[Bug plugins/80094] GCC plugin hash table corruption on hash table expansion (>10 plugins) on GCC 4.5+

2017-03-18 Thread spender at grsecurity dot net 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80094

Brad Spengler  changed:

   What|Removed |Added

 CC||spender at grsecurity dot net

--- Comment #2 from Brad Spengler  ---
I've added an alternative fix at
https://grsecurity.net/~spender/plugin_hash_fix2.diff

It's a bit smaller/cleaner and should fit in better with the existing code
style.  Untested, but I believe it will work.

-Brad

[Bug c++/80095] New: [5/6/7 Regression] ICE with this pointer in NSDMI

2017-03-18 Thread reichelt at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80095

Bug ID: 80095
   Summary: [5/6/7 Regression] ICE with this pointer in NSDMI
   Product: gcc
   Version: unknown
Status: UNCONFIRMED
  Keywords: ice-on-valid-code
  Severity: normal
  Priority: P3
 Component: c++
  Assignee: unassigned at gcc dot gnu.org
  Reporter: reichelt at gcc dot gnu.org
  Target Milestone: ---

The following valid code snippet triggers an ICE since GCC 5.1.0
(when compiled with -std=c++1y):

===
struct A
{
  void* p = this;
};

void foo()
{
  const A& a = A{};
}
===

bug.cc: In function 'void foo()':
bug.cc:8:18: internal compiler error: in gimplify_expr, at gimplify.c:11957
   const A& a = A{};
  ^
0xaee4e1 gimplify_expr(tree_node**, gimple**, gimple**, bool (*)(tree_node*),
int)
../../gcc/gcc/gimplify.c:11957
0xaead60 gimplify_addr_expr
../../gcc/gcc/gimplify.c:5859
0xaead60 gimplify_expr(tree_node**, gimple**, gimple**, bool (*)(tree_node*),
int)
../../gcc/gcc/gimplify.c:11245
0xafd43b gimplify_modify_expr
../../gcc/gcc/gimplify.c:5457
0xaebd4c gimplify_expr(tree_node**, gimple**, gimple**, bool (*)(tree_node*),
int)
../../gcc/gcc/gimplify.c:11198
0xaeeca8 gimplify_stmt(tree_node**, gimple**)
../../gcc/gcc/gimplify.c:6478
0xaeb2fa gimplify_cleanup_point_expr
../../gcc/gcc/gimplify.c:6230
0xaeb2fa gimplify_expr(tree_node**, gimple**, gimple**, bool (*)(tree_node*),
int)
../../gcc/gcc/gimplify.c:11574
0xaeeca8 gimplify_stmt(tree_node**, gimple**)
../../gcc/gcc/gimplify.c:6478
0xaef8fd gimplify_compound_expr
../../gcc/gcc/gimplify.c:5715
0xaf60cf gimplify_modify_expr_rhs
../../gcc/gcc/gimplify.c:5069
0xafd2f1 gimplify_modify_expr
../../gcc/gcc/gimplify.c:5417
0xaebd4c gimplify_expr(tree_node**, gimple**, gimple**, bool (*)(tree_node*),
int)
../../gcc/gcc/gimplify.c:11198
0xaeeca8 gimplify_stmt(tree_node**, gimple**)
../../gcc/gcc/gimplify.c:6478
0xaeb2fa gimplify_cleanup_point_expr
../../gcc/gcc/gimplify.c:6230
0xaeb2fa gimplify_expr(tree_node**, gimple**, gimple**, bool (*)(tree_node*),
int)
../../gcc/gcc/gimplify.c:11574
0xaeeca8 gimplify_stmt(tree_node**, gimple**)
../../gcc/gcc/gimplify.c:6478
0xaea51b gimplify_statement_list
../../gcc/gcc/gimplify.c:1716
0xaea51b gimplify_expr(tree_node**, gimple**, gimple**, bool (*)(tree_node*),
int)
../../gcc/gcc/gimplify.c:11626
0xaeeca8 gimplify_stmt(tree_node**, gimple**)
../../gcc/gcc/gimplify.c:6478
Please submit a full bug report, [etc.]

[Bug plugins/80094] GCC plugin hash table corruption on hash table expansion (>10 plugins) on GCC 4.5+

2017-03-18 Thread git at lerya dot net 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80094

--- Comment #1 from Vincent Brillault  ---
I've added a patch on the gist
(https://gist.github.com/Feandil/55c104a4e9f5e6c72ce610b152ce37c3#file-gcc-debug-reproducer-patch)
that instrument plugin.c to show the hash map content.

