp/decl.c:6714 0x704895 cp_parser_init_declarator ../../gcc/gcc/cp/parser.c:17846 0x707155 cp_parser_simple_declaration ../../gcc/gcc/cp/parser.c:11681 0x7008f3 cp_parser_block_declaration ../../gcc/gcc/cp/parser.c:11555 0x70c737 cp_parser_declaration ../../gcc/gcc/cp/parser.c:11452 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See for instructions. markus@x4 tmp % clang++ -Wall -Wextra -std=3Dc++14 -c const.ii const.ii:1:15: error: constexpr function never produces a constant expressi= on [-Winvalid-constexpr] constexpr int foo() { ^ const.ii:3:5: note: constexpr evaluation hit maximum step limit; possible infinite loop? ; ^ 1 error generated. >>From gcc-bugs-return-495867-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Sat Aug 29 17:04:14 2015 Return-Path: Delivered-To: listarch-gcc-bugs@gcc.gnu.org Received: (qmail 29507 invoked by alias); 29 Aug 2015 17:04:13 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Delivered-To: mailing list gcc-bugs@gcc.gnu.org Received: (qmail 29272 invoked by uid 48); 29 Aug 2015 17:04:10 -0000 From: "brian.carpenter at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/67393] New: segfault in cxxfilt in d_unqualified_name () at ./cp-demangle.c:1547 Date: Sat, 29 Aug 2015 17:04:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 4.9.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: brian.carpenter at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-08/txt/msg02009.txt.bz2 Content-length: 4090 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67393 Bug ID: 67393 Summary: segfault in cxxfilt in d_unqualified_name () at ./cp-demangle.c:1547 Product: gcc Version: 4.9.2 Status: UNCONFIRMED Severity: critical Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: brian.carpenter at gmail dot com Target Milestone: --- I was fuzzing binutils/cxxfilt with AFL (http://lcamtuf.coredump.cx/afl/) and came across a crash and was told that it was a gcc bug not a cxxfilt bug. This is with GCC 4.9.2 on Debian 7 (x64). ./cxxfilt _Z6600000000 Valgrind: ==35143== Invalid read of size 1 ==35143== at 0x80CDBF: d_unqualified_name (cp-demangle.c:1547) ==35143== by 0x813F87: d_name (cp-demangle.c:1391) ==35143== by 0x815BE7: d_encoding (cp-demangle.c:1257) ==35143== by 0x8189F4: cplus_demangle_mangled_name (cp-demangle.c:1172) ==35143== by 0x81AD60: d_demangle_callback (cp-demangle.c:5886) ==35143== by 0x81AD60: d_demangle (cp-demangle.c:5937) ==35143== by 0x81AD60: cplus_demangle_v3 (cp-demangle.c:6094) ==35143== by 0x783A73: cplus_demangle (cplus-dem.c:864) ==35143== by 0x408192: demangle_it (cxxfilt.c:62) ==35143== by 0x407618: main (cxxfilt.c:227) ==35143== Address 0xffffffff8ae0ae97 is not stack'd, malloc'd or (recently) free'd ==35143== ==35143== ==35143== Process terminating with default action of signal 11 (SIGSEGV) ==35143== Access not within mapped region at address 0xFFFFFFFF8AE0AE97 ==35143== at 0x80CDBF: d_unqualified_name (cp-demangle.c:1547) ==35143== by 0x813F87: d_name (cp-demangle.c:1391) ==35143== by 0x815BE7: d_encoding (cp-demangle.c:1257) ==35143== by 0x8189F4: cplus_demangle_mangled_name (cp-demangle.c:1172) ==35143== by 0x81AD60: d_demangle_callback (cp-demangle.c:5886) ==35143== by 0x81AD60: d_demangle (cp-demangle.c:5937) ==35143== by 0x81AD60: cplus_demangle_v3 (cp-demangle.c:6094) ==35143== by 0x783A73: cplus_demangle (cplus-dem.c:864) ==35143== by 0x408192: demangle_it (cxxfilt.c:62) ==35143== by 0x407618: main (cxxfilt.c:227) ==35143== If you believe this happened as a result of a stack ==35143== overflow in your program's main thread (unlikely but ==35143== possible), you can try to increase the size of the ==35143== main thread stack using the --main-stacksize= flag. ==35143== The main thread stack size used in this run was 8388608. Segmentation fault GDB: Program received signal SIGSEGV, Segmentation fault. 0x000000000080cdbf in d_unqualified_name () at ./cp-demangle.c:1547 1547 ret = d_source_name (di); (gdb) bt #0 0x000000000080cdbf in d_unqualified_name () at ./cp-demangle.c:1547 #1 0x0000000000813f88 in d_name () at ./cp-demangle.c:1391 #2 0x0000000000815be8 in d_encoding () at ./cp-demangle.c:1257 #3 0x00000000008189f5 in cplus_demangle_mangled_name () at ./cp-demangle.c:1172 #4 0x000000000081ad61 in cplus_demangle_v3 () at ./cp-demangle.c:5886 #5 0x0000000000783a74 in cplus_demangle () #6 0x0000000000408193 in demangle_it () at cxxfilt.c:62 #7 0x0000000000407619 in main () at cxxfilt.c:227 (gdb) i r rax 0x7fffffffde30 140737488346672 rbx 0x7fffffffe0c0 140737488347328 rcx 0xabe2e1 11264737 rdx 0x0 0 rsi 0xffffffff8a0fe4ec -1978669844 rdi 0x0 0 rbp 0x7fffffffde30 0x7fffffffde30 rsp 0x7fffffffdcf0 0x7fffffffdcf0 r8 0xffffffd0 4294967248 r9 0x0 0 r10 0xffffffff8a0fe4ec -1978669844 r11 0x18 24 r12 0x1 1 r13 0x7fffffffe080 140737488347264 r14 0x10b 267 r15 0xffffffffbc6 17592186043334 rip 0x80cdbf 0x80cdbf eflags 0x10202 [ IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0