[Bug target/80236] ARM NEON: Crash in std::map

2017-07-21 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #18 from Dominik Schmidt  ---
Created attachment 41803
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41803&action=edit
Patch working for us

Indeed, it seems to be a duplicate of the other bug.

We backported the GCC-7 patch and could build a working toolchain with it. The
original GCC-6 patch only added a warning but did not contain the actual fix
(for ABI compatibility reasons).

P.S. I'm attaching the patch we ended up with, in case anyone else can't easily
upgrade either.

[Bug target/80236] ARM NEON: Crash in std::map

2017-07-21 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

Dominik Schmidt  changed:

   What|Removed |Added

 Status|WAITING |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #19 from Dominik Schmidt  ---


*** This bug has been marked as a duplicate of bug 77728 ***

[Bug target/77728] [5 Regression] Miscompilation multiple vector iteration on ARM

2017-07-21 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77728

Dominik Schmidt  changed:

   What|Removed |Added

 CC||d...@dominik-schmidt.de

--- Comment #61 from Dominik Schmidt  ---
*** Bug 80236 has been marked as a duplicate of this bug. ***

[Bug target/80236] ARM NEON: Crash in std::map

2017-04-18 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #12 from Dominik Schmidt  ---
I'm using glibc-2.25.

Anything else I can provide?

[Bug target/80236] ARM NEON: Crash in std::map

2017-06-16 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #14 from Dominik Schmidt  ---
Yes, will do on Sunday or next week.

[Bug target/80236] ARM NEON: Crash in std::map

2017-06-23 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #17 from Dominik Schmidt  ---
I'm having issues to build our whole stack with gcc-6-branch. Working on it.

[Bug c++/80236] New: ARM NEON: Crash in std::map

2017-03-28 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

Bug ID: 80236
   Summary: ARM NEON: Crash in std::map
   Product: gcc
   Version: 6.3.0
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: c++
  Assignee: unassigned at gcc dot gnu.org
  Reporter: d...@dominik-schmidt.de
  Target Milestone: ---

Created attachment 41065
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41065&action=edit
part 1 of minimal example

Hey,

we are facing a crash when compiling the attached cpp files with:

`arm-oe-linux-gnueabi-g++   -march=armv7ve -marm -mfpu=neon-vfpv4 
-mfloat-abi=hard -mcpu=cortex-a7
--sysroot=/home/build/openembedded_sdk/tmp/sysroots/raspberrypi3 -O0 ../bar.cpp
../main.cpp  -o crashTest`
The crash only happens with optimizations disabled, it already doesn't happen 
anymore with `-O1`.
Also we could not trigger the faulty behavior in a single file, so this example
is really the bare minimum we could find.

gcc is installed from openembedded standard repository in version 6.3.0. Full
`--version --verbose` output is provided via attachments.
We could also reproduce this for another ARM target with GCC 5.4. I'm currently
lacking more information on that myself, but I will try to provide it later on.

The bt for 6.3 looks like this:
(gdb) run
Starting program: /tmp/crashTest 

Program received signal SIGSEGV, Segmentation fault.
0x000121bc in void __gnu_cxx::new_allocator > >::construct, std::pair const&>(std::pair*, std::pair const&)
()
(gdb) bt
#0  0x000121bc in void
__gnu_cxx::new_allocator >
>::construct, std::pair
const&>(std::pair*, std::pair const&) ()
#1  0x000120e0 in void
std::allocator_traits > > >::construct, std::pair const&>(std::allocator
> >&, std::pair*, std::pair const&) ()
#2  0x00011ffc in void std::_Rb_tree,
std::_Select1st >, std::less,
std::allocator >
>::_M_construct_node
const&>(std::_Rb_tree_node >*, std::pair const&) ()
#3  0x00011df0 in std::_Rb_tree_node >*
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_create_node const&>(std::pair const&) ()
#4  0x00011c0c in std::_Rb_tree_node >*
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_Alloc_node::operator() const&>(std::pair const&) const ()
#5  0x00011728 in std::_Rb_tree_iterator >
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_insert_ const&, std::_Rb_tree, std::_Select1st >,
std::less, std::allocator >
>::_Alloc_node>(std::_Rb_tree_node_base*, std::_Rb_tree_node_base*,
std::pair const&, std::_Rb_tree, std::_Select1st >, std::less,
std::allocator > >::_Alloc_node&) ()
#6  0x00010f7c in std::_Rb_tree_iterator >
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_insert_unique_ const&, std::_Rb_tree, std::_Select1st >,
std::less, std::allocator >
>::_Alloc_node>(std::_Rb_tree_const_iterator >,
std::pair const&, std::_Rb_tree, std::_Select1st >, std::less,
std::allocator > >::_Alloc_node&) ()
#7  0x00010c8c in void std::_Rb_tree,
std::_Select1st >, std::less,
std::allocator > >::_M_insert_unique const*>(std::pair const*, std::pair const*) ()
#8  0x00010a90 in std::map,
std::allocator >
>::map(std::initializer_list >, std::less
const&, std::allocator > const&) ()
#9  0x0001227c in main ()