Running the reproducer with a patched gcc should produce something similar to:
```
[...]
Testing known plugins Before insertion
  1(basic_plugin_1): 0x169a6e0 (basic_plugin_1)
  2(basic_plugin_2): 0x169a6e8 (basic_plugin_2)
  3(basic_plugin_3): 0x169a6f0 (basic_plugin_3)
  4(basic_plugin_4): 0x169a6f8 (basic_plugin_4)
  5(basic_plugin_5): 0x169a700 (basic_plugin_5)
  6(basic_plugin_6): 0x169a708 (basic_plugin_6)
  7(basic_plugin_7): 0x169a710 (basic_plugin_7)
  8(basic_plugin_8): 0x169a6b0 (basic_plugin_8)
  9(basic_plugin_9): 0x169a6b8 (basic_plugin_9)
  10(basic_plugin_10): 0x169a6c0 (basic_plugin_10)
  11(basic_plugin_11): (nil)
Inserting basic_plugin_11
Testing known plugins After insertion
  1(basic_plugin_1): (nil)
  2(basic_plugin_2): (nil)
  3(basic_plugin_3): (nil)
  4(basic_plugin_4): (nil)
  5(basic_plugin_5): (nil)
  6(basic_plugin_6): (nil)
  7(basic_plugin_7): (nil)
  8(basic_plugin_8): (nil)
  9(basic_plugin_9): (nil)
  10(basic_plugin_10): (nil)
  11(basic_plugin_11): 0x16a8048 (basic_plugin_11)
cc1: error: plugin basic_plugin_1 should be specified before
-fplugin-arg-basic_plugin_1-enable in the command line
(null):0: confused by earlier errors, bailing out
make: *** [Makefile:12: test] Error 1
```

Please note that depending on your system and your luck, you might actually be
able to have collisions in the hash...

[Bug plugins/80094] New: GCC plugin hash table corruption on hash table expansion (>10 plugins) on GCC 4.5+

2017-03-18 Thread git at lerya dot net 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80094

Bug ID: 80094
   Summary: GCC plugin hash table corruption on hash table
expansion (>10 plugins) on GCC 4.5+
   Product: gcc
   Version: unknown
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: plugins
  Assignee: unassigned at gcc dot gnu.org
  Reporter: git at lerya dot net
  Target Milestone: ---

Hi!

