https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85081
Bug ID: 85081 Summary: [7(8 Regression] Sanitizer error with references in vectorized/parallel for-loop Product: gcc Version: 8.0.1 Status: UNCONFIRMED Keywords: openmp, wrong-code Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: reichelt at gcc dot gnu.org CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- The following valid code snippet compiled with "-fopenmp-simd -fsanitize=address" is aborted by the sanitizer at runtime since GCC 7.1.0: ==================================================== inline const int& max(const int& a, const int& b) { return a < b ? b : a; } int main() { #pragma omp simd // #pragma omp parallel for for ( int i = 0; i < 20; ++i ) { const int j = max(i, 1); } return 0; } ==================================================== ==25412==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe6a4ecac0 at pc 0x00000040090a bp 0x7ffe6a4eca80 sp 0x7ffe6a4eca78 WRITE of size 4 at 0x7ffe6a4ecac0 thread T0 #0 0x400909 in main (a.out+0x400909) #1 0x7f88f7f84724 in __libc_start_main (/lib64/libc.so.6+0x20724) #2 0x400748 in _start (a.out+0x400748) Address 0x7ffe6a4ecac0 is located in stack of thread T0 at offset 32 in frame #0 0x400805 in main (a.out+0x400805) This frame has 2 object(s): [32, 36) '<unknown>' <== Memory access at offset 32 is inside this variable [96, 100) 'i' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope (a.out+0x400909) in main Shadow bytes around the buggy address: 0x10004d495900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004d495910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004d495920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004d495930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004d495940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10004d495950: 00 00 00 00 f1 f1 f1 f1[f8]f2 f2 f2 f2 f2 f2 f2 0x10004d495960: 04 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x10004d495970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004d495980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004d495990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004d4959a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==25412==ABORTING The address-sanitizer also complains with "#pragma omp parallel for" and "-fopenmp". The problem persists if I change the return value of "max" to "int", but disappears if I change the arguments to plain "int". I don't know whether this is a sanitizer or OpenMP (or even a C++ frontend) issue.