public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/82721] [8/9/10/11 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
@ 2020-09-23 15:25 ` markeggleston at gcc dot gnu.org
2020-09-28 7:49 ` markeggleston at gcc dot gnu.org
` (7 subsequent siblings)
8 siblings, 0 replies; 9+ messages in thread
From: markeggleston at gcc dot gnu.org @ 2020-09-23 15:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
markeggleston at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |markeggleston at gcc dot gnu.org
--- Comment #10 from markeggleston at gcc dot gnu.org ---
Using the bare minimum:
integer :: b
character(len(c)) :: b
end
I consistently get:
2 | character(len(c)) :: b
| 1
Error: Symbol ‘b’ at (1) already has basic type of INTEGER
pr82721temp.f90:2:14:
2 | character(len(c)) :: b
| 1
Error: Statement function ‘’ at (1) is not allowed as an actual argument
The second error pops out when the following code in resolve_types (resolve.c)
is executed:
for (cl = ns->cl_list; cl; cl = cl->next)
resolve_charlen (cl);
The list of character lengths is corrupt, the first item points to an
expression of type EXPR_FUNCTION however its symtree has the name "end" instead
of "len" it had when it was first added to the character lengths list.
When reject_statement is called for "character(len(c)) :: b" the symtree
structure for "len" is deleted, unfortunately the reference to the deleted
symtree structure remains untouched in the expression representing the
character length.
Later a symtree is created for "end" which matches the symtree referenced by
the character length expression thus the name is changed to "end" and the
symtree points to symbol.
As an experiment using a nasty dirty hack I prevent the symtree being deleted
if it was referenced by the expression pointed to by the length field of the
charlen structure. It had not affect on the reported errors.
I have since discovered that the expression that is the first argument of the
"len" function also has a symtree that is deleted which the reference remains
as is.
Note: the comment preceding reject_statement says:
/* Undo anything tentative that has been built for the current statement,
except if a gfc_charlen structure has been added to current namespace's
list of gfc_charlen structure. */
Clearly this is not the case as items referenced indirectly from the
gfc_charlen structure are deleted without references being touched.
Further investigation is in progress.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug fortran/82721] [8/9/10/11 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
2020-09-23 15:25 ` [Bug fortran/82721] [8/9/10/11 Regression] Error message with corrupted text, sometimes ICE markeggleston at gcc dot gnu.org
@ 2020-09-28 7:49 ` markeggleston at gcc dot gnu.org
2020-10-09 19:54 ` anlauf at gcc dot gnu.org
` (6 subsequent siblings)
8 siblings, 0 replies; 9+ messages in thread
From: markeggleston at gcc dot gnu.org @ 2020-09-28 7:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
--- Comment #11 from markeggleston at gcc dot gnu.org ---
No progress. I have no idea how to fix this and will no longer work on it.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug fortran/82721] [8/9/10/11 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
2020-09-23 15:25 ` [Bug fortran/82721] [8/9/10/11 Regression] Error message with corrupted text, sometimes ICE markeggleston at gcc dot gnu.org
2020-09-28 7:49 ` markeggleston at gcc dot gnu.org
@ 2020-10-09 19:54 ` anlauf at gcc dot gnu.org
2021-03-03 7:38 ` zeccav at gmail dot com
` (5 subsequent siblings)
8 siblings, 0 replies; 9+ messages in thread
From: anlauf at gcc dot gnu.org @ 2020-10-09 19:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
anlauf at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |anlauf at gcc dot gnu.org
--- Comment #12 from anlauf at gcc dot gnu.org ---
On Linux it seems to help setting MALLOC_PERTURB_ to a non-zero value to
get a consistent ICE.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug fortran/82721] [8/9/10/11 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
` (2 preceding siblings ...)
2020-10-09 19:54 ` anlauf at gcc dot gnu.org
@ 2021-03-03 7:38 ` zeccav at gmail dot com
2021-05-14 9:49 ` [Bug fortran/82721] [9/10/11/12 " jakub at gcc dot gnu.org
` (4 subsequent siblings)
8 siblings, 0 replies; 9+ messages in thread
From: zeccav at gmail dot com @ 2021-03-03 7:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
Vittorio Zecca <zeccav at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zeccav at gmail dot com
--- Comment #13 from Vittorio Zecca <zeccav at gmail dot com> ---
On my sanitized trunk version I get the following.
