[Bug tree-optimization/97538] ICE in during GIMPLE pass: wrestrict
marxin at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Fri Oct 23 09:31:10 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97538
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Created attachment 49428
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49428&action=edit
test-case
I see it also on x86_64-linux-gnu with ASAN:
$ /home/marxin/Programming/gcc2/objdir/gcc/xg++ -B
/home/marxin/Programming/gcc2/objdir/gcc/ utf.ii -c -O2
utf.ii: In instantiation of ‘_ForwardIterator
__uninitialized_copy_a(_InputIterator, _InputIterator, _ForwardIterator, _Tp)
[with _InputIterator = const short unsigned int*; _ForwardIterator = short
unsigned int*; _Tp = _Vector_base::_Vector_impl]’:
utf.ii:128:25: required from ‘void vector< <template-parameter-1-1>,
<template-parameter-1-2> >::_M_range_insert(vector< <template-parameter-1-1>,
<template-parameter-1-2> >::iterator, _ForwardIterator, _ForwardIterator, int)
[with _ForwardIterator = const short unsigned int*; <template-parameter-1-1> =
short int; <template-parameter-1-2> = short int; vector<
<template-parameter-1-1>, <template-parameter-1-2> >::iterator =
__normal_iterator<short unsigned int*, vector<short int> >]’
utf.ii:105:20: required from ‘void vector< <template-parameter-1-1>,
<template-parameter-1-2> >::_M_insert_dispatch(vector<
<template-parameter-1-1>, <template-parameter-1-2> >::iterator, _InputIterator,
_InputIterator, int) [with _InputIterator = const short unsigned int*;
<template-parameter-1-1> = short int; <template-parameter-1-2> = short int;
vector< <template-parameter-1-1>, <template-parameter-1-2> >::iterator =
__normal_iterator<short unsigned int*, vector<short int> >]’
utf.ii:99:23: required from ‘void vector< <template-parameter-1-1>,
<template-parameter-1-2> >::insert(vector< <template-parameter-1-1>,
<template-parameter-1-2> >::const_iterator, _InputIterator, _InputIterator)
[with _InputIterator = const short unsigned int*; <template-parameter-1-1> =
short int; <template-parameter-1-2> = short int; vector<
<template-parameter-1-1>, <template-parameter-1-2> >::const_iterator =
__normal_iterator<int, vector<short int> >]’
utf.ii:150:48: required from here
utf.ii:67:11: warning: address of local variable ‘__trans_tmp_25’ returned
[-Wreturn-local-addr]
67 | return &__trans_tmp_25;
| ^~~~~~~~~~~~~~
utf.ii:65:18: note: declared here
65 | unsigned short __trans_tmp_25;
| ^~~~~~~~~~~~~~
utf.ii: In instantiation of ‘_OI __copy_move_a1(_II, _II, _OI) [with int
<anonymous> = 0; _II = const short unsigned int*; _OI = short unsigned int*]’:
utf.ii:32:28: required from ‘void __copy_move_a(_II, _II, _OI) [with int
_IsMove = 0; _II = const short unsigned int*; _OI = short unsigned int*]’
utf.ii:36:47: required from ‘void copy(_II, _II, _OI) [with _II = const short
unsigned int*; _OI = short unsigned int*]’
utf.ii:66:7: required from ‘_ForwardIterator
__uninitialized_copy_a(_InputIterator, _InputIterator, _ForwardIterator, _Tp)
[with _InputIterator = const short unsigned int*; _ForwardIterator = short
unsigned int*; _Tp = _Vector_base::_Vector_impl]’
utf.ii:128:25: required from ‘void vector< <template-parameter-1-1>,
<template-parameter-1-2> >::_M_range_insert(vector< <template-parameter-1-1>,
<template-parameter-1-2> >::iterator, _ForwardIterator, _ForwardIterator, int)
[with _ForwardIterator = const short unsigned int*; <template-parameter-1-1> =
short int; <template-parameter-1-2> = short int; vector<
<template-parameter-1-1>, <template-parameter-1-2> >::iterator =
__normal_iterator<short unsigned int*, vector<short int> >]’
utf.ii:105:20: required from ‘void vector< <template-parameter-1-1>,
<template-parameter-1-2> >::_M_insert_dispatch(vector<
<template-parameter-1-1>, <template-parameter-1-2> >::iterator, _InputIterator,
_InputIterator, int) [with _InputIterator = const short unsigned int*;
<template-parameter-1-1> = short int; <template-parameter-1-2> = short int;
vector< <template-parameter-1-1>, <template-parameter-1-2> >::iterator =
__normal_iterator<short unsigned int*, vector<short int> >]’
utf.ii:99:23: required from ‘void vector< <template-parameter-1-1>,
<template-parameter-1-2> >::insert(vector< <template-parameter-1-1>,
<template-parameter-1-2> >::const_iterator, _InputIterator, _InputIterator)
[with _InputIterator = const short unsigned int*; <template-parameter-1-1> =
short int; <template-parameter-1-2> = short int; vector<
<template-parameter-1-1>, <template-parameter-1-2> >::const_iterator =
__normal_iterator<int, vector<short int> >]’
utf.ii:150:48: required from here
