[Bug fortran/78746] charlen_03, charlen_10 ICE

dominiq at lps dot ens.fr gcc-bugzilla@gcc.gnu.org
Thu Nov 9 11:17:00 GMT 2017 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78746

--- Comment #10 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> Both of the remaining testcases now compile for me.
> Probably can close this PR.

With my instrumented gfortran compiler I still see failures similar to the one
reported in comment 2:

pr78746.f90:5:39:

       character(:), allocatable :: x(n) ! { dg-error "must have a deferred
shape" }
                                       1
Error: Allocatable component of structure at (1) must have a deferred shape
=================================================================
==80385==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040000010e8
at pc 0x0001003b3627 bp 0x7fff5fbfe530 sp 0x7fff5fbfe528
READ of size 8 at 0x6040000010e8 thread T0
    #0 0x1003b3626 in gfc_resolve_expr(gfc_expr*) resolve.c:6736
    #1 0x100015279 in resolve_array_bound(gfc_expr*, int) array.c:327
    #2 0x10001bd19 in gfc_resolve_array_spec(gfc_array_spec*, int) array.c:368
    #3 0x1003a7bdd in resolve_component(gfc_component*, gfc_symbol*)
resolve.c:13920
    #4 0x1003abfa1 in resolve_fl_derived0(gfc_symbol*) resolve.c:14039
    #5 0x1003acbdb in resolve_fl_derived(gfc_symbol*) resolve.c:14134
    #6 0x10039a977 in resolve_symbol(gfc_symbol*) resolve.c:14479
    #7 0x10046c576 in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*)) symbol.c:4157
    #8 0x10048a3a5 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
symbol.c:4182
    #9 0x1004002ed in resolve_types(gfc_namespace*) resolve.c:16358
    #10 0x100395fc9 in gfc_resolve(gfc_namespace*) resolve.c:16472
    #11 0x1002feb25 in resolve_all_program_units(gfc_namespace*) parse.c:6030
    #12 0x10031dc5f in gfc_parse_file() parse.c:6280
    #13 0x1004d36b3 in gfc_be_parse_file() f95-lang.c:204
    #14 0x1052de1b0 in compile_file() toplev.c:454
    #15 0x1052e857d in do_compile() toplev.c:2059
    #16 0x1075dd23b in toplev::main(int, char**) toplev.c:2194
    #17 0x1075e2a87 in main main.c:39
    #18 0x7fffcb057234 in start (libdyld.dylib:x86_64+0x5234)

0x6040000010e8 is located 24 bytes inside of 48-byte region
[0x6040000010d0,0x604000001100)
freed by thread T0 here:
    #0 0x1562efe10 in wrap_free.part.0 sanitizer_malloc_mac.inc:142
    #1 0x100480732 in gfc_delete_symtree(gfc_symtree**, char const*)
symbol.c:2927
    #2 0x10049a7d4 in gfc_restore_last_undo_checkpoint() symbol.c:3694
    #3 0x10049aa2c in gfc_undo_symbols() symbol.c:3727
    #4 0x1002fefd5 in reject_statement() parse.c:2546
    #5 0x1002ff11d in match_word(char const*, match (*)(), locus*) parse.c:70
    #6 0x10030ba38 in decode_statement() parse.c:376
    #7 0x10030e091 in next_free() parse.c:1225
    #8 0x10030ea5e in next_statement() parse.c:1457
    #9 0x100313af2 in parse_derived() parse.c:3255
    #10 0x1003154d7 in parse_spec(gfc_statement) parse.c:3795
    #11 0x10031b954 in parse_progunit(gfc_statement) parse.c:5637
    #12 0x10031dc21 in gfc_parse_file() parse.c:6177
    #13 0x1004d36b3 in gfc_be_parse_file() f95-lang.c:204
    #14 0x1052de1b0 in compile_file() toplev.c:454
    #15 0x1052e857d in do_compile() toplev.c:2059
    #16 0x1075dd23b in toplev::main(int, char**) toplev.c:2194
    #17 0x1075e2a87 in main main.c:39
    #18 0x7fffcb057234 in start (libdyld.dylib:x86_64+0x5234)

previously allocated by thread T0 here:
    #0 0x1562ef46c in wrap_calloc sanitizer_malloc_mac.inc:153
    #1 0x10746b354 in xcalloc xmalloc.c:162
    #2 0x1004803dd in gfc_new_symtree(gfc_symtree**, char const*) symbol.c:2897
    #3 0x1004843d2 in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool) symbol.c:3356
    #4 0x100490128 in gfc_get_ha_sym_tree(char const*, gfc_symtree**)
symbol.c:3441
    #5 0x100341f22 in gfc_match_rvalue(gfc_expr**) primary.c:3141
    #6 0x100226505 in match_primary(gfc_expr**) matchexp.c:157
    #7 0x100226794 in match_level_1(gfc_expr**) matchexp.c:211
    #8 0x100226b09 in match_mult_operand(gfc_expr**) matchexp.c:267
    #9 0x100227313 in match_add_operand(gfc_expr**) matchexp.c:356
    #10 0x100227d00 in match_level_2(gfc_expr**) matchexp.c:480
    #11 0x100228210 in match_level_3(gfc_expr**) matchexp.c:551
    #12 0x100228689 in match_level_4(gfc_expr**) matchexp.c:599
    #13 0x1002294bd in match_and_operand(gfc_expr**) matchexp.c:693
    #14 0x10022978c in match_or_operand(gfc_expr**) matchexp.c:722
    #15 0x100229bf1 in match_equiv_operand(gfc_expr**) matchexp.c:765
    #16 0x10022a060 in match_level_5(gfc_expr**) matchexp.c:811
    #17 0x100226029 in gfc_match_expr(gfc_expr**) matchexp.c:870
    #18 0x1000192cc in match_array_element_spec(gfc_array_spec*) array.c:433
    #19 0x10001ca3d in gfc_match_array_spec(gfc_array_spec**, bool, bool)
array.c:528
    #20 0x1000cf09c in variable_decl(int) decl.c:2256
    #21 0x1000d2ab8 in gfc_match_data_decl() decl.c:5679
    #22 0x1002ff09b in match_word(char const*, match (*)(), locus*) parse.c:65
    #23 0x10030ba38 in decode_statement() parse.c:376
    #24 0x10030e091 in next_free() parse.c:1225
    #25 0x10030ea5e in next_statement() parse.c:1457
    #26 0x100313af2 in parse_derived() parse.c:3255
    #27 0x1003154d7 in parse_spec(gfc_statement) parse.c:3795
    #28 0x10031b954 in parse_progunit(gfc_statement) parse.c:5637
    #29 0x10031dc21 in gfc_parse_file() parse.c:6177

SUMMARY: AddressSanitizer: heap-use-after-free resolve.c:6736 in
gfc_resolve_expr(gfc_expr*)
Shadow bytes around the buggy address:
  0x1c08000001c0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
  0x1c08000001d0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c08000001e0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x1c08000001f0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x1c0800000200: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
=>0x1c0800000210: fa fa 00 00 00 00 00 00 fa fa fd fd fd[fd]fd fd
  0x1c0800000220: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
  0x1c0800000230: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c0800000240: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x1c0800000250: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x1c0800000260: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==80385==ABORTING
f951: internal compiler error: Abort trap: 6

More information about the Gcc-bugs mailing list