[Bug tree-optimization/50337] New: -ftree-dse performs wrong elimination on electric-fence
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50337
Bug #: 50337
Summary: -ftree-dse performs wrong elimination on
electric-fence
Classification: Unclassified
Product: gcc
Version: 4.6.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: cjwat...@ubuntu.com
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc-4.6.real
COLLECT_LTO_WRAPPER=/usr/lib/gcc/i686-linux-gnu/4.6.1/lto-wrapper
Target: i686-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro
4.6.1-9ubuntu2' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr
--program-suffix=-4.6 --enable-shared --enable-linker-build-id
--with-system-zlib --libexecdir=/usr/lib --without-included-gettext
--enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin
--enable-objc-gc --enable-targets=all --disable-werror --with-arch-32=i686
--with-tune=generic --enable-checking=release --build=i686-linux-gnu
--host=i686-linux-gnu --target=i686-linux-gnu
Thread model: posix
gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu2)
$ gcc -O2 -g -Wall efence.i -lpthread
efence.c: In function ‘stringErrorReport’:
efence.c:944:2: warning: return makes pointer from integer without a cast
[enabled by default]
efence.c: In function ‘vprint’:
efence.c:1135:5: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result [-Wunused-result]
efence.c:1156:6: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result [-Wunused-result]
efence.c:1165:12: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result [-Wunused-result]
efence.c:1178:6: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result [-Wunused-result]
efence.c:1189:4: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result [-Wunused-result]
efence.c: In function ‘printNumber’:
efence.c:1119:8: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result [-Wunused-result]
$ ./a.out
iteration 0: size 29
Electric Fence 2.1 Copyright (C) 1987-1998 Bruce Perens.
[...]
iteration 233: size 9007
Segmentation fault (core dumped)
(The exact number of iterations may vary. Since this is entering infinite
recursion, you might want to have a ulimit in place if trying this out.)
In gdb, I can see that the problem is that internalUse is not set to 1 in the
allocateMoreSlots function while recursively calling malloc, and indeed that
assignment has been optimised out:
(gdb) disas /rm memalign
[...]
418 static void
419 allocateMoreSlots(void)
420 {
421 size_t newSize = allocationListSize + bytesPerPage;
0x080498b3 <+627>: a1 94 c0 04 08 mov0x804c094,%eax
0x080498b8 <+632>: 8b 3d 8c c0 04 08 mov0x804c08c,%edi
0x080498c8 <+648>: 01 c7 add%eax,%edi
422 void * newAllocation;
423 void * oldAllocation = allocationList;
0x080498be <+638>: 8b 35 88 c0 04 08 mov0x804c088,%esi
424
425 Page_AllowAccess(allocationList, allocationListSize);
0x080498c4 <+644>: 89 44 24 04 mov%eax,0x4(%esp)
0x080498ca <+650>: 89 34 24mov%esi,(%esp)
0x080498cd <+653>: e8 be f5 ff ff call 0x8048e90
426 noAllocationListProtection = 1;
427 internalUse = 1;
428
429 newAllocation = malloc(newSize);
0x080498d2 <+658>: 89 3c 24mov%edi,(%esp)
0x080498d5 <+661>: e8 86 fb ff ff call 0x8049460
0x080498e8 <+680>: 89 c5 mov%eax,%ebp
Adding -fno-tree-dse to the compiler flags works around this bug. efence.i
attached (which is basically a concatenation of efence.h, efence.c, page.c,
print.c, and tstheap.c from the electric-fence 2.1.16 package in Debian).
[Bug tree-optimization/50337] -ftree-dse performs wrong elimination on electric-fence
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50337 --- Comment #1 from Colin Watson 2011-09-08 17:06:08 UTC --- Created attachment 25232 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=25232 test case
[Bug tree-optimization/50337] -ftree-dse performs wrong elimination on electric-fence
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50337 --- Comment #2 from Colin Watson 2011-09-08 17:09:45 UTC --- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625756 reports that this happens at least as far back as GCC 4.5, and https://buildd.debian.org/status/fetch.php?pkg=electric-fence&arch=amd64&ver=2.1.16&stamp=1273852143 suggests that this worked in GCC 4.4.3.
[Bug tree-optimization/50337] -ftree-dse performs wrong elimination on electric-fence
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50337 --- Comment #4 from Colin Watson 2011-09-19 14:56:55 UTC --- Ah yes, it does indeed! I think it's fair enough to have to build efence with -fno-builtin-malloc, so feel free to close this bug.
[Bug driver/51020] New: %{...; :default} spec lines cause all switches to be validated
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51020
Bug #: 51020
Summary: %{...; :default} spec lines cause all switches to be
validated
Classification: Unclassified
Product: gcc
Version: 4.6.2
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: driver
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: cjwat...@ubuntu.com
This is a reduced test case from a cmake test failure manifesting on Ubuntu ARM
(https://bugs.launchpad.net/bugs/887377):
$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/i686-linux-gnu/4.6/lto-wrapper
Target: i686-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro
4.6.2-2ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr
--program-suffix=-4.6 --enable-shared --enable-linker-build-id
--with-system-zlib --libexecdir=/usr/lib --without-included-gettext
--enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin
--enable-objc-gc --enable-targets=all --disable-werror --with-arch-32=i686
--with-tune=generic --enable-checking=release --build=i686-linux-gnu
--host=i686-linux-gnu --target=i686-linux-gnu
Thread model: posix
gcc version 4.6.2 (Ubuntu/Linaro 4.6.2-2ubuntu1)
$ cat specs
*asm_cpu_spec:
%{mcpu=generic-*:-march=%*; :%{mcpu=*:-mcpu=%*} %{march=*:-march=%*}}
$ gcc -specs=specs ---
gcc: fatal error: no input files
compilation terminated.
