58207 – [4.7/4.8/4.9 Regression] ICE in sort_constexpr_mem_initializers due to out of bounds vector access

Bug 58207 - [4.7/4.8/4.9 Regression] ICE in sort_constexpr_mem_initializers due to out of bounds vector access

Summary: [4.7/4.8/4.9 Regression] ICE in sort_constexpr_mem_initializers due to out of...

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	c++ (show other bugs)
Version:	unknown

Importance:	P5 normal
Target Milestone:	4.9.0
Assignee:	Not yet assigned to anyone

URL:
Keywords:	error-recovery, ice-on-invalid-code

Depends on:
Blocks:	constexpr
	Show dependency tree / graph

Reported:	2013-08-20 21:59 UTC by Trevor Saunders
Modified:	2014-04-04 20:12 UTC (History)
CC List:	3 users (show)

See Also:
Host:
Target:
Build:
Known to work:	4.5.0, 4.6.0, 4.7.0, 4.7.1, 4.7.2
Known to fail:	4.7.3, 4.8.0, 4.9.0
Last reconfirmed:	2013-08-20 00:00:00

Attachments
preprocessed and somewhat reduced test case (86.26 KB, text/x-c++src) 2013-08-20 21:59 UTC, Trevor Saunders	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Trevor Saunders 2013-08-20 21:59:19 UTC

Created attachment 30680 [details]
preprocessed and somewhat reduced test case

The attached test case causes an ICE after errors with xg++ (GCC) 4.9.0 20130817 (experimental) as well as with g++ 4.8.0 but not with g++ 4.7.2