utf.ii:27:11: warning: address of local variable ‘__trans_tmp_33’ returned
[-Wreturn-local-addr]
27 | return &__trans_tmp_33;
| ^~~~~~~~~~~~~~
utf.ii:25:18: note: declared here
25 | unsigned short __trans_tmp_33;
| ^~~~~~~~~~~~~~
=================================================================
==636==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffcb78
at pc 0x0000019f4ab8 bp 0x7fffffffc380 sp 0x7fffffffc378
READ of size 8 at 0x7fffffffcb78 thread T0
#0 0x19f4ab7 in generic_wide_int<wide_int_ref_storage<false, true>
>::elt(unsigned int) const ../../gcc/wide-int.h:912
#1 0x3517131 in wide_int_to_tree_1 ../../gcc/tree.c:1532
#2 0x35189de in wide_int_to_tree(tree_node*, poly_int<1u,
generic_wide_int<wide_int_ref_storage<false, true> > > const&)
../../gcc/tree.c:1724
#3 0x1596e31 in get_size_range(range_query*, tree_node*, gimple*,
tree_node**, int) ../../gcc/calls.c:1382
#4 0x1d9becc in builtin_memref ../../gcc/gimple-ssa-warn-restrict.c:259
#5 0x1db412c in check_bounds_or_overlap(range_query*, gimple*, tree_node*,
tree_node*, tree_node*, tree_node*, bool, bool)
../../gcc/gimple-ssa-warn-restrict.c:2011
#6 0x1db3f23 in check_call ../../gcc/gimple-ssa-warn-restrict.c:1977
#7 0x1d9b20a in wrestrict_walk ../../gcc/gimple-ssa-warn-restrict.c:93
#8 0x1d9b41d in execute ../../gcc/gimple-ssa-warn-restrict.c:103
#9 0x25a938a in execute_one_pass(opt_pass*) ../../gcc/passes.c:2517
#10 0x25a9c40 in execute_pass_list_1 ../../gcc/passes.c:2605
#11 0x25a9cbb in execute_pass_list_1 ../../gcc/passes.c:2606
#12 0x25a9d5f in execute_pass_list(function*, opt_pass*)
../../gcc/passes.c:2616
#13 0x1732da9 in cgraph_node::expand() ../../gcc/cgraphunit.c:2310
#14 0x1734080 in expand_all_functions ../../gcc/cgraphunit.c:2478
#15 0x17360dd in symbol_table::compile() ../../gcc/cgraphunit.c:2842
#16 0x173691e in symbol_table::finalize_compilation_unit()
../../gcc/cgraphunit.c:3023
#17 0x29e9817 in compile_file ../../gcc/toplev.c:485
#18 0x29f2bfb in do_compile ../../gcc/toplev.c:2321
#19 0x29f345f in toplev::main(int, char**) ../../gcc/toplev.c:2460
#20 0x56db7dd in main ../../gcc/main.c:39
#21 0x7ffff6eaae09 in __libc_start_main ../csu/libc-start.c:314
#22 0x9fce19 in _start
(/home/marxin/Programming/gcc2/objdir/gcc/cc1plus+0x9fce19)
Address 0x7fffffffcb78 is located in stack of thread T0 at offset 1400 in frame
#0 0x1594a65 in get_size_range(range_query*, tree_node*, gimple*,
tree_node**, int) ../../gcc/calls.c:1250
This frame has 38 object(s):
[48, 52) '<unknown>'
[64, 68) '<unknown>'
[80, 84) '<unknown>'
[96, 100) '<unknown>'
[112, 116) '<unknown>'
[128, 132) '<unknown>'
[144, 148) '<unknown>'
[160, 164) '<unknown>'
[176, 180) '<unknown>'
[192, 196) '<unknown>'
[208, 212) '<unknown>'
[224, 228) '<unknown>'
[240, 244) '<unknown>'
[256, 272) '<unknown>'
[288, 304) '<unknown>'
[320, 336) '<unknown>'
[352, 368) '<unknown>'
[384, 416) 'min' (line 1264)
[448, 480) 'max' (line 1264)
[512, 544) 'vr' (line 1269)
[576, 608) '<unknown>'
[640, 672) '<unknown>'
[704, 736) '<unknown>'
[768, 800) '<unknown>'
[832, 864) '<unknown>'
[896, 928) 'maxsize' (line 1337)
[960, 992) '<unknown>'
[1024, 1056) '<unknown>'
[1088, 1120) '<unknown>'
[1152, 1184) '<unknown>'
[1216, 1248) 'maxsize' (line 1347)
[1280, 1312) '<unknown>'
[1344, 1376) '<unknown>'
[1408, 1440) '<unknown>' <== Memory access at offset 1400 underflows this
variable
[1472, 1504) '<unknown>'
[1536, 1568) '<unknown>'
[1600, 1632) '<unknown>'
[1664, 1696) '<unknown>'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ../../gcc/wide-int.h:912 in
generic_wide_int<wide_int_ref_storage<false, true> >::elt(unsigned int) const
Shadow bytes around the buggy address:
0x10007fff7910: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
0x10007fff7920: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
0x10007fff7930: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
0x10007fff7940: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
0x10007fff7950: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
=>0x10007fff7960: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2[f2]
0x10007fff7970: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
0x10007fff7980: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
0x10007fff7990: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
0x10007fff79a0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 f8 f2
0x10007fff79b0: f8 f2 f8 f2 f8 f2 04 f2 04 f2 04 f2 04 f2 04 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==636==ABORTING
More information about the Gcc-bugs
mailing list