From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 494AA385780A; Mon, 12 Oct 2020 08:40:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 494AA385780A From: "marxin at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/97379] New: [11 Regression] Invalid read of size 8 at outgoing_range::calc_switch_ranges(gswitch*) (gimple-range-edge.cc:140) Date: Mon, 12 Oct 2020 08:40:27 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 10.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: marxin at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc blocked target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Oct 2020 08:40:27 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D97379 Bug ID: 97379 Summary: [11 Regression] Invalid read of size 8 at outgoing_range::calc_switch_ranges(gswitch*) (gimple-range-edge.cc:140) Product: gcc Version: 10.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: marxin at gcc dot gnu.org CC: aldyh at gcc dot gnu.org, amacleod at redhat dot com Blocks: 63426 Target Milestone: --- Created attachment 49349 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D49349&action=3Dedit test-case The following fails: $ valgrind --trace-children=3Dyes gcc -Os -c ice.i =3D=3D2675=3D=3D Memcheck, a memory error detector =3D=3D2675=3D=3D Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward e= t al. =3D=3D2675=3D=3D Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyri= ght info =3D=3D2675=3D=3D Command: gcc -Os -c ice.i =3D=3D2675=3D=3D=20 =3D=3D2676=3D=3D Memcheck, a memory error detector =3D=3D2676=3D=3D Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward e= t al. =3D=3D2676=3D=3D Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyri= ght info =3D=3D2676=3D=3D Command: /home/marxin/bin/gcc/lib/gcc/x86_64-pc-linux-gnu/= 11.0.0/cc1 -fpreprocessed ice.i -quiet -dumpbase ice.i -dumpbase-ext .i -mtune=3Dgener= ic -march=3Dx86-64 -Os -o /tmp/ccmBgOCr.s =3D=3D2676=3D=3D=20 =3D=3D2676=3D=3D Invalid read of size 8 =3D=3D2676=3D=3D at 0x187853C: outgoing_range::calc_switch_ranges(gswitc= h*) (gimple-range-edge.cc:140) =3D=3D2676=3D=3D by 0x1878A70: outgoing_range::get_edge_range(irange&, g= imple*, edge_def*) (gimple-range-edge.cc:91) =3D=3D2676=3D=3D by 0x1878DB0: outgoing_range::edge_range_p(irange&, edg= e_def*) (gimple-range-edge.cc:193) =3D=3D2676=3D=3D by 0x1868C65: gori_compute::outgoing_edge_range_p(irang= e&, edge_def*, tree_node*) (gimple-range-gori.cc:995) =3D=3D2676=3D=3D by 0x1864E4E: ranger_cache::iterative_cache_update(tree= _node*) (gimple-range-cache.cc:636) =3D=3D2676=3D=3D by 0x186533A: ranger_cache::fill_block_cache(tree_node*, basic_block_def*, basic_block_def*) (gimple-range-cache.cc:808) =3D=3D2676=3D=3D by 0x1865ADD: ranger_cache::block_range(irange&, basic_= block_def*, tree_node*, bool) (gimple-range-cache.cc:589) =3D=3D2676=3D=3D by 0x185E941: gimple_ranger::range_on_entry(irange&, basic_block_def*, tree_node*) (gimple-range.cc:909) =3D=3D2676=3D=3D by 0x185F057: gimple_ranger::range_of_expr(irange&, tre= e_node*, gimple*) (gimple-range.cc:880) =3D=3D2676=3D=3D by 0x185FB2B: gimple_ranger::range_of_non_trivial_assignment(irange&, gimple*) [clone .part.0] (gimple-range.cc:448) =3D=3D2676=3D=3D by 0x186039D: range_of_non_trivial_assignment (gimple-r= ange.cc:428) =3D=3D2676=3D=3D by 0x186039D: gimple_ranger::range_of_range_op(irange&,= gimple*) (gimple-range.cc:415) =3D=3D2676=3D=3D by 0x186253F: gimple_ranger::calc_stmt(irange&, gimple*, tree_node*) (gimple-range.cc:369) =3D=3D2676=3D=3D