While trying to compile a linux kernel patches with grsecurity (grsecurity.net)
and other options that loads gcc plugins, I was unable to compile anything, due
to a very strange error: ```cc1: error: plugin XXX should be specified before
-fplugin-arg-XXX-YYY=ZZZ in the command line```, while aquick check on the
command line pointed out that the line was correctly ordered. After a bit of
debugging and instrumentation of gcc/plugin.c, it appeared that the
```htab_hash_plugin``` hash map get corrupted when the 11th plugin is loaded.
As it is created with 10 element by default, this should have been linked to
the hash table expansion.

After some unfruitful debugging of hashtab.c, Brad Spengler from grsecurity
(alias spender) identified the issue:
- htab_hash_plugin is populated with a custom structure, ```struct
plugin_name_args```, but is indexed with the plugin name
- the hash function to htab_create, htab_hash_string, expect a strings, which
will be the case with the insertions and queries made in plugin.c
- htab_expand recreates a new table, re-inserting each element using its hash.
However, the hash is applied to the whole structure, not only the plugin name!

As a result, after the hash table expansion, the entries are indexed with the
hash of the structure, while gcc/plugin.c will try to access them via the hash
of the plugin name only.

Brad quickly wrote a patch which define a proper hash function that can be
applied to the whole structure and which replace the incorrect htab_find_slot
calls by replacing the plugin name with the whole structure:
https://grsecurity.net/~spender/plugin_hash_fix.diff

I confirmed the bug on gcc 4.9.4 and 5.4.0 on gentoo-hardened. However, looking
at git, this code has not been touch and seems to be as old as the initial GCC
support. As a result, the fix would need to be backported to previous versions
of GC (GCC4.5+?).

I've written a reproducer:
https://gist.github.com/Feandil/55c104a4e9f5e6c72ce610b152ce37c3

To trigger the bug with this reproducer:
```
% make PLUGIN_NUMBER=10
g++ -shared -I/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/plugin/include -fPIC
-fno-rtti -O2 -std=gnu++98 -fvisibility=hidden basic_plugin.c -o
basic_plugin.so
cp basic_plugin.so basic_plugin_1.so
cp basic_plugin.so basic_plugin_2.so
cp basic_plugin.so basic_plugin_3.so
cp basic_plugin.so basic_plugin_4.so
cp basic_plugin.so basic_plugin_5.so
cp basic_plugin.so basic_plugin_6.so
cp basic_plugin.so basic_plugin_7.so
cp basic_plugin.so basic_plugin_8.so
cp basic_plugin.so basic_plugin_9.so
cp basic_plugin.so basic_plugin_10.so
gcc -fplugin=./basic_plugin_1.so -fplugin=./basic_plugin_2.so
-fplugin=./basic_plugin_3.so -fplugin=./basic_plugin_4.so
-fplugin=./basic_plugin_5.so -fplugin=./basic_plugin_6.so
-fplugin=./basic_plugin_7.so -fplugin=./basic_plugin_8.so
-fplugin=./basic_plugin_9.so -fplugin=./basic_plugin_10.so
-fplugin-arg-basic_plugin_1-enable empty.c -o empty
%  make PLUGIN_NUMBER=11
cp basic_plugin.so basic_plugin_11.so
gcc -fplugin=./basic_plugin_1.so -fplugin=./basic_plugin_2.so
-fplugin=./basic_plugin_3.so -fplugin=./basic_plugin_4.so
-fplugin=./basic_plugin_5.so -fplugin=./basic_plugin_6.so
-fplugin=./basic_plugin_7.so -fplugin=./basic_plugin_8.so
-fplugin=./basic_plugin_9.so -fplugin=./basic_plugin_10.so
-fplugin=./basic_plugin_11.so -fplugin-arg-basic_plugin_1-enable empty.c -o
empty
cc1: error: plugin basic_plugin_1 should be specified before
-fplugin-arg-basic_plugin_1-enable in the command line
(null):0: confused by earlier errors, bailing out
make: *** [Makefile:12: test] Error 1
```

[Bug fortran/67497] data.c sanitizer runtime error: null pointer passed as argument 2, which is declared to never be null

2017-03-18 Thread zeccav at gmail dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67497

Vittorio Zecca  changed:

   What|Removed |Added

 Status|WAITING |RESOLVED
 Resolution|--- |FIXED

[Bug fortran/33056] [Meta-bug] Data - statement related bugs

2017-03-18 Thread zeccav at gmail dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=33056
Bug 33056 depends on bug 67497, which changed state.

Bug 67497 Summary: data.c sanitizer runtime error: null pointer passed as 
argument 2, which is declared to never be null
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67497

   What|Removed |Added

 Status|WAITING |RESOLVED
 Resolution|--- |FIXED

[Bug fortran/67497] data.c sanitizer runtime error: null pointer passed as argument 2, which is declared to never be null

2017-03-18 Thread zeccav at gmail dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67497

--- Comment #8 from Vittorio Zecca  ---
Just back from my travel.
The sanitizer error message disappeared on trunk level 246252.

[Bug c++/80084] [7 regression] wrong code for decomposition declaration with debug iterator

2017-03-18 Thread jason at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80084

Jason Merrill  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
 CC||jason at gcc dot gnu.org
   Assignee|unassigned at gcc dot gnu.org  |jason at gcc dot gnu.org

[Bug c++/57443] Captured variable hide the parameter if they have the same name in Lambdas

2017-03-18 Thread ville.voutilainen at gmail dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57443

--- Comment #3 from Ville Voutilainen  ---
The resolution of Core Issue 2211 makes such code ill-formed.

[Bug fortran/79676] [submodules] Compilation/linking error when module procedures PRIVATE

2017-03-18 Thread pault at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79676

--- Comment #3 from Paul Thomas  ---
Author: pault
Date: Sat Mar 18 12:38:02 2017
New Revision: 246256

URL: https://gcc.gnu.org/viewcvs?rev=246256=gcc=rev
Log:
2017-03-18  Paul Thomas  

PR fortran/79676
* module.c (mio_symbol_attribute): Remove reset of the flag
'no_module_procedures'.
(check_for_module_procedures): New function. Move declaration
of 'no_module_procedures' to above it.
(gfc_dump_module): Traverse namespace calling new function.

2017-03-18  Paul Thomas  

PR fortran/79676
* gfortran.dg/submodule_28.f08 : New test.

Added:
trunk/gcc/testsuite/gfortran.dg/submodule_28.f08
Modified:
trunk/gcc/fortran/ChangeLog
trunk/gcc/fortran/module.c
trunk/gcc/testsuite/ChangeLog

[Bug c++/80093] New: missed optimization opportunity with std::uniform_int_distribution

2017-03-18 Thread trashyankes at wp dot pl 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80093

Bug ID: 80093
   Summary: missed optimization opportunity with
std::uniform_int_distribution
   Product: gcc
   Version: 7.0.1
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: c++
  Assignee: unassigned at gcc dot gnu.org
  Reporter: trashyankes at wp dot pl
  Target Milestone: ---

We have two functions:

