[Bug fortran/99218] New: matmul on temporary array accesses invalid memory (segfault)
rpmcnally at gmail dot com
gcc-bugzilla@gcc.gnu.org
Tue Feb 23 14:16:32 GMT 2021
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99218
Bug ID: 99218
Summary: matmul on temporary array accesses invalid memory
(segfault)
Product: gcc
Version: 10.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: rpmcnally at gmail dot com
Target Milestone: ---
Created attachment 50241
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50241&action=edit
Source file
I traced a segfault in our code back to a matmul() where one of the arguments
is the the result of a transpose() call:
fTmp(:) = matmul(transpose(G(:,:)), lambda(:))
Modifying the code to store the transpose in an intermediate variable appears
to resolve the segfault. I've reproduced the behavior in some standalone code.
While the standalone code doesn't segfault, running it under valgrind shows a
lot of invalid memory access.
I do not see this behavior with my system GCC 4.8.5 or 7.3.0. I do see the
memory issues with GCC 8.3.0, 9.3.0, and 10.2.0.
The source file is attached. The output from valgrind is below.
gfortran -Wall -Wextra -O0 -g -o issue issue.f90
==13610== Memcheck, a memory error detector
==13610== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==13610== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==13610== Command: ./issue
==13610==
Testing Real with Transpose Inline
==13610== Invalid write of size 4
==13610== at 0x4F3C754: matmul_r4_avx2 (matmul_r4.c:965)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e1f3d0 is 0 bytes after a block of size 2,048 alloc'd
==13610== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==13610== by 0x4F39602: matmul_r4_avx2 (matmul_r4.c:909)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610==
==13610== Invalid write of size 4
==13610== at 0x4F3C785: matmul_r4_avx2 (matmul_r4.c:965)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e1f7d0 is 960 bytes inside an unallocated block of size
4,176,848 in arena "client"
==13610==
==13610== Invalid write of size 4
==13610== at 0x4F3C7B5: matmul_r4_avx2 (matmul_r4.c:965)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e1fbd0 is 1,984 bytes inside an unallocated block of size
4,176,848 in arena "client"
==13610==
==13610== Invalid write of size 4
==13610== at 0x4F3C7E6: matmul_r4_avx2 (matmul_r4.c:965)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e1ffd0 is 3,008 bytes inside an unallocated block of size
4,176,848 in arena "client"
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F3CE50: matmul_r4_avx2 (matmul_r4.c:1093)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e1f3d0 is 0 bytes after a block of size 2,048 alloc'd
==13610== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==13610== by 0x4F39602: matmul_r4_avx2 (matmul_r4.c:909)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F3CE5E: matmul_r4_avx2 (matmul_r4.c:1095)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e1f7d0 is 960 bytes inside an unallocated block of size
4,176,848 in arena "client"
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F3D1A4: matmul_r4_avx2 (matmul_r4.c:1110)
==13610== by 0x401873: test_real_transposeinline.3 (issue.f90:36)
==13610== by 0x401932: main.4 (issue.f90:14)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e1fbd0 is 1,984 bytes inside an unallocated block of size
4,176,848 in arena "client"
==13610==
Testing Complex with Transpose Inline
==13610== Invalid write of size 8
==13610== at 0x4F7A644: matmul_c4_avx2 (matmul_c4.c:965)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e20540 is 0 bytes after a block of size 4,096 alloc'd
==13610== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==13610== by 0x4F7617C: matmul_c4_avx2 (matmul_c4.c:909)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610==
==13610== Invalid write of size 8
==13610== at 0x4F7A64C: matmul_c4_avx2 (matmul_c4.c:965)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e20d40 is 1,984 bytes inside an unallocated block of size
4,172,384 in arena "client"
==13610==
==13610== Invalid write of size 8
==13610== at 0x4F7A7C3: matmul_c4_avx2 (matmul_c4.c:965)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e21540 is 4,032 bytes inside an unallocated block of size
4,172,384 in arena "client"
==13610==
==13610== Invalid write of size 8
==13610== at 0x4F7A7CC: matmul_c4_avx2 (matmul_c4.c:965)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e21d40 is 6,080 bytes inside an unallocated block of size
4,172,384 in arena "client"
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F7B0C2: matmul_c4_avx2 (matmul_c4.c:1092)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e20d44 is 1,988 bytes inside an unallocated block of size
4,172,384 in arena "client"
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F7B0E4: matmul_c4_avx2 (matmul_c4.c:1089)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e20540 is 0 bytes after a block of size 4,096 alloc'd
==13610== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==13610== by 0x4F7617C: matmul_c4_avx2 (matmul_c4.c:909)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F7B0EC: matmul_c4_avx2 (matmul_c4.c:1087)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e20d40 is 1,984 bytes inside an unallocated block of size
4,172,384 in arena "client"
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F7B0F1: matmul_c4_avx2 (matmul_c4.c:1087)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e20544 is 4 bytes after a block of size 4,096 alloc'd
==13610== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==13610== by 0x4F7617C: matmul_c4_avx2 (matmul_c4.c:909)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F7B833: matmul_c4_avx2 (matmul_c4.c:1110)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e21544 is 4,036 bytes inside an unallocated block of size
4,172,384 in arena "client"
==13610==
==13610== Invalid read of size 4
==13610== at 0x4F7B838: matmul_c4_avx2 (matmul_c4.c:1110)
==13610== by 0x4014F4: test_complex_transposeinline.2 (issue.f90:52)
==13610== by 0x4019A4: main.4 (issue.f90:16)
==13610== by 0x400D01: MAIN__ (issue.f90:5)
==13610== by 0x401AC3: main (issue.f90:5)
==13610== Address 0x5e21540 is 4,032 bytes inside an unallocated block of size
4,172,384 in arena "client"
==13610==
Testing Real with Transpose Variable
Testing Complex with Transpose Variable
==13610==
==13610== HEAP SUMMARY:
==13610== in use at exit: 0 bytes in 0 blocks
==13610== total heap usage: 39 allocs, 39 frees, 41,616 bytes allocated
==13610==
==13610== All heap blocks were freed -- no leaks are possible
==13610==
==13610== For lists of detected and suppressed errors, rerun with: -s
==13610== ERROR SUMMARY: 20 errors from 17 contexts (suppressed: 0 from 0)
More information about the Gcc-bugs
mailing list