Bug 52162 - Bogus -fcheck=bounds with realloc on assignment to unallocated LHS
Summary: Bogus -fcheck=bounds with realloc on assignment to unallocated LHS
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: fortran (show other bugs)
Version: 4.7.0
: P3 normal
Target Milestone: ---
Assignee: Paul Thomas
URL:
Keywords: wrong-code
: 58750 58861 69185 70953 79492 (view as bug list)
Depends on:
Blocks: Fortran_bounds_checking
  Show dependency treegraph
 
Reported: 2012-02-07 22:03 UTC by Dominique d'Humieres
Modified: 2018-01-13 13:56 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2012-09-22 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dominique d'Humieres 2012-02-07 22:03:06 UTC 
The test gfortran.dg/realloc_on_assign_2.f0 fails at runtime when compiled with -fcheck=bounds:

At line 57 of file /opt/gcc/work/gcc/testsuite/gfortran.dg/realloc_on_assign_2.f03
Fortran runtime error: Array bound mismatch for dimension 1 of array 'a' (10/2)

The following reduced test

    integer(4), allocatable :: a(:)
    integer(8), allocatable :: b(:)
    allocate (b(7:11))
    a = b
    if (lbound (a, 1) .ne. lbound(b, 1)) call abort
    if (ubound (a, 1) .ne. ubound(b, 1)) call abort
  end

fails with

At line 4 of file realloc_on_assign_2_red.f03
Fortran runtime error: Array bound mismatch for dimension 1 of array 'a' (0/5)

