[Bug target/86326] New: Conditional jump or move depends on uninitialized value in calculate_allocatation_cost (ira.c:2457)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86326 Bug ID: 86326 Summary: Conditional jump or move depends on uninitialized value in calculate_allocatation_cost (ira.c:2457) Product: gcc Version: 8.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: target Assignee: unassigned at gcc dot gnu.org Reporter: sduvan.gcc at gmail dot com Target Milestone: --- Created attachment 44323 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=44323&action=edit Preprocessed source The reduced testcase triggers a valgrind error. Running valgrind --trace-children=yes --expensive-definedness-checks=yes /opt/gcc/8.1.0/bin/g++ -m32 -c ./bug.ii gives (ignoring/suppressing the benign reports related to sparseset_bit_p) ==146658== Conditional jump or move depends on uninitialised value(s) ==146658==at 0xA28F8D: calculate_allocation_cost (ira.c:2457) ==146658==by 0xA28F8D: ira (ira.c:5377) ==146658==by 0xA28F8D: (anonymous namespace)::pass_ira::execute(function*) (ira.c:5606) ==146658==by 0xAEB8B1: execute_one_pass(opt_pass*) (passes.c:2497) ==146658==by 0xAEC027: execute_pass_list_1(opt_pass*) (passes.c:2586) ==146658==by 0xAEC039: execute_pass_list_1(opt_pass*) (passes.c:2587) ==146658==by 0xAEC078: execute_pass_list(function*, opt_pass*) (passes.c:2597) ==146658==by 0x85437C: cgraph_node::expand() (cgraphunit.c:2139) ==146658==by 0x855663: output_in_order (cgraphunit.c:2381) ==146658==by 0x855663: symbol_table::compile() [clone .part.72] (cgraphunit.c:2623) ==146658==by 0x857109: compile (cgraphunit.c:2537) ==146658==by 0x857109: symbol_table::finalize_compilation_unit() (cgraphunit.c:2717) ==146658==by 0xBA7987: compile_file() (toplev.c:480) ==146658==by 0x6346FE: do_compile (toplev.c:2132) ==146658==by 0x6346FE: toplev::main(int, char**) (toplev.c:2267) ==146658==by 0x63699A: main (main.c:39) bash> /opt/gcc/8.1.0/bin/g++ -v Using built-in specs. COLLECTGCC=/opt/gcc/8.1.0/bin/g++ COLLECT_LTO_WRAPPER=/opt/gcc/8.1.0/lib/gcc/x86_64-suse-linux/8.1.0/lto-wrapper Target: x86_64-suse-linux Configured with: ../../gcc-8.1.0/configure --enable-languages=c,c++,fortran --enable-targets=x86_64-suse-linux,i686-suse-linux --prefix=/opt/gcc/8.1.0 --with-gnu-as --with-as=/opt/gcc/binutils-2.30/bin/as --with-gnu-ld --with-ld=/opt/gcc/binutils-2.30/bin/ld.bfd --enable-threads=posix --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=pool x86_64-suse-linux Thread model: posix gcc version 8.1.0 (GCC) I'm aware of BZ 83321 but was under the impression that such issues with valgrind would not be possible when using --expensive-definedness-checks=yes.
[Bug sanitizer/84043] -fsanitize=alignment leads to massive compile time
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84043 Johan Alfredsson changed: What|Removed |Added Status|RESOLVED|CLOSED --- Comment #5 from Johan Alfredsson --- Fixed in 8.1.
