https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82174
Bug ID: 82174
Summary: Null name in one entry of the builtin_data array of
jit-builtins.c
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: jit
Assignee: dmalcolm at gcc dot gnu.org
Reporter: mcree at orcon dot net.nz
Target Milestone: ---
I see a segmentation violation in some code calling libgccjit. The backtrace
is:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 pp_format(pretty_printer*, text_info*) () at
../../gcc.git/gcc/pretty-print.c:317
317 output_buffer *buffer = pp_buffer (pp);
(gdb) bt
#0 pp_format(pretty_printer*, text_info*) () at
../../gcc.git/gcc/pretty-print.c:317
#1 0x00007fef3c1fc698 in diagnostic_report_diagnostic(diagnostic_context*,
diagnostic_info*) ()
at ../../gcc.git/gcc/diagnostic.c:974
#2 0x00007fef3c1fc99e in diagnostic_impl
(richloc=richloc@entry=0x7fff20ffec20, opt=opt@entry=-1,
gmsgid=gmsgid@entry=0x7fef3c6e88d7 "in %s, at %s:%d",
ap=ap@entry=0x7fff20ffec08,
kind=kind@entry=DK_ICE) at ../../gcc.git/gcc/diagnostic.c:1099
#3 0x00007fef3c1fd63d in internal_error (gmsgid=gmsgid@entry=0x7fef3c6e88d7
"in %s, at %s:%d")
at ../../gcc.git/gcc/diagnostic.c:1422
#4 0x00007fef3b631a49 in fancy_abort (
file=file@entry=0x7fef3c29aea0 "../../gcc.git/gcc/jit/jit-builtins.c",
line=line@entry=71,
function=function@entry=0x7fef3c29ec80 <gcc::jit::matches_builtin(char
const*, gcc::jit::builtin_data const&)::__FUNCTION__> "matches_builtin") at
../../gcc.git/gcc/diagnostic.c:1488
#5 0x00007fef3b38c6d8 in gcc::jit::matches_builtin (bd=..., bd=...,
in_name=0x434b21 "__builtin_ia32_orps256") at
../../gcc.git/gcc/jit/jit-builtins.c:71
#6 gcc::jit::find_builtin_by_name (out_id=<synthetic pointer>,
in_name=0x434b21 "__builtin_ia32_orps256")
at ../../gcc.git/gcc/jit/jit-builtins.c:118
#7 gcc::jit::builtins_manager::get_builtin_function (this=0x2619850,
name=0x434b21 "__builtin_ia32_orps256") at
../../gcc.git/gcc/jit/jit-builtins.c:150
#8 0x00007fef3b644019 in gcc_jit_context_get_builtin_function (ctxt=0x25d2ac0,
name=name@entry=0x434b21 "__builtin_ia32_orps256") at
../../gcc.git/gcc/jit/libgccjit.c:917
#9 0x0000000000417bfd in ip_be_avx2_fdecls (be=be@entry=0x643820 <ip_avx2>) at
intel-avx2.c:201
#10 0x00000000004143d7 in ip_init_jit () at jit.c:892
#11 0x000000000040a0ac in time_ip_init_jit () at arith-test.c:231
#12 run_im_ii_tests (operator=operator@entry=0, size=size@entry=...,
chk_flag=112) at arith-test.c:505
#13 0x000000000040594a in main (argc=<optimized out>, argv=<optimized out>) at
arith-test.c:616
Stepping up to #6 find_builtin_by_name() finds that the loop counter i is:
(gdb) print i
$2 = 1092
but the entries about i in the builtin_data array are:
(gdb) print builtin_data[1091]
$5 = {name = 0x7fef3c2a3964 "__builtin__ITM_RfWE", fnclass = BUILT_IN_NORMAL,
type = gcc::jit::BT_FN_LDOUBLE_VPTR, both_p = false, fallback_p = true,
attr = gcc::jit::ATTR_TM_PURE_TMPURE_NOTHROW_LIST, implicit_p = false}
(gdb) print builtin_data[1092]
$6 = {name = 0x0, fnclass = BUILT_IN_NORMAL, type = gcc::jit::BT_LAST, both_p =
false, fallback_p = false,
attr = gcc::jit::ATTR_LAST, implicit_p = false}
(gdb) print builtin_data[1093]
$7 = {name = 0x7fef3c2a3978 "__builtin___asan_init", fnclass = BUILT_IN_NORMAL,
type = gcc::jit::BT_FN_VOID, both_p = true, fallback_p = true, attr =
gcc::jit::ATTR_NOTHROW_LEAF_LIST,
implicit_p = true}
and it's clear that the name in entry 1092 is NULL, which eventually leads to a
failed insert and the segfault. The size of the array is 46752 and each entry
has 32 bytes thus the code is expecting 1461 entries in the array.
