This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]
[Bug fortran/65173] ICE while compiling wrong code

From: "dominiq at lps dot ens.fr" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Wed, 09 Nov 2016 16:52:55 +0000
Subject: [Bug fortran/65173] ICE while compiling wrong code
Auto-submitted: auto-generated
References: <bug-65173-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65173

--- Comment #7 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Compiling the test in comment 0 with and instrumented gfortran I get

pr65173.f90:7:45:

      real*8, dimension(256), allocatable :: x
                                             1
Error: Allocatable component of structure at (1) must have a deferred shape
pr65173.f90:8:52:

      real*8, dimension(2,256), allocatable :: bounds
                                                    1
Error: Allocatable component of structure at (1) must have a deferred shape
pr65173.f90:9:67:

      character(string_length), dimension(256), allocatable :: names
                                                                   1
Error: Allocatable component of structure at (1) must have a deferred shape
pr65173.f90:13:28:

     character(*), dimension(), parameter :: char_params =
['element','parametrization']
                            1
Error: Expected expression in array specification at (1)
=================================================================
==23996==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400000bf10
at pc 0x0001002a2d95 bp 0x7fff5fbfe830 sp 0x7fff5fbfe828
READ of size 8 at 0x60400000bf10 thread T0
    #0 0x1002a2d94 in resolve_component(gfc_component*, gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a2d94)
    #1 0x1002a5440 in resolve_fl_derived0(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a5440)
    #2 0x1002a61bd in resolve_fl_derived(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a61bd)
    #3 0x1002966c8 in resolve_symbol(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002966c8)
    #4 0x10032dacc in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*))
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10032dacc)
    #5 0x100345881 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100345881)
    #6 0x1002d51ed in resolve_types(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002d51ed)
    #7 0x100293315 in gfc_resolve(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100293315)
    #8 0x100223cdc in resolve_all_program_units(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100223cdc)
    #9 0x10023e38e in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e38e)
    #10 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)
    #11 0x103bf0124 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124)
    #12 0x103bf92ee in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee)
    #13 0x10568dc2f in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f)
    #14 0x105692be5 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5)
    #15 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
    #16 0xd 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)

0x60400000bf10 is located 0 bytes inside of 48-byte region
[0x60400000bf10,0x60400000bf40)
freed by thread T0 here:
    #0 0x15078e690 in wrap_free.part.0
(/opt/gcc/gcc7a/lib/libasan.3.dylib+0x53690)
    #1 0x1003446ba in gfc_free_charlen(gfc_charlen*, gfc_charlen*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003446ba)
    #2 0x10022400d in reject_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10022400d)
    #3 0x100224373 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224373)
    #4 0x1002322bd in decode_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002322bd)
    #5 0x10023427b in next_free()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023427b)
    #6 0x100234af9 in next_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100234af9)
    #7 0x10023679d in parse_derived()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023679d)
    #8 0x100238b9b in parse_spec(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100238b9b)
    #9 0x10023c78b in parse_progunit(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023c78b)
    #10 0x10023e350 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e350)
    #11 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)
    #12 0x103bf0124 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124)
    #13 0x103bf92ee in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee)
    #14 0x10568dc2f in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f)
    #15 0x105692be5 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5)
    #16 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
    #17 0xd 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)

previously allocated by thread T0 here:
    #0 0x15078da49 in wrap_calloc (/opt/gcc/gcc7a/lib/libasan.3.dylib+0x52a49)
    #1 0x1054f169b in xcalloc
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1054f169b)
    #2 0x100342918 in gfc_new_charlen(gfc_namespace*, gfc_charlen*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100342918)
    #3 0x100091190 in gfc_match_char_spec(gfc_typespec*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100091190)
    #4 0x1000a25d8 in gfc_match_decl_type_spec(gfc_typespec*, int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000a25d8)
    #5 0x1000adef4 in gfc_match_data_decl()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000adef4)
    #6 0x100224306 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224306)
    #7 0x1002322bd in decode_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002322bd)
    #8 0x10023427b in next_free()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023427b)
    #9 0x100234af9 in next_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100234af9)
    #10 0x10023679d in parse_derived()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023679d)
    #11 0x100238b9b in parse_spec(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100238b9b)
    #12 0x10023c78b in parse_progunit(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023c78b)
    #13 0x10023e350 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e350)
    #19 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
    #20 0xd 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)

SUMMARY: AddressSanitizer: heap-use-after-free
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a2d94)
in resolve_component(gfc_component*, gfc_symbol*)
Shadow bytes around the buggy address:
  0x1c0800001790: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x1c08000017a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
  0x1c08000017b0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c08000017c0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c08000017d0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
=>0x1c08000017e0: fa fa[fd]fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x1c08000017f0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c0800001800: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c0800001810: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x1c0800001820: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x1c0800001830: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==23996==ABORTING
f951: internal compiler error: Abort trap: 6
gfcg: internal compiler error: Abort trap: 6 (program f951)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]