#0  diagnostic_report_diagnostic (context=0x1823300 <global_diagnostic_context>, diagnostic=diagnostic@entry=0x7fffffffda00) at ../../gcc/gcc/diagnostic.c:757
        location = 3464477
        orig_diag_kind = DK_ICE
        saved_format_spec = <optimized out>
#1  0x0000000000ffbf80 in internal_error (gmsgid=gmsgid@entry=0x13e2d6b "in %s, at %s:%d") at ../../gcc/gcc/diagnostic.c:1127
        diagnostic = {message = {format_spec = 0x13e2d6b "in %s, at %s:%d", args_ptr = 0x7fffffffd9e8, err_no = 2, locus = 0x7ffff6974093 <__GI___libc_malloc+99>, x_data = 0x0}, location = 3464477, override_column = 0,
          x_data = 0x0, kind = DK_ICE, option_index = 0}
        ap = {{gp_offset = 8, fp_offset = 48, overflow_arg_area = 0x7fffffffdb00, reg_save_area = 0x7fffffffda40}}
        __FUNCTION__ = "internal_error"
#2  0x0000000000ffa7f4 in fancy_abort (file=file@entry=0x109f4c0 "../../gcc/gcc/vec.h", line=line@entry=827, function=function@entry=0x10cf8a0 <_ZZN3vecI17constructor_elt_d5va_gc8vl_embedEixEjE12__FUNCTION__> "operator[]")
    at ../../gcc/gcc/diagnostic.c:1181
No locals.
#3  0x00000000006be2b8 in vec<constructor_elt_d, va_gc, vl_embed>::operator[] (ix=0, this=<optimized out>) at ../../gcc/gcc/vec.h:827
No locals.
#4  0x00000000006d6427 in operator[] (ix=<optimized out>, this=<optimized out>) at ../../gcc/gcc/tree.h:4111
No locals.
#5  build_constexpr_constructor_member_initializers (body=<optimized out>, type=0x7ffff5337bd0) at ../../gcc/gcc/cp/semantics.c:6207
        vec = 0x7ffff5376e58
        ok = <optimized out>
#6  massage_constexpr_body (fun=fun@entry=0x7ffff53c5300, body=body@entry=0x7ffff53bbb10) at ../../gcc/gcc/cp/semantics.c:6280
        __FUNCTION__ = "massage_constexpr_body"
#7  0x00000000006ddbb4 in register_constexpr_fundef (fun=fun@entry=0x7ffff53c5300, body=0x7ffff53bbb10) at ../../gcc/gcc/cp/semantics.c:6384
        entry = {decl = 0x7ffff53c5300, body = 0x2}
        slot = <optimized out>
        __FUNCTION__ = "register_constexpr_fundef"
#8  0x000000000057c058 in maybe_save_function_definition (fun=<optimized out>) at ../../gcc/gcc/cp/decl.c:13761
No locals.
#9  finish_function (flags=flags@entry=3) at ../../gcc/gcc/cp/decl.c:13882
        fndecl = 0x7ffff53c5300
        fntype = 0x7ffff53c6000
        ctype = 0x0
        __FUNCTION__ = "finish_function"
        inclass_inline = 1
#10 0x00000000006643be in cp_parser_function_definition_after_declarator (parser=parser@entry=0x7ffff68d40b0, inline_p=inline_p@entry=true) at ../../gcc/gcc/cp/parser.c:22275
        fn = <optimized out>
        ctor_initializer_p = true
        saved_in_unbraced_linkage_specification_p = false
        saved_in_function_body = false
        saved_num_template_parameter_lists = 0
#11 0x000000000064a09d in cp_parser_late_parsing_for_member (member_function=<optimized out>, parser=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:22921
        function_scope = 0x0
        tokens = 0x7ffff538cbc0
#12 cp_parser_class_specifier_1 (parser=parser@entry=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:19014
        decl = <optimized out>
        pushed_scope = <optimized out>
        e = <optimized out>
        class_type = <optimized out>
        ix = 3
        nested_name_specifier_p = <optimized out>
        saved_num_template_parameter_lists = <optimized out>
        saved_in_function_body = <optimized out>
        saved_in_unbraced_linkage_specification_p = <optimized out>
        scope = <optimized out>
        type = <optimized out>
        in_switch_statement_p = <optimized out>
        __FUNCTION__ = "cp_parser_class_specifier_1"
        attributes = <optimized out>
        in_statement = <optimized out>
        old_scope = <optimized out>
        closing_brace = <optimized out>
#13 0x000000000064c211 in cp_parser_class_specifier (parser=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:19038
        ret = <optimized out>
#14 cp_parser_type_specifier (parser=parser@entry=0x7ffff68d40b0, flags=flags@entry=1, decl_specs=decl_specs@entry=0x7fffffffdf00, is_declaration=is_declaration@entry=true,
    declares_class_or_enum=declares_class_or_enum@entry=0x7fffffffde7c, is_cv_qualifier=is_cv_qualifier@entry=0x7fffffffde7b) at ../../gcc/gcc/cp/parser.c:14040
        type_spec = 0x0
        keyword = <optimized out>
        ds = ds_last
#15 0x00000000006616ca in cp_parser_decl_specifier_seq (parser=parser@entry=0x7ffff68d40b0, flags=flags@entry=1, decl_specs=decl_specs@entry=0x7fffffffdf00, declares_class_or_enum=declares_class_or_enum@entry=0x7fffffffdefc)
    at ../../gcc/gcc/cp/parser.c:11283
        decl_spec_declares_class_or_enum = 0
        is_cv_qualifier = false
        type_spec = <optimized out>
        found_decl_spec = true
        __FUNCTION__ = "cp_parser_decl_specifier_seq"
        constructor_possible_p = <optimized out>
        start_token = <optimized out>
        ds = ds_last
#16 0x00000000006651aa in cp_parser_simple_declaration (parser=parser@entry=0x7ffff68d40b0, function_definition_allowed_p=function_definition_allowed_p@entry=true, maybe_range_for_decl=maybe_range_for_decl@entry=0x0)
    at ../../gcc/gcc/cp/parser.c:10873
        decl_specifiers = {locations = {0 <repeats 22 times>}, type = 0x0, attributes = 0x0, std_attributes = 0x0, redefined_builtin_type = 0x0, storage_class = sc_none, type_definition_p = 0, multiple_types_p = 0,
          conflicting_specifiers_p = 0, any_specifiers_p = 0, any_type_specifiers_p = 0, explicit_int_p = 0, explicit_int128_p = 0, explicit_char_p = 0, gnu_thread_keyword_p = 0}
        declares_class_or_enum = 0
        saw_declarator = <optimized out>
        __FUNCTION__ = "cp_parser_simple_declaration"
#17 0x00000000006671b1 in cp_parser_block_declaration (parser=0x7ffff68d40b0, statement_p=<optimized out>) at ../../gcc/gcc/cp/parser.c:10822
        statement_p = <optimized out>
        parser = 0x7ffff68d40b0
#18 0x000000000067022c in cp_parser_declaration (parser=parser@entry=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:10719
        token1 = <optimized out>
        saved_pedantic = 0
        token2 = <optimized out>
        p = 0x18dba00
        attributes = <optimized out>
#19 0x000000000066eefe in cp_parser_declaration_seq_opt (parser=parser@entry=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:10605
No locals.
#20 0x000000000066f111 in cp_parser_namespace_body (parser=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:15528
No locals.
#21 cp_parser_namespace_definition (parser=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:15509
        attribs = 0x0
        __FUNCTION__ = "cp_parser_namespace_definition"
        identifier = 0x7ffff6875058
        has_visibility = false
        is_inline = false
#22 0x000000000067019e in cp_parser_declaration (parser=parser@entry=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:10707
        token1 = {type = <optimized out>, keyword = RID_NAMESPACE, flags = <optimized out>, pragma_kind = <optimized out>, implicit_extern_c = <optimized out>, ambiguous_p = <optimized out>, purged_p = <optimized out>,
          location = <optimized out>, u = {tree_check_value = <optimized out>, value = <optimized out>}}
        saved_pedantic = 0
        token2 = {type = CPP_NAME, keyword = RID_MAX, flags = <optimized out>, pragma_kind = <optimized out>, implicit_extern_c = <optimized out>, ambiguous_p = <optimized out>, purged_p = <optimized out>,
          location = <optimized out>, u = {tree_check_value = <optimized out>, value = <optimized out>}}
        p = 0x18dba00
        attributes = 0x0
#23 0x000000000066eefe in cp_parser_declaration_seq_opt (parser=parser@entry=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:10605
No locals.
#24 0x00000000006707b3 in cp_parser_translation_unit (parser=0x7ffff68d40b0) at ../../gcc/gcc/cp/parser.c:3930
        success = <optimized out>
        declarator_obstack_base = 0x18dba00
#25 c_parse_file () at ../../gcc/gcc/cp/parser.c:28829
        already_called = true
#26 0x0000000000784375 in c_common_parse_file () at ../../gcc/gcc/c-family/c-opts.c:1046
        i = 0
#27 0x0000000000af5c26 in compile_file () at ../../gcc/gcc/toplev.c:546
No locals.
#28 0x0000000000af7a38 in do_compile () at ../../gcc/gcc/toplev.c:1878
No locals.
#29 toplev_main (argc=3, argv=0x7fffffffe2b8) at ../../gcc/gcc/toplev.c:1954
No locals.

