Bug 103229 - gcc/gimple-range-cache.cc:654:10: runtime error: null pointer passed as argument 1, which is declared to never be null
Summary: gcc/gimple-range-cache.cc:654:10: runtime error: null pointer passed as argum...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 12.0
: P1 normal
Target Milestone: 12.0
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks: ubsan
  Show dependency treegraph
 
Reported: 2021-11-14 08:51 UTC by Martin Liška
Modified: 2021-11-14 13:15 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail: 12.0
Last reconfirmed: 2021-11-14 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Liška 2021-11-14 08:51:04 UTC 
One can see the following UBSAN error:

$ cat memset.c
int main() {
  int i;
  for (; i;)
    ;

  return 0;
}

$ /dev/shm/objdir2/gcc/xgcc -B/dev/shm/objdir2/gcc/ memset.c -O
/home/marxin/Programming/gcc/gcc/gimple-range-cache.cc:654:10: runtime error: null pointer passed as argument 1, which is declared to never be null
    #0 0x6a9cec7 in ssa_global_cache::clear() /home/marxin/Programming/gcc/gcc/gimple-range-cache.cc:654
    #1 0x2e270ee in path_range_query::compute_ranges_in_phis(basic_block_def*) /home/marxin/Programming/gcc/gcc/gimple-range-path.cc:359
    #2 0x2e2796e in path_range_query::compute_ranges_in_block(basic_block_def*) /home/marxin/Programming/gcc/gcc/gimple-range-path.cc:404
    #3 0x2e29c62 in path_range_query::compute_ranges(vec<basic_block_def*, va_heap, vl_ptr> const&, bitmap_head const*) /home/marxin/Programming/gcc/gcc/gimple-range-path.cc:603
    #4 0x303814e in back_threader::find_taken_edge_cond(vec<basic_block_def*, va_heap, vl_ptr> const&, gcond*) /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:315
    #5 0x3037a9d in back_threader::find_taken_edge(vec<basic_block_def*, va_heap, vl_ptr> const&) /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:272
    #6 0x3037356 in back_threader::maybe_register_path() /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:228
    #7 0x30393b9 in back_threader::find_paths_to_names(basic_block_def*, bitmap_head*) /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:415
    #8 0x3039927 in back_threader::find_paths_to_names(basic_block_def*, bitmap_head*) /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:455
    #9 0x3039fbf in back_threader::find_paths(basic_block_def*, tree_node*) /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:489
    #10 0x303a138 in back_threader::maybe_thread_block(basic_block_def*) /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:534
    #11 0x303c5f6 in back_threader::thread_blocks() /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:897
    #12 0x303cb83 in execute /home/marxin/Programming/gcc/gcc/tree-ssa-threadbackward.c:971
    #13 0x22f94dc in execute_one_pass(opt_pass*) /home/marxin/Programming/gcc/gcc/passes.c:2567
    #14 0x22f9fd8 in execute_pass_list_1 /home/marxin/Programming/gcc/gcc/passes.c:2656
    #15 0x22fa0a1 in execute_pass_list_1 /home/marxin/Programming/gcc/gcc/passes.c:2657
    #16 0x22fa15b in execute_pass_list(function*, opt_pass*) /home/marxin/Programming/gcc/gcc/passes.c:2667
    #17 0x22f375b in do_per_function_toporder(void (*)(function*, void*), void*) /home/marxin/Programming/gcc/gcc/passes.c:1773
    #18 0x22fccec in execute_ipa_pass_list(opt_pass*) /home/marxin/Programming/gcc/gcc/passes.c:3001
    #19 0x1263839 in ipa_passes /home/marxin/Programming/gcc/gcc/cgraphunit.c:2154
    #20 0x1264914 in symbol_table::compile() /home/marxin/Programming/gcc/gcc/cgraphunit.c:2289
    #21 0x12659a8 in symbol_table::finalize_compilation_unit() /home/marxin/Programming/gcc/gcc/cgraphunit.c:2537
    #22 0x27e2c6d in compile_file /home/marxin/Programming/gcc/gcc/toplev.c:479
    #23 0x27ed0de in do_compile /home/marxin/Programming/gcc/gcc/toplev.c:2156
    #24 0x27edb59 in toplev::main(int, char**) /home/marxin/Programming/gcc/gcc/toplev.c:2308
    #25 0x72610e3 in main /home/marxin/Programming/gcc/gcc/main.c:39
    #26 0x7ffff6f1453f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #27 0x7ffff6f145eb in __libc_start_main_impl ../csu/libc-start.c:409
    #28 0xaf8ec4 in _start (/dev/shm/objdir2/gcc/cc1+0xaf8ec4)
Comment 1 Aldy Hernandez 2021-11-14 10:15:06 UTC 
Untested, but if someone wants to test and commit, feel free.

diff --git a/gcc/gimple-range-cache.cc b/gcc/gimple-range-cache.cc
index a63e20e7e49..b347edeb474 100644
--- a/gcc/gimple-range-cache.cc
+++ b/gcc/gimple-range-cache.cc
@@ -651,7 +651,8 @@ ssa_global_cache::clear_global_range (tree name)
 void
 ssa_global_cache::clear ()
 {
-  memset (m_tab.address(), 0, m_tab.length () * sizeof (irange *));
+  if (m_tab.address ())
+    memset (m_tab.address(), 0, m_tab.length () * sizeof (irange *));
 }
 
 // Dump the contents of the global cache to F.
Comment 2 Aldy Hernandez 2021-11-14 10:28:45 UTC 
(In reply to Aldy Hernandez from comment #1)
> Untested, but if someone wants to test and commit, feel free.

Nevermind, I'll pass it through the gauntlet and commit.
Comment 3 GCC Commits 2021-11-14 13:15:17 UTC 
The master branch has been updated by Aldy Hernandez <aldyh@gcc.gnu.org>:

https://gcc.gnu.org/g:a7ef5da3a9c348c35abb72d6f64f209f5661cfa4

commit r12-5242-ga7ef5da3a9c348c35abb72d6f64f209f5661cfa4
Author: Aldy Hernandez <aldyh@redhat.com>
Date:   Sun Nov 14 11:27:32 2021 +0100

    Do not pass NULL to memset in ssa_global_cache.
    
    The code computing ranges in PHIs in the path solver reuses the
    temporary ssa_global_cache by calling its clear method.  Calling it on
    an empty cache causes us to call memset with NULL.
    
    Tested on x86-64 Linux.
    
    gcc/ChangeLog:
    
            PR tree-optimization/103229
            * gimple-range-cache.cc (ssa_global_cache::clear): Do not pass
            null value to memset.
    
    gcc/testsuite/ChangeLog:
    
            * gcc.dg/pr103229.c: New test.
Comment 4 Aldy Hernandez 2021-11-14 13:15:34 UTC 
fixed