```
#include 

int foo (std::mt19937* x)
{
  for (auto i = 0; i < 1'000'000'000; ++i)
  {
std::uniform_int_distribution y(0, 99);
volatile auto r = y(*x);
  }
}

int bar (std::mt19937* x)
{
  std::uniform_int_distribution y(0, 99);
  for (auto i = 0; i < 1'000'000'000; ++i)
  {
volatile auto r = y(*x);
  }
}
```

https://godbolt.org/g/kiFC2a

Result is that `foo` is 10 time smaller than `bar`, as
`std::uniform_int_distribution` have only two fields that do not leak
references to some external code (at least I do not find that looking at src
code) and do not modify its values, this should behave same.


This behave like that from 4.8.1, before
`std::uniform_int_distribution::operator()` was not inlined and both functions
look same.

[Bug fortran/71838] ICE with OpenCoarrays on submodule

2017-03-18 Thread pault at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71838

--- Comment #16 from Paul Thomas  ---
Author: pault
Date: Sat Mar 18 11:53:53 2017
New Revision: 246255

URL: https://gcc.gnu.org/viewcvs?rev=246255=gcc=rev
Log:
2017-03-18  Paul Thomas  

PR fortran/71838
* symbol.c (check_conflict): A dummy procedure in a submodule,
module procedure is not an error.
(gfc_add_flavor): Ditto.

2017-03-18  Paul Thomas  

PR fortran/71838
* gfortran.dg/submodule_26.f08 : New test.
* gfortran.dg/submodule_27.f08 : New test.


Added:
trunk/gcc/testsuite/gfortran.dg/submodule_26.f08
trunk/gcc/testsuite/gfortran.dg/submodule_27.f08
Modified:
trunk/gcc/fortran/ChangeLog
trunk/gcc/fortran/symbol.c
trunk/gcc/testsuite/ChangeLog

[Bug testsuite/80092] New: Add effective-target keywords for unsupported nvptx features

2017-03-18 Thread vries at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80092

Bug ID: 80092
   Summary: Add effective-target keywords for unsupported nvptx
features
   Product: gcc
   Version: 7.0
Status: UNCONFIRMED
  Severity: enhancement
  Priority: P3
 Component: testsuite
  Assignee: unassigned at gcc dot gnu.org
  Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

Atm, when running for target nvptx, we run into unsupported features in the
tests.

F.i. in the g++ testsuite:
...
$ grep -c "sorry, unimplemented:" g++.log 
12693
...

more in detail:
...
$ grep "sorry, unimplemented:" g++.log | sed 's/.*sorry, unimplemented://' |
dos2unix | sort -u 
 converting lambda which uses '...' to function pointer
 global constructors not supported on this target
 global destructors not supported on this target
 indirect jumps are not available on this target
 mangling __underlying_type
 non-trivial designated initializers not supported
 passing arguments to ellipsis of inherited constructor 'B::B(int, ...)
[inherited from A]'
 target cannot support alloca.
 target cannot support nonlocal goto.
...

All those tests are FAILs, while they should be UNSUPPORTED.

In principle, having those as FAILs is not a problem when regression testing.
We can compare tests results, and only look at changes.

But it's better to introduce effective-target keywords for those features, and
mark the tests as such. That will reduce the noise rate because of unsupported
features being used or not due to code generation changes.

[Bug c++/80091] [6 Regression] gcc-6 branch segfaults while compiling firefox

2017-03-18 Thread trippels at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80091

Markus Trippelsdorf  changed:

   What|Removed |Added

   Keywords||ice-on-valid-code
 CC||mpolacek at gcc dot gnu.org
Summary|gcc from gcc-6 branch   |[6 Regression] gcc-6 branch
   |segfaults while compiling   |segfaults while compiling
   |firefox |firefox

--- Comment #4 from Markus Trippelsdorf  ---
I suspect r246134.

 % cat nsTObserverArray.ii
struct A {
  void m_fn1();
};
template  struct B : A {
  void m_fn2() {
[&] { m_fn1(); };
  }
};

 % g++ -c nsTObserverArray.ii
