https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85081
Bug ID: 85081
Summary: [7(8 Regression] Sanitizer error with references in
vectorized/parallel for-loop
Product: gcc
Version: 8.0.1
Status: UNCONFIRMED
Keywords: openmp, wrong-code
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: reichelt at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
The following valid code snippet compiled with
"-fopenmp-simd -fsanitize=address"
is aborted by the sanitizer at runtime since GCC 7.1.0:
====================================================
inline const int& max(const int& a, const int& b)
{
return a < b ? b : a;
}
int main()
{
#pragma omp simd
// #pragma omp parallel for
for ( int i = 0; i < 20; ++i )
{
const int j = max(i, 1);
}
return 0;
}
====================================================
==25412==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7ffe6a4ecac0 at pc 0x00000040090a bp 0x7ffe6a4eca80 sp 0x7ffe6a4eca78
WRITE of size 4 at 0x7ffe6a4ecac0 thread T0
#0 0x400909 in main (a.out+0x400909)
#1 0x7f88f7f84724 in __libc_start_main (/lib64/libc.so.6+0x20724)
#2 0x400748 in _start (a.out+0x400748)
Address 0x7ffe6a4ecac0 is located in stack of thread T0 at offset 32 in frame
#0 0x400805 in main (a.out+0x400805)
This frame has 2 object(s):
[32, 36) '<unknown>' <== Memory access at offset 32 is inside this variable
[96, 100) 'i'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope (a.out+0x400909) in main
Shadow bytes around the buggy address:
0x10004d495900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004d495910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004d495920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004d495930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004d495940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10004d495950: 00 00 00 00 f1 f1 f1 f1[f8]f2 f2 f2 f2 f2 f2 f2
0x10004d495960: 04 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00
0x10004d495970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004d495980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004d495990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004d4959a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==25412==ABORTING
The address-sanitizer also complains with "#pragma omp parallel for"
and "-fopenmp".
The problem persists if I change the return value of "max" to "int",
but disappears if I change the arguments to plain "int".
I don't know whether this is a sanitizer or OpenMP (or even a C++ frontend)
issue.