This is on x86-64 Fedora 33 and line numbers
~/local/gcc-150221-sanitized/bin/gfortran z82721.f90 -S
z82721.f90:3:25:
3 | character(len(c)) :: b
| 1
Error: Symbol ‘b’ at (1) already has basic type of REAL
=================================================================
==147959==ERROR: AddressSanitizer: heap-use-after-free on address
0x6040000017f8 at pc 0x0000008b02df bp 0x7fffc363cef0 sp 0x7fffc363cee8
READ of size 8 at 0x6040000017f8 thread T0
#0 0x8b02de in check_host_association
../../gcc-150221/gcc/fortran/resolve.c:5978
#1 0x8c1b4b in gfc_resolve_expr(gfc_expr*)
../../gcc-150221/gcc/fortran/resolve.c:7096
#2 0x91d1bf in resolve_index_expr
../../gcc-150221/gcc/fortran/resolve.c:12406
#3 0x91d79f in resolve_charlen ../../gcc-150221/gcc/fortran/resolve.c:12459
#4 0x96f604 in resolve_types ../../gcc-150221/gcc/fortran/resolve.c:17294
#5 0x970adf in gfc_resolve(gfc_namespace*)
../../gcc-150221/gcc/fortran/resolve.c:17411
#6 0x81fc90 in resolve_all_program_units
../../gcc-150221/gcc/fortran/parse.c:6290
#7 0x82229f in gfc_parse_file() ../../gcc-150221/gcc/fortran/parse.c:6542
#8 0xa64b7c in gfc_be_parse_file
../../gcc-150221/gcc/fortran/f95-lang.c:212
#9 0x33fa43d in compile_file ../../gcc-150221/gcc/toplev.c:457
#10 0x34097a2 in do_compile ../../gcc-150221/gcc/toplev.c:2197
#11 0x340a39f in toplev::main(int, char**)
../../gcc-150221/gcc/toplev.c:2336
#12 0x7f24cb9 in main ../../gcc-150221/gcc/main.c:39
#13 0x147bdbb291e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1)
#14 0x41958d in _start
(/home/vitti/1TB/local/gcc-150221-sanitized/libexec/gcc/x86_64-pc-linux-gnu/11.0.0/f951+0x41958d)
0x6040000017f8 is located 40 bytes inside of 48-byte region
[0x6040000017d0,0x604000001800)
freed by thread T0 here:
#0 0x147bdca7b797 in __interceptor_free
../../../../gcc-150221/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0xa1cd6f in gfc_delete_symtree(gfc_symtree**, char const*)
../../gcc-150221/gcc/fortran/symbol.c:2964
#2 0xa25801 in gfc_restore_last_undo_checkpoint()
../../gcc-150221/gcc/fortran/symbol.c:3706
#3 0xa25a5f in gfc_undo_symbols()
../../gcc-150221/gcc/fortran/symbol.c:3739
#4 0x80175f in reject_statement ../../gcc-150221/gcc/fortran/parse.c:2678
#5 0x7f2bb0 in match_word ../../gcc-150221/gcc/fortran/parse.c:70
#6 0x7f445d in decode_statement ../../gcc-150221/gcc/fortran/parse.c:376
#7 0x7fd6c8 in next_free ../../gcc-150221/gcc/fortran/parse.c:1316
#8 0x7fe845 in next_statement ../../gcc-150221/gcc/fortran/parse.c:1548
#9 0x80cb86 in parse_spec ../../gcc-150221/gcc/fortran/parse.c:3967
#10 0x81bef7 in parse_progunit ../../gcc-150221/gcc/fortran/parse.c:5896
#11 0x821732 in gfc_parse_file() ../../gcc-150221/gcc/fortran/parse.c:6437
#12 0xa64b7c in gfc_be_parse_file
../../gcc-150221/gcc/fortran/f95-lang.c:212
#13 0x33fa43d in compile_file ../../gcc-150221/gcc/toplev.c:457
#14 0x34097a2 in do_compile ../../gcc-150221/gcc/toplev.c:2197
#15 0x340a39f in toplev::main(int, char**)
../../gcc-150221/gcc/toplev.c:2336
#16 0x7f24cb9 in main ../../gcc-150221/gcc/main.c:39
#17 0x147bdbb291e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1)
previously allocated by thread T0 here:
#0 0x147bdca7bc47 in __interceptor_calloc
../../../../gcc-150221/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x83c3e31 in xcalloc ../../gcc-150221/libiberty/xmalloc.c:162