nsTObserverArray.ii: In lambda function:
nsTObserverArray.ii:6:17: internal compiler error: Segmentation fault
 [&] { m_fn1(); };
 ^
0xa8a3df crash_signal

[Bug c++/80091] gcc from gcc-6 branch segfaults while compiling firefox

2017-03-18 Thread me at hussam dot eu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80091

--- Comment #3 from Hussam Al-Tayeb  ---
Thank you. I was rushing home to retry.
6.3 20160309 snapshot works for sure. So it regressed sometime in the last few
days.

[Bug c++/80091] gcc from gcc-6 branch segfaults while compiling firefox

2017-03-18 Thread trippels at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80091

Markus Trippelsdorf  changed:

   What|Removed |Added

   Priority|P3  |P1
 Status|WAITING |NEW
  Known to work||6.3.0
   Target Milestone|--- |6.3
  Known to fail||6.3.1

--- Comment #2 from Markus Trippelsdorf  ---
Never mind, I have reproduced it locally:

/home/markus/tmp/moz-build-dir/dist/include/nsTObserverArray.h:260:30: internal
compiler error: Segmentation fault
 AdjustIterators(i, -1);
  ^
0xa8a3df crash_signal
/home/markus/gcc/gcc/toplev.c:333
0x7f2966dfb36f ???
   
/home/markus/glibc/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0x6ad664 maybe_generic_this_capture(tree_node*, tree_node*)
/home/markus/gcc/gcc/cp/lambda.c:813
0x61e1df cp_parser_postfix_expression
/home/markus/gcc/gcc/cp/parser.c:6870
0x61e6bd cp_parser_unary_expression
/home/markus/gcc/gcc/cp/parser.c:7999
0x61f423 cp_parser_cast_expression
/home/markus/gcc/gcc/cp/parser.c:8676
0x61fb97 cp_parser_binary_expression
/home/markus/gcc/gcc/cp/parser.c:8777
0x620244 cp_parser_assignment_expression
/home/markus/gcc/gcc/cp/parser.c:9064
0x62245a cp_parser_expression
/home/markus/gcc/gcc/cp/parser.c:9233
0x622b11 cp_parser_expression_statement
/home/markus/gcc/gcc/cp/parser.c:10696
0x614622 cp_parser_statement
/home/markus/gcc/gcc/cp/parser.c:10547
0x6150ad cp_parser_statement_seq_opt
/home/markus/gcc/gcc/cp/parser.c:10819
0x615157 cp_parser_compound_statement
/home/markus/gcc/gcc/cp/parser.c:10773
0x632645 cp_parser_implicitly_scoped_statement
/home/markus/gcc/gcc/cp/parser.c:11936
0x614c1c cp_parser_selection_statement
/home/markus/gcc/gcc/cp/parser.c:10900
0x614c1c cp_parser_statement
/home/markus/gcc/gcc/cp/parser.c:10402
0x6150ad cp_parser_statement_seq_opt
/home/markus/gcc/gcc/cp/parser.c:10819
0x60e0a6 cp_parser_lambda_body
/home/markus/gcc/gcc/cp/parser.c:10285
0x60e0a6 cp_parser_lambda_expression
/home/markus/gcc/gcc/cp/parser.c:9769
0x60e0a6 cp_parser_primary_expression
/home/markus/gcc/gcc/cp/parser.c:4935
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See  for instructions.

This is a gcc-6 branch regression.
Reducing...

[Bug c++/80091] gcc from gcc-6 branch segfaults while compiling firefox

2017-03-18 Thread trippels at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80091

Markus Trippelsdorf  changed:

   What|Removed |Added

 Status|UNCONFIRMED |WAITING
   Last reconfirmed||2017-03-18
 CC||trippels at gcc dot gnu.org
 Ever confirmed|0   |1

--- Comment #1 from Markus Trippelsdorf  ---
Please attach the compressed preprocessed file
Unified_cpp_dom_presentation0.ii.
See https://gcc.gnu.org/bugs/ for instructions.

[Bug middle-end/34300] gcc 4.2.2 miscompiles code that uses global register variables

2017-03-18 Thread bruno at clisp dot org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=34300

--- Comment #10 from Bruno Haible  ---
I confirm. I cannot reproduce the bug (neither with -O nor -O2) in GCC versions
4.2.3
4.2.4
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.7.0
4.7.1
4.7.2
4.7.3
4.8.0
4.8.1
4.8.5
4.9.0
4.9.4
5.1.0

[Bug libfortran/79956] [7 Regression] many new -Wmaybe-uninitialized warnings with bootstrap-O3

2017-03-18 Thread trippels at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79956