Running the executable through valgrind yields

==78996== Memcheck, a memory error detector
==78996== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==78996== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==78996== Command: a.out
==78996== 
==78996== Conditional jump or move depends on uninitialised value(s)
==78996==    at 0x1000018FC: MAIN__ (realloc_on_assign_2_red.f03:4)
==78996==    by 0x100001C94: main (realloc_on_assign_2_red.f03:7)
==78996== 
==78996== Conditional jump or move depends on uninitialised value(s)
==78996==    at 0x100001948: MAIN__ (realloc_on_assign_2_red.f03:4)
==78996==    by 0x100001C94: main (realloc_on_assign_2_red.f03:7)
==78996== 
==78996== Conditional jump or move depends on uninitialised value(s)
==78996==    at 0x100001994: MAIN__ (realloc_on_assign_2_red.f03:4)
==78996==    by 0x100001C94: main (realloc_on_assign_2_red.f03:7)
==78996== 
==78996== Conditional jump or move depends on uninitialised value(s)
==78996==    at 0x1000019DD: MAIN__ (realloc_on_assign_2_red.f03:4)
==78996==    by 0x100001C94: main (realloc_on_assign_2_red.f03:7)
==78996== 
==78996== Conditional jump or move depends on uninitialised value(s)
==78996==    at 0x100001A2C: MAIN__ (realloc_on_assign_2_red.f03:4)
==78996==    by 0x100001C94: main (realloc_on_assign_2_red.f03:7)
==78996== 
At line 4 of file realloc_on_assign_2_red.f03
Fortran runtime error: ==78996== Conditional jump or move depends on uninitialised value(s)
==78996==    at 0x10019559E: __vfprintf (in /usr/lib/libSystem.B.dylib)
==78996==    by 0x1001C95B6: vsnprintf (in /usr/lib/libSystem.B.dylib)
==78996==    by 0x100021759: _gfortrani_st_vprintf (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x7FFF5FBFE72F: ???
==78996==    by 0x7FFF5FC12DBF: ImageLoaderMachOCompressed::resolve(ImageLoader::LinkContext const&, char const*, unsigned char, int, ImageLoader const**, ImageLoaderMachOCompressed::LastLookup*) (in /usr/lib/dyld)
==78996==    by 0x7FFF5FBFE73F: ???
==78996==    by 0x7FFF5FC4049F: ??? (in /usr/lib/dyld)
==78996==    by 0x7FFF5FC43EDF: ???
==78996==    by 0x10012FF91: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x7FFF5FBFE887: ???
==78996==    by 0x10012FF99: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x10012FFC7: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996== 
==78996== Conditional jump or move depends on uninitialised value(s)
==78996==    at 0x100196D06: __vfprintf (in /usr/lib/libSystem.B.dylib)
==78996==    by 0x1001C95B6: vsnprintf (in /usr/lib/libSystem.B.dylib)
==78996==    by 0x100021759: _gfortrani_st_vprintf (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x7FFF5FBFE72F: ???
==78996==    by 0x7FFF5FC12DBF: ImageLoaderMachOCompressed::resolve(ImageLoader::LinkContext const&, char const*, unsigned char, int, ImageLoader const**, ImageLoaderMachOCompressed::LastLookup*) (in /usr/lib/dyld)
==78996==    by 0x7FFF5FBFE73F: ???
==78996==    by 0x7FFF5FC4049F: ??? (in /usr/lib/dyld)
==78996==    by 0x7FFF5FC43EDF: ???
==78996==    by 0x10012FF91: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x7FFF5FBFE887: ???
==78996==    by 0x10012FF99: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x10012FFC7: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996== 
==78996== Conditional jump or move depends on uninitialised value(s)
==78996==    at 0x1002545AD: __ultoa (in /usr/lib/libSystem.B.dylib)
==78996==    by 0x100196D76: __vfprintf (in /usr/lib/libSystem.B.dylib)
==78996==    by 0x1001C95B6: vsnprintf (in /usr/lib/libSystem.B.dylib)
==78996==    by 0x100021759: _gfortrani_st_vprintf (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x7FFF5FBFE72F: ???
==78996==    by 0x7FFF5FC12DBF: ImageLoaderMachOCompressed::resolve(ImageLoader::LinkContext const&, char const*, unsigned char, int, ImageLoader const**, ImageLoaderMachOCompressed::LastLookup*) (in /usr/lib/dyld)
==78996==    by 0x7FFF5FBFE73F: ???
==78996==    by 0x7FFF5FC4049F: ??? (in /usr/lib/dyld)
==78996==    by 0x7FFF5FC43EDF: ???
==78996==    by 0x10012FF91: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x7FFF5FBFE887: ???
==78996==    by 0x10012FF99: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996== 
==78996== Syscall param write(buf) points to uninitialised byte(s)
==78996==    at 0x10019A272: write (in /usr/lib/libSystem.B.dylib)
==78996==    by 0x100021769: _gfortrani_st_vprintf (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x6F62207961727240: ???
==78996==    by 0x6D73696D20646E74: ???
==78996==    by 0x726F662068637460: ???
==78996==    by 0x69736E656D69641F: ???
==78996==    by 0x20666F2031206E6E: ???
==78996==    by 0x6127207961727260: ???
==78996==    by 0x29352F30282026: ???
==78996==    by 0x10012FF99: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x10012FFC7: ??? (in /opt/gcc/gcc4.7w/lib/libgfortran.3.dylib)
==78996==    by 0x7FFF5FC43EDF: ???
==78996==  Address 0x7fff5fbfe703 is on thread 1's stack
==78996== 
Array bound mismatch for dimension 1 of array 'a' (0/5)
==78996== 
==78996== HEAP SUMMARY:
==78996==     in use at exit: 128 bytes in 2 blocks
==78996==   total heap usage: 18 allocs, 16 frees, 4,029 bytes allocated
==78996== 
==78996== LEAK SUMMARY:
==78996==    definitely lost: 0 bytes in 0 blocks
==78996==    indirectly lost: 0 bytes in 0 blocks
==78996==      possibly lost: 0 bytes in 0 blocks
==78996==    still reachable: 40 bytes in 1 blocks
==78996==         suppressed: 88 bytes in 1 blocks
==78996== Rerun with --leak-check=full to see details of leaked memory
==78996== 
==78996== For counts of detected and suppressed errors, rerun with: -v
==78996== Use --track-origins=yes to see where uninitialised values come from
==78996== ERROR SUMMARY: 9 errors from 9 contexts (suppressed: 0 from 0)
Comment 1 Tobias Burnus 2012-02-09 17:17:03 UTC 
    a = b

The problem is that the LHS is REAL(4) while the RHS is REAL(8). Thus, the expression is not <variable A> = <variable B> but
  <variable A> = __convert_i8_i4 (<variable B>)


But trans-array's gfc_trans_assignment_1 contains:

  if (gfc_is_reallocatable_lhs (expr1)
	&& !(expr2->expr_type == EXPR_FUNCTION
	     && expr2->value.function.isym != NULL))
    lss->is_alloc_lhs = 1;

As expr2->value.function.isym is set (expr2->value.function.isym->id == GFC_ISYM_CONVERSION), the is_alloc_lhs is not set. Hence, the bound checking code is inserted.
Comment 2 Tobias Burnus 2012-02-09 17:27:26 UTC 
(In reply to comment #1)
> As expr2->value.function.isym is set (expr2->value.function.isym->id ==
> GFC_ISYM_CONVERSION), the is_alloc_lhs is not set. Hence, the bound checking
> code is inserted.

