Bug 63855 - [5 Regression] ICE: SIGSEGV in ipa_comdats with -fsanitize=null
Summary: [5 Regression] ICE: SIGSEGV in ipa_comdats with -fsanitize=null
Status: RESOLVED DUPLICATE of bug 61324
Alias: None
Product: gcc
Classification: Unclassified
Component: sanitizer (show other bugs)
Version: 5.0
: P3 normal
Target Milestone: 5.0
Assignee: Not yet assigned to anyone
URL:
Keywords: ice-on-valid-code
Depends on:
Blocks:
 
Reported: 2014-11-13 18:59 UTC by Zdenek Sojka
Modified: 2014-11-23 07:33 UTC (History)
5 users (show)

See Also:
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Build:
Known to work: 4.9.3
Known to fail: 5.0
Last reconfirmed: 2014-11-13 00:00:00


Attachments
reduced testcase (42 bytes, text/x-csrc)
2014-11-13 18:59 UTC, Zdenek Sojka
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Zdenek Sojka 2014-11-13 18:59:59 UTC
Created attachment 33960 [details]
reduced testcase

$ gcc -O -fkeep-inline-functions -fsanitize=null testcase.C
==22060== Invalid read of size 8
==22060==    at 0x180E214: ipa_comdats (ipa-comdats.c:340)
==22060==    by 0x180E214: (anonymous namespace)::pass_ipa_comdats::execute(function*) (ipa-comdats.c:381)
==22060==    by 0xCCBE78: execute_one_pass(opt_pass*) (passes.c:2269)
==22060==    by 0xCCCAD1: execute_ipa_pass_list(opt_pass*) (passes.c:2663)
==22060==    by 0x9B3B69: ipa_passes (cgraphunit.c:2088)
==22060==    by 0x9B3B69: symbol_table::compile() (cgraphunit.c:2172)
==22060==    by 0x9B5687: symbol_table::finalize_compilation_unit() (cgraphunit.c:2325)
==22060==    by 0x785449: cp_write_global_declarations() (decl2.c:4677)
==22060==    by 0xDC3BD3: compile_file() (toplev.c:583)
==22060==    by 0x694528: do_compile (toplev.c:2020)
==22060==    by 0x694528: toplev::main(int, char**) (toplev.c:2117)
==22060==    by 0x694B78: main (main.c:38)
==22060==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==22060== 
testcase.C:5:4: internal compiler error: Segmentation fault
 B b;
    ^
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.

Tested revisions:
r217458 - ICE
4_9 r216937 - OK
Comment 1 Marek Polacek 2014-11-13 19:43:32 UTC
Confirmed.
Comment 2 H.J. Lu 2014-11-14 00:55:39 UTC
It is caused by r213406.
Comment 3 Jakub Jelinek 2014-11-18 12:05:28 UTC
The ICE is in the ipa-comdats.c pass, on a decl that has been created by:
#4  0x000000000122e121 in make_node_stat (code=FUNCTION_DECL) at ../../gcc/tree.c:951
#5  0x000000000123c20c in build_decl_stat (loc=7698, code=FUNCTION_DECL, name=<identifier_node 0x7ffff1a0b688 _GLOBAL__sub_I_b>, 
    type=<function_type 0x7ffff188a0a8>) at ../../gcc/tree.c:4521
#6  0x00000000007b4473 in build_lang_decl_loc (loc=7698, code=FUNCTION_DECL, name=<identifier_node 0x7ffff1a0b688 _GLOBAL__sub_I_b>, 
    type=<function_type 0x7ffff188a0a8>) at ../../gcc/cp/lex.c:540
#7  0x00000000007b4446 in build_lang_decl (code=FUNCTION_DECL, name=<identifier_node 0x7ffff1a0b688 _GLOBAL__sub_I_b>, 
    type=<function_type 0x7ffff188a0a8>) at ../../gcc/cp/lex.c:529
#8  0x0000000000798cf3 in start_objects (method_type=73, initp=65535) at ../../gcc/cp/decl2.c:3319
#9  0x000000000079a388 in generate_ctor_or_dtor_function (constructor_p=true, priority=65535, locus=0x7fffffffe130) at ../../gcc/cp/decl2.c:3925
#10 0x000000000079a479 in generate_ctor_and_dtor_functions_for_priority (n=0x234b490, data=0x7fffffffe130) at ../../gcc/cp/decl2.c:3955
#11 0x00000000018d00ff in splay_tree_foreach_helper (data=0x7fffffffe130, 
    fn=0x79a42e <generate_ctor_and_dtor_functions_for_priority(splay_tree_node, void*)>, node=0x234b490) at ../../libiberty/splay-tree.c:242
#12 splay_tree_foreach (sp=<optimized out>, fn=0x79a42e <generate_ctor_and_dtor_functions_for_priority(splay_tree_node, void*)>, 
    data=0x7fffffffe130) at ../../libiberty/splay-tree.c:566
#13 0x000000000079c8b7 in cp_write_global_declarations () at ../../gcc/cp/decl2.c:4657
#14 0x0000000000f5f213 in compile_file () at ../../gcc/toplev.c:584

I don't see how the sanitizer could be at fault here, looks like an IPA bug to me instead.
Comment 4 tbsaunde 2014-11-23 07:33:07 UTC
dup of 61324

*** This bug has been marked as a duplicate of bug 61324 ***