#2 0xa1cade in gfc_new_symtree(gfc_symtree**, char const*)
../../gcc-150221/gcc/fortran/symbol.c:2934
#3 0xa20eed in gfc_get_sym_tree(char const*, gfc_namespace*, gfc_symtree**,
bool) ../../gcc-150221/gcc/fortran/symbol.c:3384
#4 0xa21e11 in gfc_get_ha_sym_tree(char const*, gfc_symtree**)
../../gcc-150221/gcc/fortran/symbol.c:3469
#5 0x846df0 in gfc_match_rvalue(gfc_expr**)
../../gcc-150221/gcc/fortran/primary.c:3512
#6 0x7191c4 in match_primary ../../gcc-150221/gcc/fortran/matchexp.c:157
#7 0x7194a7 in match_level_1 ../../gcc-150221/gcc/fortran/matchexp.c:211
#8 0x719832 in match_mult_operand
../../gcc-150221/gcc/fortran/matchexp.c:267
#9 0x71a031 in match_add_operand
../../gcc-150221/gcc/fortran/matchexp.c:356
#10 0x71a9bd in match_level_2 ../../gcc-150221/gcc/fortran/matchexp.c:480
#11 0x71af3e in match_level_3 ../../gcc-150221/gcc/fortran/matchexp.c:551
#12 0x71b368 in match_level_4 ../../gcc-150221/gcc/fortran/matchexp.c:599
#13 0x71c2f7 in match_and_operand
../../gcc-150221/gcc/fortran/matchexp.c:693
#14 0x71c5b1 in match_or_operand
../../gcc-150221/gcc/fortran/matchexp.c:722
#15 0x71c9c2 in match_equiv_operand
../../gcc-150221/gcc/fortran/matchexp.c:765
#16 0x71cdd3 in match_level_5 ../../gcc-150221/gcc/fortran/matchexp.c:811
#17 0x71d283 in gfc_match_expr(gfc_expr**)
../../gcc-150221/gcc/fortran/matchexp.c:870
#18 0x4f8e6b in char_len_param_value
../../gcc-150221/gcc/fortran/decl.c:1072
#19 0x515d15 in gfc_match_char_spec(gfc_typespec*)
../../gcc-150221/gcc/fortran/decl.c:3431
#20 0x51f4a7 in gfc_match_decl_type_spec(gfc_typespec*, int)
../../gcc-150221/gcc/fortran/decl.c:4172
#21 0x52b904 in gfc_match_data_decl()
../../gcc-150221/gcc/fortran/decl.c:6132
#22 0x7f2b01 in match_word ../../gcc-150221/gcc/fortran/parse.c:65
#23 0x7f445d in decode_statement ../../gcc-150221/gcc/fortran/parse.c:376
#24 0x7fd6c8 in next_free ../../gcc-150221/gcc/fortran/parse.c:1316
#25 0x7fe845 in next_statement ../../gcc-150221/gcc/fortran/parse.c:1548
#26 0x80cb86 in parse_spec ../../gcc-150221/gcc/fortran/parse.c:3967
#27 0x81bef7 in parse_progunit ../../gcc-150221/gcc/fortran/parse.c:5896
#28 0x821732 in gfc_parse_file() ../../gcc-150221/gcc/fortran/parse.c:6437
#29 0xa64b7c in gfc_be_parse_file
../../gcc-150221/gcc/fortran/f95-lang.c:212
SUMMARY: AddressSanitizer: heap-use-after-free
../../gcc-150221/gcc/fortran/resolve.c:5978 in check_host_association
Shadow bytes around the buggy address:
0x0c087fff82a0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x0c087fff82b0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff82c0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff82d0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
0x0c087fff82e0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
=>0x0c087fff82f0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd[fd]
0x0c087fff8300: fa fa 00 00 00 00 00 fa fa fa fd fd fd fd fd fd
0x0c087fff8310: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fa
0x0c087fff8320: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
0x0c087fff8330: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8340: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==147959==ABORTING
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug fortran/82721] [9/10/11/12 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
` (3 preceding siblings ...)
