38463 – [graphite] double free or corruption

Bug 38463 - [graphite] double free or corruption

Summary: [graphite] double free or corruption

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	middle-end (show other bugs)
Version:	4.4.0

Importance:	P3 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:	38431
	Show dependency tree / graph

Reported:	2008-12-09 21:09 UTC by Joost VandeVondele
Modified:	2008-12-10 22:04 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
testcase (509 bytes, text/plain) 2008-12-09 21:18 UTC, Joost VandeVondele	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joost VandeVondele 2008-12-09 21:09:40 UTC

on ps_wavelet_util.F we have

*** glibc detected *** /scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951: double free or corruption (out): 0x000000000120b9e0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2aeedf6dd21d]
/lib64/libc.so.6(cfree+0x76)[0x2aeedf6def76]
/scratch/vondele/gcc/build/lib/libcloog.so.0[0x2aeedea30501]
/scratch/vondele/gcc/build/lib/libcloog.so.0[0x2aeedea309ca]
/scratch/vondele/gcc/build/lib/libcloog.so.0[0x2aeedea31fe2]
/scratch/vondele/gcc/build/lib/libcloog.so.0(cloog_clast_create+0xd1)[0x2aeedea32a41]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0xae667d]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0xaede4b]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x7df337]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x66cb55]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x66cd41]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x66cd55]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x66cd55]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x75dafc]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x8d7ac0]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x8d967d]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x485ffa]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x70e55d]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x2aeedf68cb54]
/scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951[0x4054d9]
======= Memory map: ========
00400000-00dfa000 r-xp 00000000 08:09 1163693                            /scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951
00ff9000-00ffa000 r--p 009f9000 08:09 1163693                            /scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951
00ffa000-01086000 rw-p 009fa000 08:09 1163693                            /scratch/vondele/gcc/build/libexec/gcc/x86_64-unknown-linux-gnu/4.4.0/f951
01086000-012dd000 rw-p 01086000 00:00 0                                  [heap]
2aeede5c8000-2aeede5e4000 r-xp 00000000 08:05 1921376                    /lib64/ld-2.6.1.so
2aeede5e4000-2aeede5e5000 rw-p 2aeede5e4000 00:00 0
2aeede60e000-2aeede60f000 rw-p 2aeede60e000 00:00 0
2aeede60f000-2aeede64e000 r--p 00000000 08:05 1789813                    /usr/lib/locale/en_US.utf8/LC_CTYPE
2aeede64e000-2aeede655000 r--s 00000000 08:05 1789997                    /usr/lib64/gconv/gconv-modules.cache
2aeede655000-2aeede656000 r--p 00000000 08:05 1789788                    /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
2aeede656000-2aeede7b3000 rw-p 2aeede656000 00:00 0
2aeede7e3000-2aeede7e5000 rw-p 0001b000 08:05 1921376                    /lib64/ld-2.6.1.so
2aeede7e5000-2aeede824000 r-xp 00000000 08:05 1744446                    /usr/lib64/libgmp.so.3.4.1
2aeede824000-2aeedea23000 ---p 0003f000 08:05 1744446                    /usr/lib64/libgmp.so.3.4.1
2aeedea23000-2aeedea25000 rw-p 0003e000 08:05 1744446                    /usr/lib64/libgmp.so.3.4.1
2aeedea25000-2aeedea44000 r-xp 00000000 08:09 491570                     /scratch/vondele/gcc/build/lib/libcloog.so.0.0.0
2aeedea44000-2aeedec43000 ---p 0001f000 08:09 491570                     /scratch/vondele/gcc/build/lib/libcloog.so.0.0.0
2aeedec43000-2aeedec44000 r--p 0001e000 08:09 491570                     /scratch/vondele/gcc/build/lib/libcloog.so.0.0.0
2aeedec44000-2aeedec45000 rw-p 0001f000 08:09 491570                     /scratch/vondele/gcc/build/lib/libcloog.so.0.0.0
