Bug 105230 - [9/10/11/12/13 Regression] ICE in find_array_section, at fortran/expr.cc:1634
Summary: [9/10/11/12/13 Regression] ICE in find_array_section, at fortran/expr.cc:1634
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: fortran (show other bugs)
Version: 12.0
: P4 normal
Target Milestone: 9.5
Assignee: Not yet assigned to anyone
URL:
Keywords: ice-on-invalid-code
Depends on:
Blocks:
 
Reported: 2022-04-11 16:57 UTC by G. Steinmetz
Modified: 2022-05-16 20:07 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2022-04-11 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description G. Steinmetz 2022-04-11 16:57:28 UTC
Started with r8 :


$ cat z1.f90
program p
   integer, parameter :: a(:) = [1, 2]
   print *, reshape([3, 4], a(1:2))
end


$ cat z2.f90
program p
   integer, parameter :: a(:) = [1, 2]
   print *, reshape(a, a(1:2))
end


$ cat z3.f90
program p
   integer, parameter :: a(:) = [1, 2]
   print *, reshape(a(1:2), a(1:2))
end


$ gfortran-12-20220410 -c z1.f90
z1.f90:2:29:

    2 |    integer, parameter :: a(:) = [1, 2]
      |                             1
Error: Parameter array 'a' at (1) cannot be automatic or of deferred shape
f951: internal compiler error: Segmentation fault
0xe7751f crash_signal
        ../../gcc/toplev.cc:322
0x736956 find_array_section
        ../../gcc/fortran/expr.cc:1634
0x73868a simplify_const_ref
        ../../gcc/fortran/expr.cc:1934
0x7391be gfc_simplify_expr(gfc_expr*, int)
        ../../gcc/fortran/expr.cc:2325
0x73942b simplify_parameter_variable
        ../../gcc/fortran/expr.cc:2154
0x739155 gfc_simplify_expr(gfc_expr*, int)
        ../../gcc/fortran/expr.cc:2292
0x70a47d gfc_check_reshape(gfc_expr*, gfc_expr*, gfc_expr*, gfc_expr*)
        ../../gcc/fortran/check.cc:4723
0x74b359 do_check
        ../../gcc/fortran/intrinsic.cc:4792
0x74b359 check_specific
        ../../gcc/fortran/intrinsic.cc:4805
0x7533e4 gfc_intrinsic_func_interface(gfc_expr*, int)
        ../../gcc/fortran/intrinsic.cc:5042
0x7a7cf8 resolve_unknown_f
        ../../gcc/fortran/resolve.cc:2990
0x7a7cf8 resolve_function
        ../../gcc/fortran/resolve.cc:3347
0x7a7cf8 gfc_resolve_expr(gfc_expr*)
        ../../gcc/fortran/resolve.cc:7187
0x7adeb4 gfc_resolve_expr(gfc_expr*)
        ../../gcc/fortran/resolve.cc:7154
0x7adeb4 gfc_resolve_code(gfc_code*, gfc_namespace*)
        ../../gcc/fortran/resolve.cc:11949
0x7aca8f gfc_resolve_blocks(gfc_code*, gfc_namespace*)
        ../../gcc/fortran/resolve.cc:10965
0x7acde8 gfc_resolve_code(gfc_code*, gfc_namespace*)
        ../../gcc/fortran/resolve.cc:11939
0x7afac7 resolve_codes
        ../../gcc/fortran/resolve.cc:17567
0x7afb8e gfc_resolve(gfc_namespace*)
        ../../gcc/fortran/resolve.cc:17602
0x797b14 resolve_all_program_units
        ../../gcc/fortran/parse.cc:6604
Comment 1 kargl 2022-04-11 17:47:37 UTC
Started with 22015e77d3e4.

I cannot work out the logic here in expr.cc:1595-1603


	  if ((begin && begin->expr_type != EXPR_CONSTANT)
	      || (finish && finish->expr_type != EXPR_CONSTANT)
	      || (step && step->expr_type != EXPR_CONSTANT)
	      || (!begin && !lower)
	      || (!finish && !upper))
	    {
	      t = false;
	      goto cleanup;
	    }

upper is NULL and later in 1634 it is dereferenced.  This patch fixes
the problem, but the above logic likely needs fixing.

diff --git a/gcc/fortran/expr.cc b/gcc/fortran/expr.cc
index 86d61fed302..4fcdf009b4b 100644
--- a/gcc/fortran/expr.cc
+++ b/gcc/fortran/expr.cc
@@ -1630,6 +1630,11 @@ find_array_section (gfc_expr *expr, gfc_ref *ref)
 	  if (ref->u.ar.dimen_type[d] == DIMEN_ELEMENT)
 	    mpz_set (end [d], begin->value.integer);
 
+	  if (!upper || !lower)
+	    {
+	      t = false;
+	      goto cleanup;
+	    }
 	  /* Check the bounds.  */
 	  if (mpz_cmp (ctr[d], upper->value.integer) > 0
 	      || mpz_cmp (end[d], upper->value.integer) > 0
Comment 2 anlauf 2022-05-10 19:02:45 UTC
(In reply to kargl from comment #1)
> Started with 22015e77d3e4.

No, it didn't start with that commit.  That commit missed the present situation.
The ICE is pre-existing.

> upper is NULL and later in 1634 it is dereferenced.  This patch fixes
> the problem, but the above logic likely needs fixing.