[Bug c++/80236] ARM NEON: Crash in std::map

2017-03-28 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #1 from Dominik Schmidt  ---
Created attachment 41066
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41066&action=edit
part 2 of minimal example: bar.cpp

[Bug c++/80236] ARM NEON: Crash in std::map

2017-03-28 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #2 from Dominik Schmidt  ---
Created attachment 41067
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41067&action=edit
g++ --version --verbose

[Bug c++/80236] ARM NEON: Crash in std::map

2017-03-28 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #4 from Dominik Schmidt  ---
AddressSanitizer output:

=
==597==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7e842bd0 at
pc 0x00013d20 bp 0x7e8428dc sp 0x7e8428d4
READ of size 16 at 0x7e842bd0 thread T0
#0 0x13d1f in void
__gnu_cxx::new_allocator >
>::construct, std::pair
const&>(std::pair*, std::pair const&)
(/tmp/crashTest+0x13d1f)
#1 0x13b0f in void
std::allocator_traits > > >::construct, std::pair const&>(std::allocator
> >&, std::pair*, std::pair const&)
(/tmp/crashTest+0x13b0f)
#2 0x13a27 in void std::_Rb_tree,
std::_Select1st >, std::less,
std::allocator >
>::_M_construct_node
const&>(std::_Rb_tree_node >*, std::pair const&) (/tmp/crashTest+0x13a27)
#3 0x1381b in std::_Rb_tree_node >*
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_create_node const&>(std::pair const&) (/tmp/crashTest+0x1381b)
#4 0x1352f in std::_Rb_tree_node >*
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_Alloc_node::operator() const&>(std::pair const&) const (/tmp/crashTest+0x1352f)
#5 0x12b23 in std::_Rb_tree_iterator >
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_insert_ const&, std::_Rb_tree, std::_Select1st >,
std::less, std::allocator >
>::_Alloc_node>(std::_Rb_tree_node_base*, std::_Rb_tree_node_base*,
std::pair const&, std::_Rb_tree, std::_Select1st >, std::less,
std::allocator > >::_Alloc_node&)
(/tmp/crashTest+0x12b23)
#6 0x11953 in std::_Rb_tree_iterator >
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_insert_unique_ const&, std::_Rb_tree, std::_Select1st >,
std::less, std::allocator >
>::_Alloc_node>(std::_Rb_tree_const_iterator >,
std::pair const&, std::_Rb_tree, std::_Select1st >, std::less,
std::allocator > >::_Alloc_node&)
(/tmp/crashTest+0x11953)
#7 0x11337 in void std::_Rb_tree,
std::_Select1st >, std::less,
std::allocator > >::_M_insert_unique const*>(std::pair const*, std::pair const*) (/tmp/crashTest+0x11337)
#8 0x110a7 in std::map,
std::allocator >
>::map(std::initializer_list >, std::less
const&, std::allocator > const&)
(/tmp/crashTest+0x110a7)
#9 0x13e87 in main (/tmp/crashTest+0x13e87)
#10 0x766cb83f in __libc_start_main
(/test/crosscan-test/lib/libc.so.6+0x1683f)

Address 0x7e842bd0 is located in stack of thread T0 at offset 112 in frame
#0 0x13d8f in main (/tmp/crashTest+0x13d8f)

  This frame has 2 object(s):
[32, 56) 'j1'
[96, 120) 'j3' <== Memory access at offset 112 partially overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
  (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/tmp/crashTest+0x13d1f) in
void __gnu_cxx::new_allocator >
>::construct, std::pair
const&>(std::pair*, std::pair const&)
Shadow bytes around the buggy address:
  0x2fd08520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd08530: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x2fd08540: 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x2fd08550: 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f3 f3 f3 f3
  0x2fd08560: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x2fd08570: 00 00 00 f4 f2 f2 f2 f2 00 00[00]f4 f3 f3 f3 f3
  0x2fd08580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd08590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd085a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd085b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd085c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:   fa
  Heap right redzone:  fb
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack partial redzone:   f4
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==597==ABORTING

[Bug c++/80236] ARM NEON: Crash in std::map

2017-03-28 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #5 from Dominik Schmidt  ---
-fsanitize=undefined does not make any difference.

