[Bug ipa/94947] New: -fipa-pta + pthread_once crash

Mon, 04 May 2020 15:07:19 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94947

            Bug ID: 94947
           Summary: -fipa-pta + pthread_once crash
           Product: gcc
           Version: 9.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: ipa
          Assignee: unassigned at gcc dot gnu.org
          Reporter: corydoras at ridiculousfish dot com
                CC: marxin at gcc dot gnu.org
  Target Milestone: ---

fish-shell is seeing a SIGSEGV under std::call_once with -fipa-pta, which I
have reduced to the following:

1. Store a noop void->void function pointer into a local variable
2. Point a global variable at the local
3. Use pthread_once to invoke a trampoline, which in turn dereferences the
global to call the noop

This crashes with `-O1 -fipa-pta`, and the crash disappears if `fipa-pta` is
deleted.

Original test case (requires musl):
https://gist.github.com/ridiculousfish/0a24a98e7634b78e77a0351501576ee8

Reduced test case (also available at
https://gist.github.com/ridiculousfish/3cff64438154a20765e527be11f7cc76):

```
extern "C" void pthread_once(int *, void());
namespace std
{
extern __thread void (*__once_call)();
extern "C" void __once_proxy();
}; // namespace std

static void noop() {}

using voidfunc = void (*)();
static voidfunc *vp;

static void call_vp()
{
  (*vp)();
}

int main()
{
  using namespace std;
  voidfunc vf = noop;
  vp = &vf;
  __once_call = call_vp;
  int once{0};
  pthread_once(&once, __once_proxy);
  return 0;
}
```

To reproduce, on Linux:

    g++ -O1 -fipa-pta -std=c++11 -lpthread output.cpp
    ./a.out

and it should SIGSEGV under `call_vp`


gcc -v:

Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /build/gcc/src/gcc/configure --prefix=/usr --libdir=/usr/lib
--libexecdir=/usr/lib --mandir=/usr/share/man --infodir=/usr/share/info
--with-pkgversion='Arch Linux 9.3.0-1'
--with-bugurl=https://bugs.archlinux.org/
--enable-languages=c,c++,ada,fortran,go,lto,objc,obj-c++,d --enable-shared
--enable-threads=posix --with-system-zlib --with-isl --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-clocale=gnu --disable-libstdcxx-pch
--disable-libssp --enable-gnu-unique-object --enable-linker-build-id
--enable-lto --enable-plugin --enable-install-libiberty
--with-linker-hash-style=gnu --enable-gnu-indirect-function --enable-multilib
--disable-werror --enable-checking=release --enable-default-pie
--enable-default-ssp --enable-cet=auto gdc_include_dir=/usr/include/dlang/gdc
Thread model: posix
gcc version 9.3.0 (Arch Linux 9.3.0-1)

(Originally reported as https://github.com/fish-shell/fish-shell/issues/6962)

Reply via email to