That's right.  Shorter fix:

diff --git a/gcc/fortran/expr.cc b/gcc/fortran/expr.cc
index 86d61fed302..be94c18c836 100644
--- a/gcc/fortran/expr.cc
+++ b/gcc/fortran/expr.cc
@@ -1595,8 +1595,8 @@ find_array_section (gfc_expr *expr, gfc_ref *ref)
          if ((begin && begin->expr_type != EXPR_CONSTANT)
              || (finish && finish->expr_type != EXPR_CONSTANT)
              || (step && step->expr_type != EXPR_CONSTANT)
-             || (!begin && !lower)
-             || (!finish && !upper))
+             || !lower
+             || !upper)
            {
              t = false;
              goto cleanup;
Comment 3 CVS Commits 2022-05-11 17:44:41 UTC
The master branch has been updated by Harald Anlauf <anlauf@gcc.gnu.org>:

https://gcc.gnu.org/g:0acdbe29f66017fc5cca40dcbd72a0dd41491d07

commit r13-330-g0acdbe29f66017fc5cca40dcbd72a0dd41491d07
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Tue May 10 23:41:57 2022 +0200

    Fortran: fix error recovery on invalid array section
    
    gcc/fortran/ChangeLog:
    
            PR fortran/105230
            * expr.cc (find_array_section): Correct logic to avoid NULL
            pointer dereference on invalid array section.
    
    gcc/testsuite/ChangeLog:
    
            PR fortran/105230
            * gfortran.dg/pr105230.f90: New test.
    
    Co-authored-by: Steven G. Kargl <kargl@gcc.gnu.org>
Comment 4 CVS Commits 2022-05-13 19:35:52 UTC
The releases/gcc-12 branch has been updated by Harald Anlauf <anlauf@gcc.gnu.org>:

https://gcc.gnu.org/g:0b9bdcf6857b48bb7a147a9778963c942ecb2dd9

commit r12-8375-g0b9bdcf6857b48bb7a147a9778963c942ecb2dd9
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Tue May 10 23:41:57 2022 +0200

    Fortran: fix error recovery on invalid array section
    
    gcc/fortran/ChangeLog:
    
            PR fortran/105230
            * expr.cc (find_array_section): Correct logic to avoid NULL
            pointer dereference on invalid array section.
    
    gcc/testsuite/ChangeLog:
    
            PR fortran/105230
            * gfortran.dg/pr105230.f90: New test.
    
    Co-authored-by: Steven G. Kargl <kargl@gcc.gnu.org>
    (cherry picked from commit 0acdbe29f66017fc5cca40dcbd72a0dd41491d07)
Comment 5 CVS Commits 2022-05-16 19:11:55 UTC
The releases/gcc-11 branch has been updated by Harald Anlauf <anlauf@gcc.gnu.org>:

https://gcc.gnu.org/g:34c60e5e776d29ae6eb9e2e94af1c67666ec1caa

commit r11-10007-g34c60e5e776d29ae6eb9e2e94af1c67666ec1caa
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Tue May 10 23:41:57 2022 +0200

    Fortran: fix error recovery on invalid array section
    
    gcc/fortran/ChangeLog:
    
            PR fortran/105230
            * expr.c (find_array_section): Correct logic to avoid NULL
            pointer dereference on invalid array section.
    
    gcc/testsuite/ChangeLog:
    
            PR fortran/105230
            * gfortran.dg/pr105230.f90: New test.
    
    Co-authored-by: Steven G. Kargl <kargl@gcc.gnu.org>
    (cherry picked from commit 0acdbe29f66017fc5cca40dcbd72a0dd41491d07)
Comment 6 CVS Commits 2022-05-16 19:40:11 UTC
The releases/gcc-10 branch has been updated by Harald Anlauf <anlauf@gcc.gnu.org>:

https://gcc.gnu.org/g:bbcff39a4c1004ef55c6a6330408a9fe8c258d01

commit r10-10748-gbbcff39a4c1004ef55c6a6330408a9fe8c258d01
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Tue May 10 23:41:57 2022 +0200

    Fortran: fix error recovery on invalid array section
    
    gcc/fortran/ChangeLog:
    
            PR fortran/105230
            * expr.c (find_array_section): Correct logic to avoid NULL
            pointer dereference on invalid array section.
    
    gcc/testsuite/ChangeLog:
    
            PR fortran/105230
            * gfortran.dg/pr105230.f90: New test.
    
    Co-authored-by: Steven G. Kargl <kargl@gcc.gnu.org>
    (cherry picked from commit 0acdbe29f66017fc5cca40dcbd72a0dd41491d07)
Comment 7 CVS Commits 2022-05-16 20:05:48 UTC
The releases/gcc-9 branch has been updated by Harald Anlauf <anlauf@gcc.gnu.org>:

https://gcc.gnu.org/g:a9717558aaaa340352c832413343cef71f588eaf

commit r9-10188-ga9717558aaaa340352c832413343cef71f588eaf
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Tue May 10 23:41:57 2022 +0200

    Fortran: fix error recovery on invalid array section
    
    gcc/fortran/ChangeLog:
    
            PR fortran/105230
            * expr.c (find_array_section): Correct logic to avoid NULL
            pointer dereference on invalid array section.
    
    gcc/testsuite/ChangeLog:
    
            PR fortran/105230
            * gfortran.dg/pr105230.f90: New test.
    
    Co-authored-by: Steven G. Kargl <kargl@gcc.gnu.org>
    (cherry picked from commit 0acdbe29f66017fc5cca40dcbd72a0dd41491d07)
Comment 8 anlauf 2022-05-16 20:07:07 UTC
Fixed on all open branches.