Markus Trippelsdorf  changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |FIXED

--- Comment #36 from Markus Trippelsdorf  ---
Finally fixed. Thanks.

[Bug c++/80091] New: gcc from gcc-6 branch segfaults while compiling firefox

2017-03-18 Thread me at hussam dot eu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80091

Bug ID: 80091
   Summary: gcc from gcc-6 branch segfaults while compiling
firefox
   Product: gcc
   Version: 6.3.1
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: c++
  Assignee: unassigned at gcc dot gnu.org
  Reporter: me at hussam dot eu.org
  Target Milestone: ---

6.3 20160309 snapshot works fine but latest git from gcc-6 branch results in an
internal compiler error:

/usr/bin/g++ -std=gnu++11 -o Unified_cpp_dom_presentation0.o -c
-I/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/stl_wrappers
-I/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/system_wrappers
-include /home/hussam/cache/firefox/src/gecko-dev/config/gcc_hidden.h
-DNDEBUG=1 -DTRIMMED=1 -DOS_POSIX=1 -DOS_LINUX=1 -DSTATIC_EXPORTABLE_JS_API
-DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL
-I/home/hussam/cache/firefox/src/gecko-dev/dom/presentation
-I/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dom/presentation
-I/home/hussam/cache/firefox/src/gecko-dev/dom/base
-I/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/ipc/ipdl/_ipdlheaders
-I/home/hussam/cache/firefox/src/gecko-dev/ipc/chromium/src
-I/home/hussam/cache/firefox/src/gecko-dev/ipc/glue
-I/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include
 -I/usr/include/nspr -I/usr/include/nss-I/usr/include/pixman-1   -fPIC 
-DMOZILLA_CLIENT -include
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/mozilla-config.h
-MD -MP -MF .deps/Unified_cpp_dom_presentation0.o.pp  -Wall -Wc++11-compat
-Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith
-Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings
-Wno-invalid-offsetof -Wc++14-compat -Wno-error=maybe-uninitialized
-Wno-error=deprecated-declarations -Wno-error=array-bounds -Wformat
-fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections
-fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe  -g
-freorder-blocks -Os -fomit-frame-pointer   
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dom/presentation/Unified_cpp_dom_presentation0.cpp
In file included from
/home/hussam/cache/firefox/src/gecko-dev/dom/base/nsINode.h:19:0,
 from
/home/hussam/cache/firefox/src/gecko-dev/dom/base/nsIDocument.h:17,
 from
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/dom/BindingUtils.h:33,
 from
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/dom/ToJSValue.h:12,
 from
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/dom/EventListenerBinding.h:12,
 from
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/EventListenerManager.h:11,
 from
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/DOMEventTargetHelper.h:19,
 from
/home/hussam/cache/firefox/src/gecko-dev/dom/presentation/PresentationAvailability.h:10,
 from
/home/hussam/cache/firefox/src/gecko-dev/dom/presentation/AvailabilityCollection.cpp:10,
 from
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dom/presentation/Unified_cpp_dom_presentation0.cpp:2:
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/nsTObserverArray.h:
In lambda function:
/home/hussam/cache/firefox/src/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/nsTObserverArray.h:260:30:
internal compiler error: Segmentation fault
 AdjustIterators(i, -1);
  ^



lines around 260 in /nsTObserverArray.h :

  // See nsTArray::RemoveElementsBy.
  void RemoveElementsBy(std::function aPredicate)
  {
index_type i = 0;
mArray.RemoveElementsBy([&](const elem_type& aItem) {
  if (aPredicate(aItem)) {
// This element is going to be removed.
AdjustIterators(i, -1);
return true;
  }
  ++i;
  return false;
});
  }