http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55309
--- Comment #47 from Kostya Serebryany <kcc at gcc dot gnu.org> 2013-02-22 13:52:12 UTC --- (In reply to comment #46) > (In reply to comment #43) > > 400.perlbench fails with a global-buffer-overflow which clang does not > > detect. > > I did not investigate why. It could be a gcc false positive or clang false > > negative. > > On which file/function the global-buffer-overflow was? Can you send me the > asan diagnostics? Interestingly, the symbolization/debuginfo seems to be completely broken :( % g++ -g -fsanitize=address ./use-after-free.cc -static-libasan ; ./a.out 2>&1 | grep '#0' #0 0x4179c2 (/home/kcc/tmp/a.out+0x4179c2) #0 0x40f18a (/home/kcc/tmp/a.out+0x40f18a) #0 0x40f26a (/home/kcc/tmp/a.out+0x40f26a) % addr2line -f -e ./a.out 0x4179c2 0x40f18a 0x40f26a main ??:0 free ??:0 malloc ??:0 % ==580== ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000078e2a5 at pc 0x4e47d7 bp 0x7fffa2fbc7b0 sp 0x7fffa2fbc7a8 READ of size 1 at 0x00000078e2a5 thread T0 #0 0x4e47d6 in PerlIO_find_layer (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e47d6) #1 0x4e63e6 in PerlIO_default_buffer (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e63e6) #2 0x4e678e in PerlIO_default_layers (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e678e) #3 0x4e7a41 in PerlIO_resolve_layers (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e7a41) #4 0x4e8145 in PerlIO_openn (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4e8145) #5 0x4f5d32 in PerlIO_open (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4f5d32) #6 0x4dd808 in S_open_script (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4dd808) #7 0x4d3be6 in S_parse_body (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4d3be6) #8 0x4d2a4b in perl_parse (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4d2a4b) #9 0x4f6ee8 in main (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4f6ee8) #10 0x7fd3a245376c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c) #11 0x4037d8 (benchspec/CPU2006/400.perlbench/run/run_base_train_z.0000/perlbench_base.z+0x4037d8) 0x00000078e2a5 is located 0 bytes to the right of global variable '*.LC50 (perlio.c)' (0x78e2a0) of size 5 '*.LC50 (perlio.c)' is ascii string 'unix' SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 PerlIO_find_layer > > > 464.h264ref is VERY slow, I did not look why. > > And it didn't fail on that: > for (dd=d[k=0]; k<16; dd=d[++k]) > { > satd += (dd < 0 ? -dd : dd); > } > or have you fixed that up in your SPEC sources? Interestingly, no. I haven't touched SPEC sources here. Maybe gcc does full unroll thus eliminating the buggy read (I did not check).