Address 0x5ba5268 is 200 bytes inside a block of size 2,0= 32 free'd =3D=3D2676=3D=3D at 0x483A9AB: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D2676=3D=3D by 0x18791DA: hash_table, irange*> >::hash_entr= y, false, xcallocator>::find_slot_with_hash(edge_def* const&, unsigned int, insert_option) (hash-table.h:964) =3D=3D2676=3D=3D by 0x18785C6: get_or_insert (hash-map.h:195) =3D=3D2676=3D=3D by 0x18785C6: outgoing_range::calc_switch_ranges(gswitc= h*) (gimple-range-edge.cc:145) =3D=3D2676=3D=3D by 0x1878A70: outgoing_range::get_edge_range(irange&, g= imple*, edge_def*) (gimple-range-edge.cc:91) =3D=3D2676=3D=3D by 0x1878DB0: outgoing_range::edge_range_p(irange&, edg= e_def*) (gimple-range-edge.cc:193) =3D=3D2676=3D=3D by 0x1868C65: gori_compute::outgoing_edge_range_p(irang= e&, edge_def*, tree_node*) (gimple-range-gori.cc:995) =3D=3D2676=3D=3D by 0x1864E4E: ranger_cache::iterative_cache_update(tree= _node*) (gimple-range-cache.cc:636) =3D=3D2676=3D=3D by 0x186533A: ranger_cache::fill_block_cache(tree_node*, basic_block_def*, basic_block_def*) (gimple-range-cache.cc:808) =3D=3D2676=3D=3D by 0x1865ADD: ranger_cache::block_range(irange&, basic_= block_def*, tree_node*, bool) (gimple-range-cache.cc:589) =3D=3D2676=3D=3D by 0x185E941: gimple_ranger::range_on_entry(irange&, basic_block_def*, tree_node*) (gimple-range.cc:909) =3D=3D2676=3D=3D by 0x185F057: gimple_ranger::range_of_expr(irange&, tre= e_node*, gimple*) (gimple-range.cc:880) =3D=3D2676=3D=3D by 0x185FB2B: gimple_ranger::range_of_non_trivial_assignment(irange&, gimple*) [clone .part.0] (gimple-range.cc:448) =3D=3D2676=3D=3D Block was alloc'd at =3D=3D2676=3D=3D at 0x483BB65: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D2676=3D=3D by 0x1918134: xcalloc (xmalloc.c:162) =3D=3D2676=3D=3D by 0x1878CE0: data_alloc (hash-table.h:275) =3D=3D2676=3D=3D by 0x1878CE0: alloc_entries (hash-table.h:711) =3D=3D2676=3D=3D by 0x1878CE0: hash_table (hash-table.h:628) =3D=3D2676=3D=3D by 0x1878CE0: hash_map (hash-map.h:139) =3D=3D2676=3D=3D by 0x1878CE0: outgoing_range::get_edge_range(irange&, g= imple*, edge_def*) (gimple-range-edge.cc:86) =3D=3D2676=3D=3D by 0x1878DB0: outgoing_range::edge_range_p(irange&, edg= e_def*) (gimple-range-edge.cc:193) =3D=3D2676=3D=3D by 0x1868C65: gori_compute::outgoing_edge_range_p(irang= e&, edge_def*, tree_node*) (gimple-range-gori.cc:995) =3D=3D2676=3D=3D by 0x1864E4E: ranger_cache::iterative_cache_update(tree= _node*) (gimple-range-cache.cc:636) =3D=3D2676=3D=3D by 0x186533A: ranger_cache::fill_block_cache(tree_node*, basic_block_def*, basic_block_def*) (gimple-range-cache.cc:808) =3D=3D2676=3D=3D by 0x1865ADD: ranger_cache::block_range(irange&, basic_= block_def*, tree_node*, bool) (gimple-range-cache.cc:589) =3D=3D2676=3D=3D by 0x185E941: gimple_ranger::range_on_entry(irange&, basic_block_def*, tree_node*) (gimple-range.cc:909) =3D=3D2676=3D=3D by 0x185F057: gimple_ranger::range_of_expr(irange&, tre= e_node*, gimple*) (gimple-range.cc:880) =3D=3D2676=3D=3D by 0x185FB2B: gimple_ranger::range_of_non_trivial_assignment(irange&, gimple*) [clone .part.0] (gimple-range.cc:448) =3D=3D2676=3D=3D by 0x186039D: range_of_non_trivial_assignment (gimple-r= ange.cc:428) =3D=3D2676=3D=3D by 0x186039D: gimple_ranger::range_of_range_op(irange&,= gimple*) (gimple-range.cc:415) Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D63426 [Bug 63426] [meta-bug] Issues found with -fsanitize=3Dundefined=