Bug 82367 - ICE with deferred length string allocate on non-deferred length argument
Summary: ICE with deferred length string allocate on non-deferred length argument
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: fortran (show other bugs)
Version: 5.4.0
: P4 normal
Target Milestone: 6.5
Assignee: kargls
URL:
Keywords: ice-on-invalid-code
Depends on:
Blocks: 68241
  Show dependency treegraph
 
Reported: 2017-09-29 21:02 UTC by Walter Spector
Modified: 2018-01-10 23:56 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2017-09-29 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Walter Spector 2017-09-29 21:02:53 UTC 
Incorrect code caused a ICE:

wws@w6ws-4:/tmp$ cat cls.f90
module cls_allocmod
  implicit none

contains

 subroutine cls_alloc (n, str)
    integer,  intent(in) :: n
    character(*), allocatable, intent(out) :: str
!  Note: Star ^ should have been a colon (:)

    allocate (character(n)::str)

  end subroutine

end module

program cls
  use cls_allocmod
  implicit none

  character(:), allocatable :: string

  call cls_alloc (42, string)
  print *, 'string len =', len(string)

end program
wws@w6ws-4:/tmp$ 

Gfortran 5.4 produces an ICE.  So do older versions (e.g., 4.8 on one of my other machines.):

wws@w6ws-4:/tmp$ gfortran --version
GNU Fortran (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609
Copyright (C) 2015 Free Software Foundation, Inc.

GNU Fortran comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of GNU Fortran
under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYING

wws@w6ws-4:/tmp$ gfortran cls.f90
f951: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <file:///usr/share/doc/gcc-5/README.Bugs> for instructions.
wws@w6ws-4:/tmp$ 

The trunk as of a couple of days ago also produces an ICE - this time with a compiler traceback:

wws@w6ws-4:/tmp$ /usr/local/gcc-trunk/bin/gfortran --version
GNU Fortran (GCC) 8.0.0 20170927 (experimental)
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

wws@w6ws-4:/tmp$ /usr/local/gcc-trunk/bin/gfortran cls.f90
f951: internal compiler error: Segmentation fault
0xc906cf crash_signal
	../../gcc-trunk/gcc/toplev.c:326
0x727af8 gfc_dep_compare_expr(gfc_expr*, gfc_expr*)
	../../gcc-trunk/gcc/fortran/dependency.c:321
0x6fe687 resolve_allocate_expr
	../../gcc-trunk/gcc/fortran/resolve.c:7391
0x6fe687 resolve_allocate_deallocate
	../../gcc-trunk/gcc/fortran/resolve.c:7782
0x70067a gfc_resolve_code(gfc_code*, gfc_namespace*)
	../../gcc-trunk/gcc/fortran/resolve.c:11212
0x701c02 resolve_codes
	../../gcc-trunk/gcc/fortran/resolve.c:16236
0x701b07 resolve_codes
	../../gcc-trunk/gcc/fortran/resolve.c:16221
0x701d06 gfc_resolve(gfc_namespace*)
	../../gcc-trunk/gcc/fortran/resolve.c:16271
0x6eb54c gfc_parse_file()
	../../gcc-trunk/gcc/fortran/parse.c:6217
0x7313af gfc_be_parse_file
	../../gcc-trunk/gcc/fortran/f95-lang.c:204
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
wws@w6ws-4:/tmp$
Comment 1 Walter Spector 2017-09-29 21:05:30 UTC 
PGI and NAG both catch this error.  I can try Intel if needed.
Comment 2 Dominique d'Humieres 2017-09-29 21:39:28 UTC 
ICE confirmed from 4.8 up to trunk.