2aeedec45000-2aeedec47000 rw-p 2aeedec45000 00:00 0
2aeedec47000-2aeedefa2000 r-xp 00000000 08:09 491565                     /scratch/vondele/gcc/build/lib/libppl_c.so.2.0.0
2aeedefa2000-2aeedf1a2000 ---p 0035b000 08:09 491565                     /scratch/vondele/gcc/build/lib/libppl_c.so.2.0.0
2aeedf1a2000-2aeedf1a3000 r--p 0035b000 08:09 491565                     /scratch/vondele/gcc/build/lib/libppl_c.so.2.0.0
2aeedf1a3000-2aeedf1a7000 rw-p 0035c000 08:09 491565                     /scratch/vondele/gcc/build/lib/libppl_c.so.2.0.0
2ae
Program received signal SIGABRT, Aborted.
0x00002aeedf69fb45 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00002aeedf69fb45 in raise () from /lib64/libc.so.6
#1  0x00002aeedf6a10e0 in abort () from /lib64/libc.so.6
#2  0x00002aeedf6d7fbb in ?? () from /lib64/libc.so.6
#3  0x00002aeedf6dd21d in ?? () from /lib64/libc.so.6
#4  0x00002aeedf6def76 in free () from /lib64/libc.so.6
#5  0x00002aeedea30501 in clast_bound_from_constraint (matrix=0x1283850, line_num=<value optimized out>, level=1, names=0x127e6e0)
    at source/ppl/clast.c:688
#6  0x00002aeedea309ca in clast_minmax (matrix=0x1283850, level=4, max=1, guard=0, infos=0x1245fe0) at source/ppl/clast.c:831
#7  0x00002aeedea31fe2 in insert_loop (loop=0x1283c00, level=1, scalar=0, next=0x7fffcc4dd7a0, infos=0x1245fe0)
    at source/ppl/clast.c:922
#8  0x00002aeedea32a41 in cloog_clast_create (program=0x1255ce0, options=<value optimized out>) at source/ppl/clast.c:1518
#9  0x0000000000ae667d in find_transform (scop=0x127c040) at /scratch/vondele/gcc/graphite/gcc/graphite.c:4238
#10 0x0000000000aede4b in graphite_transform_loops () at /scratch/vondele/gcc/graphite/gcc/graphite.c:5382
#11 0x00000000007df337 in graphite_transforms () at /scratch/vondele/gcc/graphite/gcc/tree-ssa-loop.c:298
#12 0x000000000066cb55 in execute_one_pass (pass=0x10827e0) at /scratch/vondele/gcc/graphite/gcc/passes.c:1279
#13 0x000000000066cd41 in execute_pass_list (pass=0x10827e0) at /scratch/vondele/gcc/graphite/gcc/passes.c:1328
#14 0x000000000066cd55 in execute_pass_list (pass=0x1082540) at /scratch/vondele/gcc/graphite/gcc/passes.c:1329
#15 0x000000000066cd55 in execute_pass_list (pass=0x1081a00) at /scratch/vondele/gcc/graphite/gcc/passes.c:1329
#16 0x000000000075dafc in tree_rest_of_compilation (fndecl=0x2aeede773e00) at /scratch/vondele/gcc/graphite/gcc/tree-optimize.c:418
#17 0x00000000008d7ac0 in cgraph_expand_function (node=0x2aeee015c100) at /scratch/vondele/gcc/graphite/gcc/cgraphunit.c:1038
#18 0x00000000008d967d in cgraph_optimize () at /scratch/vondele/gcc/graphite/gcc/cgraphunit.c:1097
#19 0x0000000000485ffa in gfc_be_parse_file (set_yydebug=<value optimized out>)
    at /scratch/vondele/gcc/graphite/gcc/fortran/f95-lang.c:240
#20 0x000000000070e55d in toplev_main (argc=<value optimized out>, argv=0x0) at /scratch/vondele/gcc/graphite/gcc/toplev.c:968
#21 0x00002aeedf68cb54 in __libc_start_main () from /lib64/libc.so.6
#22 0x00000000004054d9 in _start ()

will try to reduce ...

Comment 1 Joost VandeVondele 2008-12-09 21:12:37 UTC

note that this trace also goes via cloog_clast_create so that might be a dup of PR38459

Comment 2 Joost VandeVondele 2008-12-09 21:18:18 UTC

Created attachment 16865 [details]
testcase

reduced.
at least, graphite tends to fail on code that is easy to reduce.

Comment 3 Tobias Grosser 2008-12-10 17:39:40 UTC

Hi, I can not reproduce this Bug on FreeBSD. May be it is just not detected.

Can you try with current graphite branch to see it was a duplicate of Bug38459. Otherwise I will have to try it on Linux with valgrind again.

Comment 4 Joost VandeVondele 2008-12-10 22:04:20 UTC

(In reply to comment #3)
> Hi, I can not reproduce this Bug on FreeBSD. May be it is just not detected.
> 
> Can you try with current graphite branch to see it was a duplicate of Bug3845384599.
> Otherwise I will have to try it on Linux with valgrind again.
> 

I think it is a dup of PR38459, since it is gone after updating to the current graphite branch. Great! I'm closing it as fixed.