https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118475
Bug ID: 118475
Summary: [15 regression] dosbox-staging-0.82.0 miscompiled?
(fails dos_files, shell_cmds tests)
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: sjames at gcc dot gnu.org
Target Milestone: ---
Filing this as we're in stage4 and I'd like to keep track of wrong-code issues
even if I don't have them rundown yet.
dosbox-staging-0.82.0 fails tests since late December but it's not yet clear
why. Two tests crash (dos_files, shell_cmds).
There are a few symptoms:
1) Failures with -O2 (dos_files, shell_cmds)
1a) Heap corruption with glibc's malloc aborting on invalid free, or
1b) Crash in libstdc++
```
Thread 1 "dos_files" received signal SIGSEGV, Segmentation fault.
0x0000000000796076 in __gnu_cxx::__exchange_and_add (__mem=0x7ffff729527c
<__GI___libc_free+396>, __val=-1) at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/ext/atomicity.h:68
68 { return __atomic_fetch_add(__mem, __val, __ATOMIC_ACQ_REL); }
(gdb) bt
#0 0x0000000000796076 in __gnu_cxx::__exchange_and_add (__mem=0x7ffff729527c
<__GI___libc_free+396>, __val=-1) at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/ext/atomicity.h:68
#1 __gnu_cxx::__exchange_and_add_dispatch (__mem=0x7ffff729527c
<__GI___libc_free+396>, __val=-1) at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/ext/atomicity.h:103
#2 std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release
(this=0x7ffff7295274 <__GI___libc_free+388>)
at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/shared_ptr_base.h:350
#3 std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count
(this=<optimized out>) at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/shared_ptr_base.h:1070
#4 std::__shared_ptr<MixerChannel, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr
(this=<optimized out>) at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/shared_ptr_base.h:1532
#5 std::__shared_ptr<MixerChannel, (__gnu_cxx::_Lock_policy)2>::operator=
(this=0xeee630 <sb+3504>, __r=...)
at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/shared_ptr_base.h:1628
#6 std::shared_ptr<MixerChannel>::operator= (this=0xeee630 <sb+3504>, __r=...)
at /usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/shared_ptr.h:439
#7 SBLASTER::SBLASTER (this=<optimized out>, conf=0x2da8790) at
../dosbox-staging-0.82.0/src/hardware/sblaster.cpp:3296
#8 0x000000000078fc01 in std::make_unique<SBLASTER, Section*&> () at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/unique_ptr.h:1077
#9 init_sblaster (sec=0x2da8790) at
../dosbox-staging-0.82.0/src/hardware/sblaster.cpp:3514
#10 0x0000000000544565 in Section::ExecuteInit (this=0x2da8790,
init_all=init_all@entry=true) at
../dosbox-staging-0.82.0/src/misc/setup.cpp:1360
#11 0x0000000000506515 in DOSBoxTestFixture::SetUp (this=<optimized out>) at
../dosbox-staging-0.82.0/tests/dosbox_test_fixture.h:59
#12 0x00007ffff7f698c2 in ?? () from /usr/lib64/libgtest.so.1.15.2
#13 0x00007ffff7f6f9d6 in ?? () from /usr/lib64/libgtest.so.1.15.2
#14 0x00007ffff7f453ea in testing::TestInfo::Run() () from
/usr/lib64/libgtest.so.1.15.2
#15 0x00007ffff7f7082b in ?? () from /usr/lib64/libgtest.so.1.15.2