[Bug sanitizer/84043] -fsanitize=alignment leads to massive compile time
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84043 --- Comment #2 from Johan Alfredsson --- bash> g++ -v Using built-in specs. COLLECT_GCC=/usr/local/products/gcc/7.2.0/bin/g++ COLLECT_LTO_WRAPPER=/usr/local/products/gcc/7.2.0/lib/gcc/x86_64-suse-linux/7.2.0/lto-wrapper Target: x86_64-suse-linux Configured with: ../../gcc-7.2.0/configure --enable-languages=c,c++,fortran --enable-targets=x86_64-suse-linux,i686-suse-linux --prefix=/usr/local/products/gcc/7.2.0 --with-gnu-as --with-as=/usr/local/products/gcc/binutils-2.26/bin/as --with-gnu-ld --with-ld=/usr/local/products/gcc/binutils-2.26/bin/ld.bfd --with-gmp=/usr/local/products/gcc/gmp-6.1.0 --with-mpfr=/usr/local/products/gcc/mpfr-3.1.4 --with-mpc=/usr/local/products/gcc/mpc-1.0.3 --enable-threads=posix --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=pool x86_64-suse-linux Thread model: posix gcc version 7.2.0 (GCC) to reproduce the problem g++ -fsanitize=alignment bug.C -o bug
[Bug sanitizer/84043] -fsanitize=alignment leads to massive compile time
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84043 --- Comment #1 from Johan Alfredsson --- Created attachment 43245 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=43245&action=edit Preprocessed source
[Bug sanitizer/84043] New: -fsanitize=alignment leads to massive compile time
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84043 Bug ID: 84043 Summary: -fsanitize=alignment leads to massive compile time Product: gcc Version: 7.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: sduvan.gcc at gmail dot com CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- Created attachment 43244 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=43244&action=edit Testcase The tiny attached program, bug.C, leads to compile times that seem to be exponential in the number of operator<<():s used. I'm aware of bug 69656 but it was not clear to me that this was related to the same underlying issue and also my testcase seems significantly smaller.
[Bug sanitizer/67626] New: Erroneous report on downcast to __numpunct_cache
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67626
Bug ID: 67626
Summary: Erroneous report on downcast to __numpunct_cache
Product: gcc
Version: 5.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: sduvan.gcc at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Created attachment 36347
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36347&action=edit
Preprocessed source code
For the testcase below, it seems to me that ubsan is confused. The locale
stores 'facet*':s in its cache which are downcast by __use_cache::operator() to
retrieve the actual type (std::__numpunct_cache). Moreover,
__numpunct_cache is a template and no type, as indicated in the error message
below.
Reduced testcase:
#include
int main() {
std::locale loc(std::locale(), new std::num_put());
std::num_put const& np = std::use_facet>(loc);
char buf[256];
struct ios : std::ios_base {} ios;
np.put(buf, ios, '0', 1l);
}
bash> /usr/local/products/gcc/5.2.0/bin/g++ -fsanitize=undefined -std=gnu++11
-o bug bug.C -Wl,-rpath,/usr/local/products/gcc/5.2.0/lib64
bash> ./bug
/usr/local/products/gcc/5.2.0/include/c++/5.2.0/bits/locale_facets.tcc:72:67:
runtime error: downcast of address 0x7f57533d21e0 which does not point to an
object of type '__numpunct_cache'
0x7f57533d21e0: note: object is of type 'std::__numpunct_cache'
00 00 00 00 d8 5f 3c 53 57 7f 00 00 01 00 00 00 00 00 00 00 8a bd 38 53 57
7f 00 00 00 00 00 00
^~~
vptr for 'std::__numpunct_cache'
/usr/local/products/gcc/5.2.0/include/c++/5.2.0/bits/locale_facets.tcc:880:2:
runtime error: member access within address 0x7f57533d21e0 which does not point
to an object of type '__numpunct_cache'
0x7f57533d21e0: note: object is of type 'std::__numpunct_cache'
00 00 00 00 d8 5f 3c 53 57 7f 00 00 01 00 00 00 00 00 00 00 8a bd 38 53 57
7f 00 00 00 00 00 00
^~~
vptr for 'std::__numpunct_cache'
bash> /usr/local/products/gcc/5.2.0/bin/g++ -v
Using built-in specs.
COLLECT_GCC=/usr/local/products/gcc/5.2.0/bin/g++
COLLECT_LTO_WRAPPER=/usr/local/products/gcc/5.2.0/lib/gcc/x86_64-suse-linux/5.2.0/lto-wrapper
Target: x86_64-suse-linux
Configured with: ../../gcc-5.2.0/configure --enable-languages=c,c++,fortran
--enable-targets=x86_64-suse-linux,i686-suse-linux
--prefix=/usr/local/products/gcc/5.2.0 --with-gnu-as
--with-as=/usr/local/products/gcc/binutils-2.25.1/bin/as --with-gnu-ld
--with-ld=/usr/local/products/gcc/binutils-2.25.1/bin/ld.gold
--with-gmp=/usr/local/products/gcc/gmp-5.0.1
--with-mpfr=/usr/local/products/gcc/mpfr-3.0.0
--with-mpc=/usr/local/products/gcc/mpc-0.8.2 --enable-threads=posix
--enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=pool
x86_64-suse-linux
Thread model: posix
gcc version 5.2.0 (GCC)
