From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id E66F93858036; Fri, 23 Oct 2020 09:31:10 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E66F93858036 From: "marxin at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/97538] ICE in during GIMPLE pass: wrestrict Date: Fri, 23 Oct 2020 09:31:10 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: ice-on-valid-code X-Bugzilla-Severity: normal X-Bugzilla-Who: marxin at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P1 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 11.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 09:31:11 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D97538 --- Comment #1 from Martin Li=C5=A1ka --- Created attachment 49428 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D49428&action=3Dedit test-case I see it also on x86_64-linux-gnu with ASAN: $ /home/marxin/Programming/gcc2/objdir/gcc/xg++ -B /home/marxin/Programming/gcc2/objdir/gcc/ utf.ii -c -O2 utf.ii: In instantiation of =E2=80=98_ForwardIterator __uninitialized_copy_a(_InputIterator, _InputIterator, _ForwardIterator, _T= p) [with _InputIterator =3D const short unsigned int*; _ForwardIterator =3D sh= ort unsigned int*; _Tp =3D _Vector_base::_Vector_impl]=E2=80=99: utf.ii:128:25: required from =E2=80=98void vector< , >::_M_range_insert(vector< , >::iterator, _ForwardIterator, _ForwardIterator, i= nt) [with _ForwardIterator =3D const short unsigned int*; =3D short int; =3D short int; vector< , >::iterator =3D __normal_iterator >]=E2=80=99 utf.ii:105:20: required from =E2=80=98void vector< , >::_M_insert_dispatch(vector< , >::iterator, _InputItera= tor, _InputIterator, int) [with _InputIterator =3D const short unsigned int*; =3D short int; =3D short = int; vector< , >::iterator =3D __normal_iterator >]=E2=80=99 utf.ii:99:23: required from =E2=80=98void vector< , >::insert(vector< , >::const_iterator, _InputIterator, _InputIterator) [with _InputIterator =3D const short unsigned int*; =3D short int; =3D short int; vector< , >::const_iterator =3D __normal_iterator >]=E2=80=99 utf.ii:150:48: required from here utf.ii:67:11: warning: address of local variable =E2=80=98__trans_tmp_25=E2= =80=99 returned [-Wreturn-local-addr] 67 | return &__trans_tmp_25; | ^~~~~~~~~~~~~~ utf.ii:65:18: note: declared here 65 | unsigned short __trans_tmp_25; | ^~~~~~~~~~~~~~ utf.ii: In instantiation of =E2=80=98_OI __copy_move_a1(_II, _II, _OI) [wit= h int =3D 0; _II =3D const short unsigned int*; _OI =3D short unsigne= d int*]=E2=80=99: utf.ii:32:28: required from =E2=80=98void __copy_move_a(_II, _II, _OI) [w= ith int _IsMove =3D 0; _II =3D const short unsigned int*; _OI =3D short unsigned in= t*]=E2=80=99 utf.ii:36:47: required from =E2=80=98void copy(_II, _II, _OI) [with _II = =3D const short unsigned int*; _OI =3D short unsigned int*]=E2=80=99 utf.ii:66:7: required from =E2=80=98_ForwardIterator __uninitialized_copy_a(_InputIterator, _InputIterator, _ForwardIterator, _T= p) [with _InputIterator =3D const short unsigned int*; _ForwardIterator =3D sh= ort unsigned int*; _Tp =3D _Vector_base::_Vector_impl]=E2=80=99 utf.ii:128:25: required from =E2=80=98void vector< , >::_M_range_insert(vector< , >::iterator, _ForwardIterator, _ForwardIterator, i= nt) [with _ForwardIterator =3D const short unsigned int*; =3D short int; =3D short int; vector< , >::iterator =3D __normal_iterator >]=E2=80=99 utf.ii:105:20: required from =E2=80=98void vector< , >::_M_insert_dispatch(vector< , >::iterator, _InputItera= tor, _InputIterator, int) [with _InputIterator =3D const short unsigned int*; =3D short int; =3D short = int; vector< , >::iterator =3D __normal_iterator >]=E2=80=99 utf.ii:99:23: required from =E2=80=98void vector< , >::insert(vector< , >::const_iterator, _InputIterator, _InputIterator) [with _InputIterator =3D const short unsigned int*; =3D short int; =3D short int; vector< , >::const_iterator =3D __normal_iterator >]=E2=80=99 utf.ii:150:48: required from here utf.ii:27:11: warning: address of local variable =E2=80=98__trans_tmp_33=E2= =80=99 returned [-Wreturn-local-addr] 