Comment 1 Paolo Carlini 2013-08-20 22:36:15 UTC

Confirmed.

Comment 2 Jakub Jelinek 2013-09-09 11:24:16 UTC

Reduced testcase:

struct A
{
  virtual bool foo ();
};
struct B : public A
{
  constexpr B () : A (&::n) {}
};

Comment 3 Jakub Jelinek 2013-09-09 12:31:28 UTC

Started with r195986.
Another testcase that ICEs:
struct C
{
  virtual bool foo ();
};
struct D : public C
{
  constexpr D () : C (6) {}
};

Changing sort_constexpr_mem_initializers to stop searching at the end of vector and in that case just assert errorcount > 0 and return v unmodified fixes those ICEs, though it is kind of ugly.

Comment 4 Volker Reichelt 2013-10-09 20:34:22 UTC

It's actually a regression in GCC 4.7.3.

Comment 5 Paolo Carlini 2014-04-04 18:00:41 UTC

Mine.

Comment 6 paolo@gcc.gnu.org 2014-04-04 20:12:19 UTC

Author: paolo
Date: Fri Apr  4 20:11:47 2014
New Revision: 209128

URL: http://gcc.gnu.org/viewcvs?rev=209128&root=gcc&view=rev
Log:
/cp
2014-04-04  Paolo Carlini  <paolo.carlini@oracle.com>

	PR c++/58207
	* semantics.c (sort_constexpr_mem_initializers): Robustify loop.

/testsuite
2014-04-04  Paolo Carlini  <paolo.carlini@oracle.com>

	PR c++/58207
	* g++.dg/cpp0x/constexpr-ice15.C: New.

Added:
    trunk/gcc/testsuite/g++.dg/cpp0x/constexpr-ice15.C
Modified:
    trunk/gcc/cp/ChangeLog
    trunk/gcc/cp/semantics.c
    trunk/gcc/testsuite/ChangeLog

Comment 7 Paolo Carlini 2014-04-04 20:12:51 UTC

Fixed for 4.9.0.