#16 0x00007ffff7f66888 in testing::internal::UnitTestImpl::RunAllTests() ()
from /usr/lib64/libgtest.so.1.15.2
#17 0x00007ffff7f59437 in testing::UnitTest::Run() () from
/usr/lib64/libgtest.so.1.15.2
#18 0x00007ffff7f77abe in main () from /usr/lib64/libgmock_main.so.1.15.2
#19 0x00007ffff7203547 in __libc_start_call_main
(main=main@entry=0x7ffff7f77a80 <main>, argc=argc@entry=1,
argv=argv@entry=0x7fffffffe1f8) at ../sysdeps/nptl/libc_start_call_main.h:58
#20 0x00007ffff72035f7 in __libc_start_main_impl (main=0x7ffff7f77a80 <main>,
argc=1, argv=0x7fffffffe1f8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>,
stack_end=0x7fffffffe1e8) at ../csu/libc-start.c:360
#21 0x00000000004f6681 in _start ()
```
Valgrind complains about uninitialised variables:
```
==903347== Conditional jump or move depends on uninitialised value(s)
==903347== at 0x794D60: ~__shared_count (shared_ptr_base.h:1069)
==903347== by 0x794D60: ~__shared_ptr (shared_ptr_base.h:1532)
==903347== by 0x794D60: operator= (shared_ptr_base.h:1628)
==903347== by 0x794D60: operator= (shared_ptr.h:439)
==903347== by 0x794D60: SBLASTER::SBLASTER(Section*) (sblaster.cpp:3296)
==903347== by 0x78FC00: make_unique<SBLASTER, Section*&> (unique_ptr.h:1077)
==903347== by 0x78FC00: init_sblaster(Section*) (sblaster.cpp:3514)
==903347== by 0x544564: Section::ExecuteInit(bool) (setup.cpp:1360)
==903347== by 0x506514: DOSBoxTestFixture::SetUp()
(dosbox_test_fixture.h:59)
==903347== by 0x49348C1: ??? (in /usr/lib64/libgtest.so.1.15.2)
==903347== by 0x493A9D5: ??? (in /usr/lib64/libgtest.so.1.15.2)
==903347== by 0x49103E9: testing::TestInfo::Run() (in
/usr/lib64/libgtest.so.1.15.2)
==903347== by 0x493B82A: ??? (in /usr/lib64/libgtest.so.1.15.2)
==903347== by 0x4931887: testing::internal::UnitTestImpl::RunAllTests() (in
/usr/lib64/libgtest.so.1.15.2)
==903347== by 0x4924436: testing::UnitTest::Run() (in
/usr/lib64/libgtest.so.1.15.2)
==903347== by 0x48B2ABD: main (in /usr/lib64/libgmock_main.so.1.15.2)
==903347==
2025-01-14 09:44:09.839 ( 2.217s) [ 65097C0]
sblaster.cpp:420 INFO| SB16: Modern DAC output filter enabled
==903347== Conditional jump or move depends on uninitialised value(s)
==903347== at 0x78DB4A: dsp_change_mode (sblaster.cpp:1241)
==903347== by 0x78DB4A: dsp_reset() (sblaster.cpp:1412)
==903347== by 0x795573: SBLASTER::SBLASTER(Section*) (sblaster.cpp:3335)
==903347== by 0x78FC00: make_unique<SBLASTER, Section*&> (unique_ptr.h:1077)
==903347== by 0x78FC00: init_sblaster(Section*) (sblaster.cpp:3514)
==903347== by 0x544564: Section::ExecuteInit(bool) (setup.cpp:1360)
==903347== by 0x506514: DOSBoxTestFixture::SetUp()
(dosbox_test_fixture.h:59)
==903347== by 0x49348C1: ??? (in /usr/lib64/libgtest.so.1.15.2)
==903347== by 0x493A9D5: ??? (in /usr/lib64/libgtest.so.1.15.2)
==903347== by 0x49103E9: testing::TestInfo::Run() (in
/usr/lib64/libgtest.so.1.15.2)
==903347== by 0x493B82A: ??? (in /usr/lib64/libgtest.so.1.15.2)
==903347== by 0x4931887: testing::internal::UnitTestImpl::RunAllTests() (in
/usr/lib64/libgtest.so.1.15.2)
==903347== by 0x4924436: testing::UnitTest::Run() (in
/usr/lib64/libgtest.so.1.15.2)
==903347== by 0x48B2ABD: main (in /usr/lib64/libgmock_main.so.1.15.2)
==903347==
[...]
