This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug sanitizer/60557] UBSAN: ICE after ubsan_expand_null_ifn

From: "dominiq at lps dot ens.fr" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Mon, 17 Mar 2014 22:50:05 +0000
Subject: [Bug sanitizer/60557] UBSAN: ICE after ubsan_expand_null_ifn
Auto-submitted: auto-generated
References: <bug-60557-4 at http dot gcc dot gnu dot org/bugzilla/>

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60557

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2014-03-17
     Ever confirmed|0                           |1

--- Comment #3 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Confirmed. Debugging with lldb gives

* thread #1: tid = 0x1c9cf56, 0x00000001005c3ba4
f951`gimple_build_call(fn=0x0000000000000000, nargs=2) + 36 at gimple.c:249,
queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1,
address=0x0)
    frame #0: 0x00000001005c3ba4 f951`gimple_build_call(fn=0x0000000000000000,
nargs=2) + 36 at gimple.c:249
   246       gimple call;
   247       unsigned i;
   248     
-> 249       gcc_assert (TREE_CODE (fn) == FUNCTION_DECL || is_gimple_call_addr
(fn));
   250     
   251       call = gimple_build_call_1 (fn, nargs);
   252     
(lldb) bt
* thread #1: tid = 0x1c9cf56, 0x00000001005c3ba4
f951`gimple_build_call(fn=0x0000000000000000, nargs=2) + 36 at gimple.c:249,
queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1,
address=0x0)
  * frame #0: 0x00000001005c3ba4 f951`gimple_build_call(fn=0x0000000000000000,
nargs=2) + 36 at gimple.c:249
    frame #1: 0x0000000100888bdf
f951`ubsan_expand_null_ifn(gsi=gimple_stmt_iterator at 0x00007fff5fbff280) +
447 at ubsan.c:590
    frame #2: 0x000000010087b110 f951`execute(this=<unavailable>) + 304 at
asan.c:2587

I get a similar ICE for this simpler test

DO i=1,10
END DO
END

However the backtrace is different

* thread #1: tid = 0x1c9cb1a, 0x00000001003c03e1
f951`build_call_expr_loc_array(unsigned int, tree_node*, int, tree_node**)
[inlined] contains_struct_check(__g=<unavailable>, __l=0, __f=<unavailable>,
__s=TS_BASE, __t=0x0000000000000000) at tree.h:2822, queue =
'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x00000001003c03e1 f951`build_call_expr_loc_array(unsigned int,
tree_node*, int, tree_node**) [inlined]
contains_struct_check(__g=<unavailable>, __l=0, __f=<unavailable>, __s=TS_BASE,
__t=0x0000000000000000) at tree.h:2822
   2819    contains_struct_check (tree __t, const enum tree_node_structure_enum
__s,
   2820                           const char *__f, int __l, const char *__g)
   2821    {
-> 2822      if (tree_contains_struct[TREE_CODE (__t)][__s] != 1)
   2823          tree_contains_struct_check_failed (__t, __s, __f, __l, __g);
   2824      return __t;
   2825    }
(lldb) bt
* thread #1: tid = 0x1c9cb1a, 0x00000001003c03e1
f951`build_call_expr_loc_array(unsigned int, tree_node*, int, tree_node**)
[inlined] contains_struct_check(__g=<unavailable>, __l=0, __f=<unavailable>,
__s=TS_BASE, __t=0x0000000000000000) at tree.h:2822, queue =
'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x00000001003c03e1 f951`build_call_expr_loc_array(unsigned int,
tree_node*, int, tree_node**) [inlined]
contains_struct_check(__g=<unavailable>, __l=0, __f=<unavailable>, __s=TS_BASE,
__t=0x0000000000000000) at tree.h:2822
    frame #1: 0x00000001003c03e1 f951`build_call_expr_loc_array(loc=2147483651,
fndecl=0x0000000000000000, n=3, argarray=0x00007fff5fbfefc0) + 17
    frame #2: 0x00000001003c199c f951`build_call_expr_loc(loc=<unavailable>,
fndecl=<unavailable>, n=<unavailable>) + 172 at builtins.c:11292
    frame #3: 0x0000000100676e5a
f951`ubsan_expand_si_overflow_addsub_check(code=PLUS_EXPR,
stmt=0x0000000142d49688) + 794 at internal-fn.c:297
    frame #4: 0x00000001003fdc63
f951`expand_gimple_stmt(stmt=0x0000000142d49688) + 4083 at cfgexpand.c:2190
    frame #5: 0x00000001003ff408
f951`expand_gimple_basic_block(bb=<unavailable>,
disable_tail_calls=<unavailable>) + 2776 at cfgexpand.c:5152
    frame #6: 0x0000000100400f37 f951`execute + 2345 at cfgexpand.c:5731
    frame #7: 0x000000010040060e f951`execute(this=<unavailable>) + 14
    frame #8: 0x000000010079a78a f951`execute_one_pass(pass=0x0000000141e127c0)
+ 986 at passes.c:2229
    frame #9: 0x000000010079aa9e
f951`execute_pass_list(pass=0x0000000141e127c0) + 30 at passes.c:2282
    frame #10: 0x0000000100425f6b f951`expand_function(node=0x0000000142c09e18)
+ 235 at cgraphunit.c:1774
    frame #11: 0x00000001004287ad f951`compile() + 3341 at cgraphunit.c:2006
    frame #12: 0x0000000100428be6 f951`finalize_compilation_unit() + 102 at
cgraphunit.c:2329
    frame #13: 0x00000001006f5f0e f951`write_global_declarations() + 222 at
langhooks.c:323
    frame #14: 0x00000001008665a7 f951`compile_file + 167 at toplev.c:562
    frame #15: 0x0000000100868a44 f951`toplev_main(argc=3,
argv=0x00007fff5fbff4a0) + 3284 at toplev.c:1914

I have seen several ICEs with different fortran tests, but a few passed, e.g.,

[Book15] f90/bug% cat prec.f90
    integer,parameter :: k = selected_real_kind (precision (0.0_8) + 1)
    real(kind=k) :: x
    x = cos (x)
        print *, precision(x)
    end
[Book15] f90/bug% gfc prec.f90 -fsanitize=undefined
[Book15] f90/bug% a.out 
          18

References:
- [Bug sanitizer/60557] New: UBSAN: ICE after ubsan_expand_null_ifn
  - From: burnus at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]