27 | return &__trans_tmp_33; | ^~~~~~~~~~~~~~ utf.ii:25:18: note: declared here 25 | unsigned short __trans_tmp_33; | ^~~~~~~~~~~~~~ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D636=3D=3DERROR: AddressSanitizer: stack-buffer-overflow on address 0x= 7fffffffcb78 at pc 0x0000019f4ab8 bp 0x7fffffffc380 sp 0x7fffffffc378 READ of size 8 at 0x7fffffffcb78 thread T0 #0 0x19f4ab7 in generic_wide_int >::elt(unsigned int) const ../../gcc/wide-int.h:912 #1 0x3517131 in wide_int_to_tree_1 ../../gcc/tree.c:1532 #2 0x35189de in wide_int_to_tree(tree_node*, poly_int<1u, generic_wide_int > > const&) ../../gcc/tree.c:1724 #3 0x1596e31 in get_size_range(range_query*, tree_node*, gimple*, tree_node**, int) ../../gcc/calls.c:1382 #4 0x1d9becc in builtin_memref ../../gcc/gimple-ssa-warn-restrict.c:259 #5 0x1db412c in check_bounds_or_overlap(range_query*, gimple*, tree_nod= e*, tree_node*, tree_node*, tree_node*, bool, bool) ../../gcc/gimple-ssa-warn-restrict.c:2011 #6 0x1db3f23 in check_call ../../gcc/gimple-ssa-warn-restrict.c:1977 #7 0x1d9b20a in wrestrict_walk ../../gcc/gimple-ssa-warn-restrict.c:93 #8 0x1d9b41d in execute ../../gcc/gimple-ssa-warn-restrict.c:103 #9 0x25a938a in execute_one_pass(opt_pass*) ../../gcc/passes.c:2517 #10 0x25a9c40 in execute_pass_list_1 ../../gcc/passes.c:2605 #11 0x25a9cbb in execute_pass_list_1 ../../gcc/passes.c:2606 #12 0x25a9d5f in execute_pass_list(function*, opt_pass*) ../../gcc/passes.c:2616 #13 0x1732da9 in cgraph_node::expand() ../../gcc/cgraphunit.c:2310 #14 0x1734080 in expand_all_functions ../../gcc/cgraphunit.c:2478 #15 0x17360dd in symbol_table::compile() ../../gcc/cgraphunit.c:2842 #16 0x173691e in symbol_table::finalize_compilation_unit() ../../gcc/cgraphunit.c:3023 #17 0x29e9817 in compile_file ../../gcc/toplev.c:485 #18 0x29f2bfb in do_compile ../../gcc/toplev.c:2321 #19 0x29f345f in toplev::main(int, char**) ../../gcc/toplev.c:2460 #20 0x56db7dd in main ../../gcc/main.c:39 #21 0x7ffff6eaae09 in __libc_start_main ../csu/libc-start.c:314 #22 0x9fce19 in _start (/home/marxin/Programming/gcc2/objdir/gcc/cc1plus+0x9fce19) Address 0x7fffffffcb78 is located in stack of thread T0 at offset 1400 in f= rame #0 0x1594a65 in get_size_range(range_query*, tree_node*, gimple*, tree_node**, int) ../../gcc/calls.c:1250 This frame has 38 object(s): [48, 52) '' [64, 68) '' [80, 84) '' [96, 100) '' [112, 116) '' [128, 132) '' [144, 148) '' [160, 164) '' [176, 180) '' [192, 196) '' [208, 212) '' [224, 228) '' [240, 244) '' [256, 272) '' [288, 304) '' [320, 336) '' [352, 368) '' [384, 416) 'min' (line 1264) [448, 480) 'max' (line 1264) [512, 544) 'vr' (line 1269) [576, 608) '' [640, 672) '' [704, 736) '' [768, 800) '' [832, 864) '' [896, 928) 'maxsize' (line 1337) [960, 992) '' [1024, 1056) '' [1088, 1120) '' [1152, 1184) '' [1216, 1248) 'maxsize' (line 1347) [1280, 1312) '' [1344, 1376) '' [1408, 1440) '' <=3D=3D Memory access at offset 1400 underflow= s this variable [1472, 1504) '' [1536, 1568) '' [1600, 1632) '' [1664, 1696) '' HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow ../../gcc/wide-int.h:912 in generic_wide_int >::elt(unsigned int) con= st Shadow bytes around the buggy address: 0x10007fff7910: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 0x10007fff7920: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 0x10007fff7930: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 0x10007fff7940: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 0x10007fff7950: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 =3D>0x10007fff7960: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2[f2] 0x10007fff7970: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 0x10007fff7980: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 0x10007fff7990: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x10007fff79a0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 f8 f2 0x10007fff79b0: f8 f2 f8 f2 f8 f2 04 f2 04 f2 04 f2 04 f2 04 f2 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07=20 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc =3D=3D636=3D=3DABORTING=