==903347== Conditional jump or move depends on uninitialised value(s)
==903347== at 0x79241A: ~__shared_count (shared_ptr_base.h:1069)
==903347== by 0x79241A: ~__shared_ptr (shared_ptr_base.h:1532)
==903347== by 0x79241A: ~shared_ptr (shared_ptr.h:175)
==903347== by 0x79241A: SbInfo::~SbInfo() (sblaster.cpp:110)
==903347== by 0x52DEBAD: __run_exit_handlers (exit.c:118)
==903347== by 0x52DEC7B: exit (exit.c:148)
==903347== by 0x52BF54D: (below main) (libc_start_call_main.h:74)
```
2) Failures with e.g. -Og where I get a crash on teardown
```
Thread 1 "shell_cmds" received signal SIGSEGV, Segmentation fault.
std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::pair<unsigned
short const, std::function<void(unsigned short, unsigned int, io_width_t)> >,
false> > >::_M_deallocate_nodes (this=this@entry=0x2752878
<io_write_handlers+56>, __n=0xff00000002d87390) at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/hashtable_policy.h:1609
1609 __n = __n->_M_next();
(gdb) bt
#0
std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::pair<unsigned
short const, std::function<void(unsigned short, unsigned int, io_width_t)> >,
false> > >::_M_deallocate_nodes (this=this@entry=0x2752878
<io_write_handlers+56>, __n=0xff00000002d87390) at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/hashtable_policy.h:1609
#1 0x000000000076ca9d in std::_Hashtable<unsigned short, std::pair<unsigned
short const, std::function<void(unsigned short, unsigned int, io_width_t)> >,
std::allocator<std::pair<unsigned short const, std::function<void(unsigned
short, unsigned int, io_width_t)> > >, std::__detail::_Select1st,
std::equal_to<unsigned short>, std::hash<unsigned short>,
std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash,
std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false,
false, true> >::clear (
this=this@entry=0x2752878 <io_write_handlers+56>) at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/hashtable.h:2672
#2 0x000000000076cb14 in std::unordered_map<unsigned short,
std::function<void(unsigned short, unsigned int, io_width_t)>,
std::hash<unsigned short>, std::equal_to<unsigned short>,
std::allocator<std::pair<unsigned short const, std::function<void(unsigned
short, unsigned int, io_width_t)> > > >::clear (this=<optimized out>)
at
/usr/lib/gcc/x86_64-pc-linux-gnu/15/include/g++-v15/bits/unordered_map.h:799
#3 IO::~IO (this=0x2da6760) at ../src/hardware/iohandler.cpp:398
#4 0x000000000076cb3b in IO::~IO (this=0x2da6760) at
../src/hardware/iohandler.cpp:402
#5 0x000000000076c8d7 in IO_Destroy () at ../src/hardware/iohandler.cpp:408
#6 0x00000000005b2cd4 in Section::ExecuteDestroy (this=0x2db3170,
destroyall=destroyall@entry=true) at ../src/misc/setup.cpp:1398
#7 0x0000000000571cf8 in DOSBoxTestFixture::TearDown (this=0x2df2ea0) at
../tests/dosbox_test_fixture.h:67
#8 0x00007ffff7f488c2 in ?? () from /usr/lib64/libgtest.so.1.15.2
#9 0x00007ffff7f243ea in testing::TestInfo::Run() () from
/usr/lib64/libgtest.so.1.15.2
#10 0x00007ffff7f4f82b in ?? () from /usr/lib64/libgtest.so.1.15.2
#11 0x00007ffff7f45888 in testing::internal::UnitTestImpl::RunAllTests() ()
from /usr/lib64/libgtest.so.1.15.2
#12 0x00007ffff7f38437 in testing::UnitTest::Run() () from
/usr/lib64/libgtest.so.1.15.2
#13 0x00007ffff7f77abe in main () from /usr/lib64/libgmock_main.so.1.15.2
#14 0x00007ffff7203547 in __libc_start_call_main
(main=main@entry=0x7ffff7f77a80 <main>, argc=argc@entry=1,
argv=argv@entry=0x7fffffffd768) at ../sysdeps/nptl/libc_start_call_main.h:58
#15 0x00007ffff72035f7 in __libc_start_main_impl (main=0x7ffff7f77a80 <main>,
argc=1, argv=0x7fffffffd768, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>,
stack_end=0x7fffffffd758) at ../csu/libc-start.c:360
#16 0x000000000055a7e1 in _start ()
```
I am focusing on 1) for now.