All intrinsics, which do not call libgfortran, should be affected. For instance:
  B = tan(A)
Comment 3 Dominique d'Humieres 2012-09-22 22:29:00 UTC 
From comments #1 and #2, I assume that this PR is confirmed, so I set the status to NEW.
Comment 4 Alexis Rohou 2015-08-13 14:34:04 UTC 
I'm also affected by this bug, in gfortran 5.1.1 20150618 (Red Hat 5.1.1-4).
Comment 5 Dominique d'Humieres 2016-01-07 20:35:42 UTC 
*** Bug 69185 has been marked as a duplicate of this bug. ***
Comment 6 Dominique d'Humieres 2016-05-09 14:42:15 UTC 
*** Bug 70953 has been marked as a duplicate of this bug. ***
Comment 7 Dominique d'Humieres 2017-07-06 10:27:32 UTC 
*** Bug 79492 has been marked as a duplicate of this bug. ***
Comment 8 Paul Thomas 2017-07-08 11:44:56 UTC 
Changing the line mentioned in comment #2 to:
  if (gfc_is_reallocatable_lhs (expr1)
	&& !(expr2->expr_type == EXPR_FUNCTION
	     && expr2->value.function.isym != NULL
	     && !(expr2->value.function.isym->elemental
		  || expr2->value.function.isym->conversion)))
    lss->is_alloc_lhs = 1;

fixes the problem. This testcase now runs correctly:

! { dg-do run }
! { dg-options "-fbounds-check" }
!
! Test the fix for PR52162 in which the elemental and conversion
! intrinsics in lines 14 and 19 would cause the bounds check to fail.
!
! Contributed by Dominique d'Humieres  <dominiq@lps.ens.fr>
!
    integer(4), allocatable :: a(:)
    integer(8), allocatable :: b(:)
    real, allocatable :: c(:)
    allocate (b(7:11), source = [7_8,8_8,9_8,10_8,11_8])

    a = b ! Implicit conversion

    if (lbound (a, 1) .ne. lbound(b, 1)) call abort
    if (ubound (a, 1) .ne. ubound(b, 1)) call abort

    c = sin(real(b(9:11))/100_8) ! Elemental intrinsic

    if ((ubound(c, 1) - lbound(c, 1)) .ne. 2) call abort
    if (any (int(asin(c)*100.0) .ne. b(9:11))) call abort
    deallocate (a, b, c)
  end

I will submit as soon as the patch for PR34640 clears my tree.

Paul
Comment 9 Dominique d'Humieres 2017-07-24 18:48:25 UTC 
*** Bug 58750 has been marked as a duplicate of this bug. ***
Comment 10 Thomas Koenig 2017-07-25 10:27:07 UTC 
*** Bug 58861 has been marked as a duplicate of this bug. ***
Comment 11 Thomas Koenig 2017-07-25 10:28:45 UTC 
*** Bug 58750 has been marked as a duplicate of this bug. ***
Comment 12 Dominique d'Humieres 2017-07-29 09:49:28 UTC 
On darwin the test in comment 8 fails with -m32. The 'int(asin(c)*100.0)' should be replaced with 'nint(asin(c)*100.0)'.
Comment 13 Dominique d'Humieres 2017-10-03 12:32:18 UTC 
Anything I can do to help?
Comment 14 Paul Thomas 2018-01-13 13:53:05 UTC 
Author: pault
Date: Sat Jan 13 13:52:34 2018
New Revision: 256607

URL: https://gcc.gnu.org/viewcvs?rev=256607&root=gcc&view=rev
Log:
2018-01-13  Paul Thomas  <pault@gcc.gnu.org>

	PR fortran/52162
	* trans-expr.c (gfc_trans_scalar_assign): Flag is_alloc_lhs if
	the rhs expression is neither an elemental nor a conversion
	function.

	PR fortran/83622
	* trans-array.c (is_pointer_array): Remove unconditional return
	of false for -fopenmp.

2018-01-13  Paul Thomas  <pault@gcc.gnu.org>

	PR fortran/52162
	* gfortran.dg/bounds_check_19.f90 : New test.


Added:
    trunk/gcc/testsuite/gfortran.dg/bounds_check_19.f90
Modified:
    trunk/gcc/fortran/ChangeLog
    trunk/gcc/fortran/trans-array.c
    trunk/gcc/fortran/trans-expr.c
    trunk/gcc/testsuite/ChangeLog
Comment 15 Paul Thomas 2018-01-13 13:56:35 UTC 
Hi Dominique, Thanks for bringing this to my attention.

Fixed on trunk.

Paul