Compiling the test with my instrumented gfortran gives

../../work/gcc/fortran/dependency.c:321:11: runtime error: member access within null pointer of type 'struct gfc_expr'
ASAN:DEADLYSIGNAL
=================================================================
==15952==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0001003d484b bp 0x7fff5fbfe4b0 sp 0x7fff5fbfe490 T0)
==15952==The signal is caused by a READ memory access.
==15952==Hint: address points to the zero page.
    #0 0x1003d484a in gfc_dep_compare_expr(gfc_expr*, gfc_expr*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003d484a)
    #1 0x100337829 in resolve_allocate_expr(gfc_expr*, gfc_code*, bool*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100337829)
    #2 0x10033f34d in resolve_allocate_deallocate(gfc_code*, char const*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10033f34d)
    #3 0x1003535ee in gfc_resolve_code(gfc_code*, gfc_namespace*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003535ee)
    #4 0x100355d83 in resolve_codes(gfc_namespace*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100355d83)
    #5 0x100355b2b in resolve_codes(gfc_namespace*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100355b2b)
    #6 0x1002f42e1 in gfc_resolve(gfc_namespace*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002f42e1)
    #7 0x10029a2bf in gfc_parse_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10029a2bf)
    #8 0x1003f14f2 in gfc_be_parse_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003f14f2)
    #9 0x1045a4bac in compile_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045a4bac)
    #10 0x1045ad7fe in do_compile() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045ad7fe)
    #11 0x10651f30d in toplev::main(int, char**) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10651f30d)
    #12 0x1065249ce in main (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1065249ce)
    #13 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003d484a) in gfc_dep_compare_expr(gfc_expr*, gfc_expr*)
8820864)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
f951: internal compiler error: Abort trap: 6
Comment 3 kargls 2017-09-29 22:47:36 UTC 
% svn diff resolve.c 
Index: resolve.c
===================================================================
--- resolve.c   (revision 253236)
+++ resolve.c   (working copy)
@@ -7387,8 +7387,14 @@ resolve_allocate_expr (gfc_expr *e, gfc_code *code, bo
   if (code->ext.alloc.ts.type == BT_CHARACTER && !e->ts.deferred
       && !UNLIMITED_POLY (e))
     {
-      int cmp = gfc_dep_compare_expr (e->ts.u.cl->length,
-                                     code->ext.alloc.ts.u.cl->length);
+      int cmp;
+
+      if (!e->ts.u.cl->length)
+       goto failure;
+
+      cmp = gfc_dep_compare_expr (e->ts.u.cl->length,
+                                 code->ext.alloc.ts.u.cl->length);
+
       if (cmp == 1 || cmp == -1 || cmp == -3)
        {
          gfc_error ("Allocating %s at %L with type-spec requires the same "
Comment 4 Thomas Koenig 2017-12-01 18:09:13 UTC 
(In reply to kargl from comment #3)
> % svn diff resolve.c 
> Index: resolve.c
> ===================================================================
> --- resolve.c   (revision 253236)
> +++ resolve.c   (working copy)
> @@ -7387,8 +7387,14 @@ resolve_allocate_expr (gfc_expr *e, gfc_code *code, bo
>    if (code->ext.alloc.ts.type == BT_CHARACTER && !e->ts.deferred
>        && !UNLIMITED_POLY (e))
>      {
> -      int cmp = gfc_dep_compare_expr (e->ts.u.cl->length,
> -                                     code->ext.alloc.ts.u.cl->length);
> +      int cmp;
> +
> +      if (!e->ts.u.cl->length)
> +       goto failure;
> +
> +      cmp = gfc_dep_compare_expr (e->ts.u.cl->length,
> +                                 code->ext.alloc.ts.u.cl->length);
> +
>        if (cmp == 1 || cmp == -1 || cmp == -3)
>         {
>           gfc_error ("Allocating %s at %L with type-spec requires the same "

Looks good (and obvious, too).  Pre-approved.
Comment 5 kargls 2018-01-10 23:26:46 UTC 
Author: kargl
Date: Wed Jan 10 23:26:15 2018
New Revision: 256464

URL: https://gcc.gnu.org/viewcvs?rev=256464&root=gcc&view=rev
Log:
2018-01-10  Steven G. Kargl  <kargl@gcc.gnu.org>

	PR fortran/82367
	* resolve.c (resolve_allocate_expr): Check for NULL pointer.

2018-01-10  Steven G. Kargl  <kargl@gcc.gnu.org>

	PR fortran/82367
	* gfortran.dg/deferred_character_18.f90: New test.

Added:
    trunk/gcc/testsuite/gfortran.dg/deferred_character_18.f90
Modified:
    trunk/gcc/fortran/ChangeLog
    trunk/gcc/fortran/resolve.c
    trunk/gcc/testsuite/ChangeLog
Comment 6 kargls 2018-01-10 23:42:20 UTC 
Author: kargl
Date: Wed Jan 10 23:41:48 2018
New Revision: 256466

URL: https://gcc.gnu.org/viewcvs?rev=256466&root=gcc&view=rev
Log:
2018-01-10  Steven G. Kargl  <kargl@gcc.gnu.org>

	PR fortran/82367
	* resolve.c (resolve_allocate_expr): Check for NULL pointer.

2018-01-10  Steven G. Kargl  <kargl@gcc.gnu.org>

	PR fortran/82367
	* gfortran.dg/deferred_character_18.f90: New test.

Added:
    branches/gcc-7-branch/gcc/testsuite/gfortran.dg/deferred_character_18.f90
Modified:
    branches/gcc-7-branch/gcc/fortran/ChangeLog
    branches/gcc-7-branch/gcc/fortran/resolve.c
    branches/gcc-7-branch/gcc/testsuite/ChangeLog
Comment 7 kargls 2018-01-10 23:55:31 UTC 
Author: kargl
Date: Wed Jan 10 23:55:00 2018
New Revision: 256467

URL: https://gcc.gnu.org/viewcvs?rev=256467&root=gcc&view=rev
Log:
2018-01-10  Steven G. Kargl  <kargl@gcc.gnu.org>

	PR fortran/82367
	* resolve.c (resolve_allocate_expr): Check for NULL pointer.

2018-01-10  Steven G. Kargl  <kargl@gcc.gnu.org>

	PR fortran/82367
	* gfortran.dg/deferred_character_18.f90: New test.

Added:
    branches/gcc-6-branch/gcc/testsuite/gfortran.dg/deferred_character_18.f90
Modified:
    branches/gcc-6-branch/gcc/fortran/ChangeLog
    branches/gcc-6-branch/gcc/fortran/resolve.c
    branches/gcc-6-branch/gcc/testsuite/ChangeLog
Comment 8 kargls 2018-01-10 23:56:26 UTC 
Fixed on 6-branch, 7-branch, and trunk.
Thanks for the bug report.