[Bug c/98630] New: Seg-fault when using a goto after condition (if)

[Bug c/98630] New: Seg-fault when using a goto after condition (if)

[k.even-mendoza at imperial dot ac.uk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

            Bug ID: 98630
           Summary: Seg-fault when using a goto after condition (if)
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: k.even-mendoza at imperial dot ac.uk
  Target Milestone: ---

The following code snippet:

unsigned b=0; 
unsigned d=0;
static unsigned g = 1;
unsigned foo (unsigned ui1, unsigned ui2 ) { return (ui2 == 0) ? (ui1) : (ui1 %
ui2); }
unsigned j() {
  {
    unsigned *k = &b;
    unsigned *m = &d;
    unsigned **n = &m;
    unsigned ***o = &n;
    if (g)
      ;
    else
    p : {
      if (foo(2, *k)) {
        ***o = 0;
        return 2;
      }
    }
  }
  goto p;
}
int main() { j(); }

When compiling with GCC-10 (gcc-10 (Ubuntu 10.2.0-5ubuntu1~20.04) 10.2.0):
> gcc-10 -w -O2 r.c -pedantic -Wall -Wextra 
> ./a.out 
> Segmentation fault (core dumped)

The program in llvm, gcc-9, gcc-8, and gcc-7 exit without any output.  
> clang-11 -w -O0 r.c -pedantic -Wall -Wextra -fsanitize=undefined
> ./a.out
> 
or:
> clang-11 -w -O2 r.c -pedantic -Wall -Wextra
> ./a.out
> 
or:
> gcc-9 -w -O2 r.c -pedantic -Wall -Wextra 
> ./a.out

[Bug tree-optimization/98630] Seg-fault when using a goto after condition (if)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|c                           |tree-optimization
     Ever confirmed|0                           |1
      Known to fail|                            |11.0
           Keywords|                            |wrong-code
   Last reconfirmed|                            |2021-01-12
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
Confirmed with -O1 on trunk.  We're losing the m initialization.

[Bug tree-optimization/98630] Seg-fault when using a goto after condition (if)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |rguenth at gcc dot gnu.org

--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
Vanishes in CCP - I'll see what happens.

[Bug tree-optimization/98630] Seg-fault when using a goto after condition (if)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |INVALID

--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
OK, so the issue is that 'm' goes out of scope before the goto p; and this
goto skips the initialization.  This means this is an invalid testcase unless
somehow C makes this well-defined.

[Bug c/98630] Seg-fault when using a goto after condition (if)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |NEW
           Assignee|rguenth at gcc dot gnu.org         |unassigned at gcc dot gnu.org
          Component|tree-optimization           |c
         Resolution|INVALID                     |---
           Keywords|wrong-code                  |diagnostic

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
And -Wall says correctly

t.c: In function ‘j’:
t.c:16:14: warning: ‘m’ is used uninitialized [-Wuninitialized]
   16 |         ***o = 0;
      |         ~~~~~^~~

but we fail to diagnose that the goto crosses the initialization.  Re-opening
for that to improve.

[Bug c/98630] Seg-fault when using a goto after condition (if)

[k.even-mendoza at imperial dot ac.uk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #5 from Karine EM <k.even-mendoza at imperial dot ac.uk> ---
This is an automatically reduced program. If GCC will give the Wuninitialized
warning I can reduce the original program again, taking it into account. 

I attached the long program in case you find it helpful. It also ends with
Seg-Fault for gcc-10 but not with gcc-7, gcc-8, gcc-9 for example. G++-10
doesn't give uninitialized warning on the long program.

[Bug c/98630] Seg-fault when using a goto after condition (if)

[k.even-mendoza at imperial dot ac.uk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #6 from Karine EM <k.even-mendoza at imperial dot ac.uk> ---
Created attachment 49945
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49945&action=edit
Original large code that caused Seg-fault in GCC-10

[Bug c/98630] Seg-fault when using a goto after condition (if)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to Karine EM from comment #6)
> Created attachment 49945 [details]
> Original large code that caused Seg-fault in GCC-10

Can you please preprocess this (so that it doesn't contain csmith.h include)?
Thanks.

[Bug c/98630] Seg-fault when using a goto after condition (if)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
For goto crossing initialization, C++ makes it a hard error and C only has a
non-default warning (not even in -W), -Wjump-misses-init included in
-Wc++-compat.
As can be seen on:
int
foo (void)
{
  goto a;
  int b = 1;
a:
  b++;
  return b;
}

int
bar (void)
{
  goto a;
  {
    int b = 1;
  a:
    b++;
    return b;
  }
}

int
baz (void)
{
  {
    int b = 1;
    if (1)
      ;
    else
      {
      a:
        b++;
        return b;
      }
  }
  goto a;
}

with g++ or gcc -Wjump-misses-init

[Bug c/98630] Seg-fault when using a goto after condition (if)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #9 from Richard Biener <rguenth at gcc dot gnu.org> ---
Given we now place CLOBBERS at scope ends even for C code (which is why we
"miscompile" the reduced testcase) doesn't it make sense to at least include
-Wjump-misses-init into -W[extra] or even -Wall?

[Bug c/98630] Seg-fault when using a goto after condition (if)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Maybe, but I think it is too late to do it now for GCC 11, it will take time
before we figure out how many projects will be affected by that.

[Bug c/98630] Seg-fault when using a goto after condition (if)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #11 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The reason why C++ has it as hard error is I think object
construction/destruction, in C the warning is for code to be portable to C++,
in plain C it is all about making sure variables are initialized, which users
can do correctly even if they cross variable initialization.
So in C there is nothing wrong per se on the crossing, just the warning can
help if -Wuninitialized or -Wmaybe-uninitialized has false negatives as in this
case.

[Bug c/98630] Seg-fault when using a goto after condition (if)

[k.even-mendoza at imperial dot ac.uk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #12 from Karine EM <k.even-mendoza at imperial dot ac.uk> ---
Yes, I could do that (comment #7). But I reduce manually the program and the
problem was indeed the scenario in comment #8 (not between functions, only
different blocks, but I assume it is pretty much the same).

If you add a new warning also to GCC at some point, it will be useful.

[Bug c/98630] Seg-fault when using a goto after condition (if)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #13 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Then -Wjump-misses-init should warn even on the unreduced testcase...

[Bug c/98630] Seg-fault when using a goto after condition (if)

[k.even-mendoza at imperial dot ac.uk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #14 from Karine EM <k.even-mendoza at imperial dot ac.uk> ---
I did compile it that way: 
> gcc-10 -w -O2 r.c -pedantic -Wall -Wextra
but got no warnings at all. Should I add any flag?
Thanks!

[Bug c/98630] Seg-fault when using a goto after condition (if)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98630

--- Comment #15 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Yes, that -Wjump-misses-init or -Wc++-compat.