[Bug fortran/65173] ICE while compiling wrong code

dominiq at lps dot ens.fr gcc-bugzilla@gcc.gnu.org
Wed Nov 9 16:56:00 GMT 2016 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65173

--- Comment #8 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Note that the tests z1.f90 and z8.f90 fail in a different way:

pr65173_3.f90:3:39:

       character(:), allocatable :: x(n)
                                       1
Error: Allocatable component of structure at (1) must have a deferred shape
=================================================================
==24015==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400000cbf8
at pc 0x0001002b5734 bp 0x7fff5fbfe660 sp 0x7fff5fbfe658
READ of size 8 at 0x60400000cbf8 thread T0
    #0 0x1002b5733 in check_host_association(gfc_expr*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002b5733)
    #1 0x1002ae1d7 in gfc_resolve_expr(gfc_expr*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002ae1d7)
    #2 0x10000e80a 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10000e80a)
    #3 0x100014067 in gfc_resolve_array_spec(gfc_array_spec*, int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100014067)
    #4 0x1002a2754 in resolve_component(gfc_component*, gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a2754)
    #5 0x1002a5440 in resolve_fl_derived0(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a5440)
    #6 0x1002a61bd in resolve_fl_derived(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a61bd)
    #7 0x1002966c8 in resolve_symbol(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002966c8)
    #8 0x10032dacc in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*))
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10032dacc)
    #9 0x100345881 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100345881)
    #10 0x1002d51ed in resolve_types(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002d51ed)
    #11 0x100293315 in gfc_resolve(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100293315)
    #12 0x100223cdc in resolve_all_program_units(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100223cdc)
    #13 0x10023e38e in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e38e)
    #14 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)
    #15 0x103bf0124 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124)
    #16 0x103bf92ee in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee)
    #17 0x10568dc2f in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f)
    #18 0x105692be5 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5)
    #19 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
    #20 0xd 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)

0x60400000cbf8 is located 40 bytes inside of 48-byte region
[0x60400000cbd0,0x60400000cc00)
freed by thread T0 here:
    #0 0x15078e690 in wrap_free.part.0
(/opt/gcc/gcc7a/lib/libasan.3.dylib+0x53690)
    #1 0x10033ce36 in gfc_delete_symtree(gfc_symtree**, char const*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10033ce36)
    #2 0x1003511bf in gfc_restore_last_undo_checkpoint()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003511bf)
    #3 0x1003515bd in gfc_undo_symbols()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003515bd)
    #4 0x1002241ee in reject_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002241ee)
    #5 0x100224373 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224373)
    #6 0x1002322bd in decode_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002322bd)
    #7 0x10023427b in next_free()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023427b)
    #8 0x100234af9 in next_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100234af9)
    #9 0x10023679d in parse_derived()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023679d)
    #10 0x100238b9b in parse_spec(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100238b9b)
    #11 0x10023c78b in parse_progunit(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023c78b)
    #12 0x10023e350 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e350)
    #13 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)
    #14 0x103bf0124 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124)
    #15 0x103bf92ee in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee)
    #16 0x10568dc2f in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f)
    #17 0x105692be5 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5)
    #18 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
    #19 0xd 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)

previously allocated by thread T0 here:
    #0 0x15078da49 in wrap_calloc (/opt/gcc/gcc7a/lib/libasan.3.dylib+0x52a49)
    #1 0x1054f169b in xcalloc
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1054f169b)
    #2 0x10033cb5f in gfc_new_symtree(gfc_symtree**, char const*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10033cb5f)
    #3 0x1003402fc in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003402fc)
    #4 0x1003415fa in gfc_get_ha_sym_tree(char const*, gfc_symtree**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003415fa)
    #5 0x100256d2d in gfc_match_rvalue(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100256d2d)
    #6 0x1001b2b5e in match_primary(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b2b5e)
    #7 0x1001b2d91 in match_level_1(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b2d91)
    #8 0x1001b304b in match_mult_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b304b)
    #9 0x1001b3673 in match_add_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b3673)
    #10 0x1001b3d70 in match_level_2(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b3d70)
    #11 0x1001b4135 in match_level_3(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4135)
    #12 0x1001b4425 in match_level_4(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4425)
    #13 0x1001b4cff in match_and_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4cff)
    #14 0x1001b4f38 in match_or_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4f38)
    #15 0x1001b5236 in match_equiv_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b5236)
    #16 0x1001b5534 in match_level_5(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b5534)
    #17 0x1001b27ce in gfc_match_expr(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b27ce)
    #18 0x100011566 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100011566)
    #19 0x1000149bd 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000149bd)
    #20 0x1000ab738 in variable_decl(int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000ab738)
    #21 0x1000ae155 in gfc_match_data_decl()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000ae155)
    #22 0x100224306 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224306)
    #28 0x10023c78b in parse_progunit(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023c78b)
    #29 0x10023e350 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e350)

SUMMARY: AddressSanitizer: heap-use-after-free
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002b5733)
in check_host_association(gfc_expr*)
Shadow bytes around the buggy address:
  0x1c0800001920: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x1c0800001930: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c0800001940: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c0800001950: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x1c0800001960: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
=>0x1c0800001970: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd[fd]
  0x1c0800001980: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x1c0800001990: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x1c08000019a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x1c08000019b0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x1c08000019c0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==24015==ABORTING
f951: internal compiler error: Abort trap: 6
gfcg: internal compiler error: Abort trap: 6 (program f951)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.

More information about the Gcc-bugs mailing list