This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/65177] [5 Regression]: extend jump thread for finite state automata causes miscompilation
- From: "trippels at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Mon, 23 Feb 2015 15:37:07 +0000
- Subject: [Bug tree-optimization/65177] [5 Regression]: extend jump thread for finite state automata causes miscompilation
- Auto-submitted: auto-generated
- References: <bug-65177-4 at http dot gcc dot gnu dot org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65177
Markus Trippelsdorf <trippels at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |trippels at gcc dot gnu.org
--- Comment #1 from Markus Trippelsdorf <trippels at gcc dot gnu.org> ---
-fsanitize=address shows:
markus@x4 impl_sse % ./optacc_utest
=================================================================
==25254==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61b00001f160 at pc 0x00000040e8a0 bp 0x7ffe6daa1620 sp 0x7ffe6daa1618
READ of size 4 at 0x61b00001f160 thread T0
#0 0x40e89f in select_m
/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:267
#1 0x40e89f in p7_GOATrace
/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:218
#2 0x405d19 in utest_optacc optacc.c:659
#3 0x406281 in main optacc.c:801
#4 0x7f671f71e6cf in __libc_start_main (/lib/libc.so.6+0x206cf)
#5 0x402448 in _start
(/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/impl_sse/optacc_utest+0x402448)
0x61b00001f160 is located 32 bytes to the left of 1440-byte region
[0x61b00001f180,0x61b00001f720)
allocated by thread T0 here:
#0 0x7f671ffaf502 in malloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/5.0.0/libasan.so.2+0x9c502)
#1 0x41c667 in p7_profile_Create
/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/p7_profile.c:68
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/markus/hmmer-3.1b1-linux-intel-x86_64/src/generic_optacc.c:267 select_m
Shadow bytes around the buggy address:
0x0c367fffbdd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c367fffbde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c367fffbdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c367fffbe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c367fffbe10: 00 07 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c367fffbe20: fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa
0x0c367fffbe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c367fffbe40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c367fffbe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c367fffbe60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c367fffbe70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==25254==ABORTING
valgrind:
markus@x4 impl_sse % valgrind ./optacc_utest
==32064== Memcheck, a memory error detector
==32064== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==32064== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==32064== Command: ./optacc_utest
==32064==
==32064== Invalid read of size 4
==32064== at 0x406851: select_m (generic_optacc.c:267)
==32064== by 0x406851: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x525c610 is 32 bytes before a block of size 1,440 in arena
"client"
==32064==
==32064== Invalid read of size 4
==32064== at 0x40689B: select_m (generic_optacc.c:268)
==32064== by 0x40689B: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x525c614 is 28 bytes before a block of size 1,440 in arena
"client"
==32064==
==32064== Invalid read of size 4
==32064== at 0x4068D1: select_m (generic_optacc.c:269)
==32064== by 0x4068D1: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x525c618 is 24 bytes before a block of size 1,440 alloc'd
==32064== at 0x4028C70: malloc (vg_replace_malloc.c:296)
==32064== by 0x40C05D: p7_profile_Create (p7_profile.c:68)
==32064== by 0x416DAD: p7_oprofile_Sample (p7_oprofile.c:1579)
==32064== by 0x402FCC: utest_optacc (optacc.c:621)
==32064== by 0x40369C: main (optacc.c:801)
==32064==
==32064== Invalid read of size 4
==32064== at 0x4068FF: select_m (generic_optacc.c:270)
==32064== by 0x4068FF: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x525c61c is 20 bytes before a block of size 1,440 alloc'd
==32064== at 0x4028C70: malloc (vg_replace_malloc.c:296)
==32064== by 0x40C05D: p7_profile_Create (p7_profile.c:68)
==32064== by 0x416DAD: p7_oprofile_Sample (p7_oprofile.c:1579)
==32064== by 0x402FCC: utest_optacc (optacc.c:621)
==32064== by 0x40369C: main (optacc.c:801)
==32064==
==32064== Invalid read of size 4
==32064== at 0x406877: select_m (generic_optacc.c:267)
==32064== by 0x406877: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x5275954 is 12 bytes after a block of size 440 alloc'd
==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064== by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179)
==32064== by 0x4030A1: utest_optacc (optacc.c:627)
==32064== by 0x40369C: main (optacc.c:801)
==32064==
==32064== Invalid read of size 4
==32064== at 0x4068AD: select_m (generic_optacc.c:268)
==32064== by 0x4068AD: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x5275958 is 16 bytes after a block of size 440 alloc'd
==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064== by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179)
==32064== by 0x4030A1: utest_optacc (optacc.c:627)
==32064== by 0x40369C: main (optacc.c:801)
==32064==
==32064== Invalid read of size 4
==32064== at 0x4068E3: select_m (generic_optacc.c:269)
==32064== by 0x4068E3: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x527595c is 20 bytes after a block of size 440 alloc'd
==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064== by 0x411B2C: p7_omx_GrowTo (p7_omx.c:179)
==32064== by 0x4030A1: utest_optacc (optacc.c:627)
==32064== by 0x40369C: main (optacc.c:801)
==32064==
==32064== Invalid read of size 4
==32064== at 0x406E57: p7_GOATrace (generic_optacc.c:231)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x527d6c4 is 12 bytes after a block of size 440 alloc'd
==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064== by 0x4082FA: p7_gmx_GrowTo (p7_gmx.c:123)
==32064== by 0x4030C5: utest_optacc (optacc.c:628)
==32064== by 0x40369C: main (optacc.c:801)
==32064==
==32064== Invalid read of size 8
==32064== at 0x406874: select_m (generic_optacc.c:267)
==32064== by 0x406874: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== Address 0x527d4f8 is 8 bytes before a block of size 440 alloc'd
==32064== at 0x402B23E: realloc (vg_replace_malloc.c:692)
==32064== by 0x4082FA: p7_gmx_GrowTo (p7_gmx.c:123)
==32064== by 0x4030C5: utest_optacc (optacc.c:628)
==32064== by 0x40369C: main (optacc.c:801)
==32064==
==32064==
==32064== Process terminating with default action of signal 11 (SIGSEGV)
==32064== Access not within mapped region at address 0xFFFFFFFFFFFFFFB8
==32064== at 0x406877: select_m (generic_optacc.c:267)
==32064== by 0x406877: p7_GOATrace (generic_optacc.c:218)
==32064== by 0x4032B8: utest_optacc (optacc.c:659)
==32064== by 0x40369C: main (optacc.c:801)
==32064== If you believe this happened as a result of a stack
==32064== overflow in your program's main thread (unlikely but
==32064== possible), you can try to increase the size of the
==32064== main thread stack using the --main-stacksize= flag.
==32064== The main thread stack size used in this run was 8388608.