$ gcc ---
gcc: error: unrecognized option ‘---’
gcc: fatal error: no input files
compilation terminated.
cmake (which I'm not responsible for; I'm just trying to build it) has a
facility to try to work out whether compiler options are valid, and apparently
looks for "unrecognized option" on stderr. I'm not exactly a fan of matching
human-readable error output like this, but this spec line currently has the
side-effect of validating all switches, and I don't think that can possibly be
its intent.
This spec line was added in this commit:
http://gcc.gnu.org/viewcvs?view=revision&revision=178731
I think the `validate_switches' function should only mark matching switches as
valid if `len' is non-zero.
[Bug target/51020] %{...; :default} spec lines cause all switches to be validated
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51020 --- Comment #1 from Colin Watson 2011-11-08 02:05:33 UTC --- Looking more closely, I wonder if the problem here is that `starred' isn't getting reset. This construction is effectively a switch statement, isn't it? I can't see why the presence of an `mcpu=generic-*` case ought to imply that the default case should be treated as starred. Perhaps `starred' should be reset upon encountering a ';' character?
[Bug analyzer/103892] New: -Wanalyzer-double-free false positive when compiling libpipeline
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103892
Bug ID: 103892
Summary: -Wanalyzer-double-free false positive when compiling
libpipeline
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: cjwatson at ubuntu dot com
Target Milestone: ---
Created attachment 52109
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52109&action=edit
reduced version of lib/pipeline.c
Using gcc (Debian 11.2.0-13) 11.2.0 from Debian unstable, I tried -fanalyzer on
https://gitlab.com/cjwatson/libpipeline, and I ran into what looks like a false
positive from -Wanalyzer-double-free. I've attached a test case that's reduced
as far as I could. There's no double-free here, just fairly straightforward
freeing of elements of a tagged union, but it looks like the analyzer is
perhaps getting confused by the fact that the freeing is recursive? (The
argstr_get_word and pipecmd_new_argstr functions appear entirely superfluous to
the problem, and I trimmed down their bodies as far as I could, but if I remove
anything else from them then the problem goes away.)
$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/11/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 11.2.0-13'
--with-bugurl=file:///usr/share/doc/gcc-11/README.Bugs
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,m2 --prefix=/usr
--with-gcc-major-version-only --program-suffix=-11
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib
--enable-libphobos-checking=release --with-target-system-zlib=auto
--enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet
--with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-11-KdLYb3/gcc-11-11.2.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-11-KdLYb3/gcc-11-11.2.0/debian/tmp-gcn/usr
--without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
--with-build-config=bootstrap-lto-lean --enable-link-serialization=2
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 11.2.0 (Debian 11.2.0-13)
$ gcc -save-temps -fanalyzer -Wall -Wno-analyzer-malloc-leak
-Wanalyzer-too-complex -g -O2 -Wall -c t.c -fPIC -DPIC -o t.o
t.c: In function ‘pipecmd_free’:
cc1: warning: terminating analysis for this program point: callstring: [(SN: 14
-> SN: 9 in pipecmd_free)] before (SN: 6 stmt: 0): :EN: 67, EN: 77, EN:
87, EN: 97, EN: 107, EN: 117, EN: 127, EN: 137 [-Wanalyzer-too-complex]
t.c: At top level:
t.c:43:6: warning: analysis bailed out early (131 'after-snode' enodes; 491
enodes) [-Wanalyzer-too-complex]
43 | void pipecmd_free (struct pipecmd *cmd)
| ^~~~
t.c: In function ‘pipecmd_free’:
t.c:56:25: warning: double-‘free’ of ‘*(struct pipecmd_process *)((char *)cmd +
8).argv’ [CWE-415] [-Wanalyzer-double-free]
56 | free (cmdp->argv);
| ^
‘pipecmd_free’: events 1-4
|
| 43 | void pipecmd_free (struct pipecmd *cmd)
| | ^~~~
| | |
| | (1) entry to ‘pipecmd_free’
|..
| 47 | if (!cmd)
| |~
| ||
| |(2) following ‘false’ branch (when ‘cmd’ is
non-NULL)...
|..
| 50 | switch (cmd->tag) {
| | ~~
| | |
| | (3) ...to here
| | (4) following ‘case 1:’ branch...
|
‘pipecmd_free’: event 5
|
|cc1:
| (5): ...to here
|
‘pipecmd_free’: events 6-8
|
| 64 | for (i = 0; i < cmds->ncommands; ++i)
| | ~~^
| | |
| | (6) following ‘true’
branch...
| 65 | pipecmd_free (cmds->commands[i]);
| |
| | |
| | (7) ...to here
| |
