https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97379
Bug ID: 97379
Summary: [11 Regression] Invalid read of size 8 at
outgoing_range::calc_switch_ranges(gswitch*)
(gimple-range-edge.cc:140)
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
CC: aldyh at gcc dot gnu.org, amacleod at redhat dot com
Blocks: 63426
Target Milestone: ---
Created attachment 49349
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49349&action=edit
test-case
The following fails:
$ valgrind --trace-children=yes gcc -Os -c ice.i
==2675== Memcheck, a memory error detector
==2675== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2675== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==2675== Command: gcc -Os -c ice.i
==2675==
==2676== Memcheck, a memory error detector
==2676== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2676== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==2676== Command: /home/marxin/bin/gcc/lib/gcc/x86_64-pc-linux-gnu/11.0.0/cc1
-fpreprocessed ice.i -quiet -dumpbase ice.i -dumpbase-ext .i -mtune=generic
-march=x86-64 -Os -o /tmp/ccmBgOCr.s
==2676==
==2676== Invalid read of size 8
==2676== at 0x187853C: outgoing_range::calc_switch_ranges(gswitch*)
(gimple-range-edge.cc:140)
==2676== by 0x1878A70: outgoing_range::get_edge_range(irange&, gimple*,
edge_def*) (gimple-range-edge.cc:91)
==2676== by 0x1878DB0: outgoing_range::edge_range_p(irange&, edge_def*)
(gimple-range-edge.cc:193)
==2676== by 0x1868C65: gori_compute::outgoing_edge_range_p(irange&,
edge_def*, tree_node*) (gimple-range-gori.cc:995)
==2676== by 0x1864E4E: ranger_cache::iterative_cache_update(tree_node*)
(gimple-range-cache.cc:636)
==2676== by 0x186533A: ranger_cache::fill_block_cache(tree_node*,
basic_block_def*, basic_block_def*) (gimple-range-cache.cc:808)
==2676== by 0x1865ADD: ranger_cache::block_range(irange&, basic_block_def*,
tree_node*, bool) (gimple-range-cache.cc:589)
==2676== by 0x185E941: gimple_ranger::range_on_entry(irange&,
basic_block_def*, tree_node*) (gimple-range.cc:909)
==2676== by 0x185F057: gimple_ranger::range_of_expr(irange&, tree_node*,
gimple*) (gimple-range.cc:880)
==2676== by 0x185FB2B:
gimple_ranger::range_of_non_trivial_assignment(irange&, gimple*) [clone
.part.0] (gimple-range.cc:448)
==2676== by 0x186039D: range_of_non_trivial_assignment (gimple-range.cc:428)
==2676== by 0x186039D: gimple_ranger::range_of_range_op(irange&, gimple*)
(gimple-range.cc:415)
==2676== by 0x186253F: gimple_ranger::calc_stmt(irange&, gimple*,
tree_node*) (gimple-range.cc:369)
==2676== Address 0x5ba5268 is 200 bytes inside a block of size 2,032 free'd
==2676== at 0x483A9AB: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2676== by 0x18791DA: hash_table<hash_map<edge_def*, irange*,
simple_hashmap_traits<default_hash_traits<edge_def*>, irange*> >::hash_entry,
false, xcallocator>::find_slot_with_hash(edge_def* const&, unsigned int,
insert_option) (hash-table.h:964)
==2676== by 0x18785C6: get_or_insert (hash-map.h:195)
==2676== by 0x18785C6: outgoing_range::calc_switch_ranges(gswitch*)
(gimple-range-edge.cc:145)
==2676== by 0x1878A70: outgoing_range::get_edge_range(irange&, gimple*,
edge_def*) (gimple-range-edge.cc:91)
==2676== by 0x1878DB0: outgoing_range::edge_range_p(irange&, edge_def*)
(gimple-range-edge.cc:193)
==2676== by 0x1868C65: gori_compute::outgoing_edge_range_p(irange&,
edge_def*, tree_node*) (gimple-range-gori.cc:995)
==2676== by 0x1864E4E: ranger_cache::iterative_cache_update(tree_node*)
(gimple-range-cache.cc:636)
==2676== by 0x186533A: ranger_cache::fill_block_cache(tree_node*,
basic_block_def*, basic_block_def*) (gimple-range-cache.cc:808)
==2676== by 0x1865ADD: ranger_cache::block_range(irange&, basic_block_def*,
tree_node*, bool) (gimple-range-cache.cc:589)
==2676== by 0x185E941: gimple_ranger::range_on_entry(irange&,
basic_block_def*, tree_node*) (gimple-range.cc:909)
==2676== by 0x185F057: gimple_ranger::range_of_expr(irange&, tree_node*,
gimple*) (gimple-range.cc:880)
==2676== by 0x185FB2B:
gimple_ranger::range_of_non_trivial_assignment(irange&, gimple*) [clone
.part.0] (gimple-range.cc:448)
==2676== Block was alloc'd at
==2676== at 0x483BB65: calloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2676== by 0x1918134: xcalloc (xmalloc.c:162)
==2676== by 0x1878CE0: data_alloc (hash-table.h:275)
==2676== by 0x1878CE0: alloc_entries (hash-table.h:711)
==2676== by 0x1878CE0: hash_table (hash-table.h:628)
==2676== by 0x1878CE0: hash_map (hash-map.h:139)
==2676== by 0x1878CE0: outgoing_range::get_edge_range(irange&, gimple*,
edge_def*) (gimple-range-edge.cc:86)
==2676== by 0x1878DB0: outgoing_range::edge_range_p(irange&, edge_def*)
(gimple-range-edge.cc:193)
==2676== by 0x1868C65: gori_compute::outgoing_edge_range_p(irange&,
edge_def*, tree_node*) (gimple-range-gori.cc:995)
==2676== by 0x1864E4E: ranger_cache::iterative_cache_update(tree_node*)
(gimple-range-cache.cc:636)
==2676== by 0x186533A: ranger_cache::fill_block_cache(tree_node*,
basic_block_def*, basic_block_def*) (gimple-range-cache.cc:808)
==2676== by 0x1865ADD: ranger_cache::block_range(irange&, basic_block_def*,
tree_node*, bool) (gimple-range-cache.cc:589)
==2676== by 0x185E941: gimple_ranger::range_on_entry(irange&,
basic_block_def*, tree_node*) (gimple-range.cc:909)
==2676== by 0x185F057: gimple_ranger::range_of_expr(irange&, tree_node*,
gimple*) (gimple-range.cc:880)
==2676== by 0x185FB2B:
gimple_ranger::range_of_non_trivial_assignment(irange&, gimple*) [clone
.part.0] (gimple-range.cc:448)
==2676== by 0x186039D: range_of_non_trivial_assignment (gimple-range.cc:428)
==2676== by 0x186039D: gimple_ranger::range_of_range_op(irange&, gimple*)
(gimple-range.cc:415)
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63426
[Bug 63426] [meta-bug] Issues found with -fsanitize=undefined