2021-03-03 7:38 ` zeccav at gmail dot com
@ 2021-05-14 9:49 ` jakub at gcc dot gnu.org
2021-06-01 8:09 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
8 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-05-14 9:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|8.5 |9.4
--- Comment #14 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 8 branch is being closed.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug fortran/82721] [9/10/11/12 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
` (4 preceding siblings ...)
2021-05-14 9:49 ` [Bug fortran/82721] [9/10/11/12 " jakub at gcc dot gnu.org
@ 2021-06-01 8:09 ` rguenth at gcc dot gnu.org
2022-05-27 9:37 ` [Bug fortran/82721] [10/11/12/13 " rguenth at gcc dot gnu.org
` (2 subsequent siblings)
8 siblings, 0 replies; 9+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-06-01 8:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|9.4 |9.5
--- Comment #15 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 9.4 is being released, retargeting bugs to GCC 9.5.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug fortran/82721] [10/11/12/13 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
` (5 preceding siblings ...)
2021-06-01 8:09 ` rguenth at gcc dot gnu.org
@ 2022-05-27 9:37 ` rguenth at gcc dot gnu.org
2022-06-28 10:33 ` jakub at gcc dot gnu.org
2023-07-07 10:32 ` [Bug fortran/82721] [11/12/13/14 " rguenth at gcc dot gnu.org
8 siblings, 0 replies; 9+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-05-27 9:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|9.5 |10.4
--- Comment #16 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 9 branch is being closed
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug fortran/82721] [10/11/12/13 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
` (6 preceding siblings ...)
2022-05-27 9:37 ` [Bug fortran/82721] [10/11/12/13 " rguenth at gcc dot gnu.org
@ 2022-06-28 10:33 ` jakub at gcc dot gnu.org
2023-07-07 10:32 ` [Bug fortran/82721] [11/12/13/14 " rguenth at gcc dot gnu.org
8 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-06-28 10:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.4 |10.5
--- Comment #17 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 10.4 is being released, retargeting bugs to GCC 10.5.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug fortran/82721] [11/12/13/14 Regression] Error message with corrupted text, sometimes ICE
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
` (7 preceding siblings ...)
2022-06-28 10:33 ` jakub at gcc dot gnu.org
@ 2023-07-07 10:32 ` rguenth at gcc dot gnu.org
8 siblings, 0 replies; 9+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-07-07 10:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|10.5 |11.5
--- Comment #18 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 10 branch is being closed.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-07-07 10:32 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-82721-4@http.gcc.gnu.org/bugzilla/>
2020-09-23 15:25 ` [Bug fortran/82721] [8/9/10/11 Regression] Error message with corrupted text, sometimes ICE markeggleston at gcc dot gnu.org
2020-09-28 7:49 ` markeggleston at gcc dot gnu.org
2020-10-09 19:54 ` anlauf at gcc dot gnu.org
2021-03-03 7:38 ` zeccav at gmail dot com
2021-05-14 9:49 ` [Bug fortran/82721] [9/10/11/12 " jakub at gcc dot gnu.org
2021-06-01 8:09 ` rguenth at gcc dot gnu.org
2022-05-27 9:37 ` [Bug fortran/82721] [10/11/12/13 " rguenth at gcc dot gnu.org
2022-06-28 10:33 ` jakub at gcc dot gnu.org
2023-07-07 10:32 ` [Bug fortran/82721] [11/12/13/14 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).