[Bug c++/80236] ARM NEON: Crash in std::map

2017-03-28 Thread d...@dominik-schmidt.de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80236

--- Comment #8 from Dominik Schmidt  ---
-fsanitize=address -g:
==539==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ebcac10 at
pc 0x00013d20 bp 0x7ebca90c sp 0x7ebca904
READ of size 16 at 0x7ebcac10 thread T0
#0 0x13d1f in void
__gnu_cxx::new_allocator >
>::construct, std::pair
const&>(std::pair*, std::pair const&)
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/ext/new_allocator.h:120
#1 0x13b0f in void
std::allocator_traits > > >::construct, std::pair const&>(std::allocator
> >&, std::pair*, std::pair const&)
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/bits/alloc_traits.h:455
#2 0x13a27 in void std::_Rb_tree,
std::_Select1st >, std::less,
std::allocator >
>::_M_construct_node
const&>(std::_Rb_tree_node >*, std::pair const&)
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/bits/stl_tree.h:543
#3 0x1381b in std::_Rb_tree_node >*
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_create_node const&>(std::pair const&)
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/bits/stl_tree.h:560
#4 0x1352f in std::_Rb_tree_node >*
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_Alloc_node::operator() const&>(std::pair const&) const
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/bits/stl_tree.h:473
#5 0x12b23 in std::_Rb_tree_iterator >
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_insert_ const&, std::_Rb_tree, std::_Select1st >,
std::less, std::allocator >
>::_Alloc_node>(std::_Rb_tree_node_base*, std::_Rb_tree_node_base*,
std::pair const&, std::_Rb_tree, std::_Select1st >, std::less,
std::allocator > >::_Alloc_node&)
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/bits/stl_tree.h:1535
#6 0x11953 in std::_Rb_tree_iterator >
std::_Rb_tree, std::_Select1st >, std::less, std::allocator >
>::_M_insert_unique_ const&, std::_Rb_tree, std::_Select1st >,
std::less, std::allocator >
>::_Alloc_node>(std::_Rb_tree_const_iterator >,
std::pair const&, std::_Rb_tree, std::_Select1st >, std::less,
std::allocator > >::_Alloc_node&)
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/bits/stl_tree.h:2004
#7 0x11337 in void std::_Rb_tree,
std::_Select1st >, std::less,
std::allocator > >::_M_insert_unique const*>(std::pair const*, std::pair const*)
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/bits/stl_tree.h:2250
#8 0x110a7 in std::map,
std::allocator >
>::map(std::initializer_list >, std::less
const&, std::allocator > const&)
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/bits/stl_map.h:215
#9 0x13e87 in main ../main.cpp:15
#10 0x7670783f in __libc_start_main (/lib/libc.so.6+0x1683f)

Address 0x7ebcac10 is located in stack of thread T0 at offset 112 in frame
#0 0x13d8f in main ../main.cpp:11

  This frame has 2 object(s):
[32, 56) 'j1'
[96, 120) 'j3' <== Memory access at offset 112 partially overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
  (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
/usr/local/oecore-x86_64/sysroots/cortexa7hf-neon-vfpv4-oe-linux-gnueabi/usr/include/c++/6.3.0/ext/new_allocator.h:120
in void __gnu_cxx::new_allocator > >::construct, std::pair const&>(std::pair*, std::pair
const&)
Shadow bytes around the buggy address:
  0x2fd79530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd79540: f1 f1 f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00
  0x2fd79550: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4
  0x2fd79560: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd79570: 00 00 00 00 f1 f1 f1 f1 00 00 00 f4 f2 f2 f2 f2
=>0x2fd79580: 00 00[00]f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x2fd79590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd795a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd795b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd795c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x2fd795d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:   fa
  Heap right redzone:  fb
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack partial redzone:   f4
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Contain