[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993 --- Comment #10 from Jason Merrill --- Author: jason Date: Mon Apr 3 21:15:36 2017 New Revision: 246662 URL: https://gcc.gnu.org/viewcvs?rev=246662=gcc=rev Log: PR sanitizer/79993 - ICE with VLA initialization from string PR c++/69487 - wrong VLA initialization from string * init.c (finish_length_check): Split out from build_vec_init. (build_vec_init): Handle STRING_CST. * typeck2.c (split_nonconstant_init): Handle STRING_CST. (digest_init_r): Don't give a STRING_CST VLA type. Added: trunk/gcc/testsuite/g++.dg/asan/pr78201.C trunk/gcc/testsuite/g++.dg/ext/vla17.C Modified: trunk/gcc/cp/ChangeLog trunk/gcc/cp/init.c trunk/gcc/cp/typeck2.c
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993 Jakub Jelinek changed: What|Removed |Added Assignee|jakub at gcc dot gnu.org |jason at gcc dot gnu.org --- Comment #9 from Jakub Jelinek --- Jason said he has a patch for this, so reassigning.
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993
Jakub Jelinek changed:
What|Removed |Added
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |jakub at gcc dot gnu.org
--- Comment #8 from Jakub Jelinek ---
So far I have:
--- gcc/cp/typeck2.c.jj 2017-03-02 08:08:42.0 +0100
+++ gcc/cp/typeck2.c2017-03-31 15:36:54.366928789 +0200
@@ -739,7 +739,9 @@ split_nonconstant_init (tree dest, tree
if (TREE_CODE (init) == TARGET_EXPR)
init = TARGET_EXPR_INITIAL (init);
- if (TREE_CODE (init) == CONSTRUCTOR)
+ if (TREE_CODE (init) == CONSTRUCTOR
+ || (TREE_CODE (init) == STRING_CST
+ && array_of_runtime_bound_p (TREE_TYPE (dest
{
init = cp_fully_fold (init);
code = push_stmt_list ();
@@ -1066,7 +1068,7 @@ digest_init_r (tree type, tree init, boo
}
}
- if (type != TREE_TYPE (init))
+ if (type != TREE_TYPE (init) && !array_of_runtime_bound_p (type))
{
init = copy_node (init);
TREE_TYPE (init) = type;
--- gcc/cp/init.c.jj2017-03-21 08:04:13.0 +0100
+++ gcc/cp/init.c 2017-03-31 16:38:18.346535659 +0200
@@ -4199,7 +4199,12 @@ build_vec_init (tree base, tree maxindex
else if (from_array)
{
if (init)
- /* OK, we set base2 above. */;
+ {
+ /* OK, we set base2 above. */
+ if (TREE_CODE (init) == STRING_CST
+ && array_of_runtime_bound_p (atype))
+ empty_list = true;
+ }
else if (CLASS_TYPE_P (type)
&& ! TYPE_HAS_DEFAULT_CONSTRUCTOR (type))
{
and the remaining part is changing build_vec_init, so that it will perform the
memcpy (MEM_REF = STRING_CST) followed by the initialization of the rest.
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993 Jakub Jelinek changed: What|Removed |Added CC||nils at os dot inf.tu-dresden.de --- Comment #7 from Jakub Jelinek --- *** Bug 80269 has been marked as a duplicate of this bug. ***
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993 --- Comment #6 from Martin Sebor --- I think it would be preferable to make VLA initialization work the way it was supposed to. A patch to handle it properly exists (bug 69517) and I plan (hope) to dust it off for GCC 8 and submit it.
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993 --- Comment #5 from Jason Merrill --- (In reply to Jakub Jelinek from comment #4) > Created attachment 41072 [details] > gcc7-pr79993.patch > > So, one option is to revert to the 4.8 and earlier behavior, disallow any > VLA initialization (like C does). This patch should do it. I've been ambivalent about this. I think it makes sense, but given the number of testcases that hit the change, the functionality seems to be fairly popular.
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993 --- Comment #4 from Jakub Jelinek --- Created attachment 41072 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41072=edit gcc7-pr79993.patch So, one option is to revert to the 4.8 and earlier behavior, disallow any VLA initialization (like C does). This patch should do it. Otherwise, the behavior the C++ FE has when not using string literals as initializers is that it is UB if the VLA is smaller than the size of the initializer, and if it is larger or equal than that, it is initialized from the initializer and excess elements if any are zero initialized (value initialization or whatever it is). Even when ignoring the bogus type on the STRING_CST, we don't implement that right now for STRING_CST - we probably want memcpy from the STRING_CST followed by whatever we do for other initializers.
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993 Richard Biener changed: What|Removed |Added Priority|P3 |P2
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993
Jakub Jelinek changed:
What|Removed |Added
CC||jason at gcc dot gnu.org,
||msebor at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek ---
I think we have various dups of this, the FE emits STRING_CST with VLA array
type which is invalid.
This happens in digest_init_r, which for init being STRING_CST does:
if (type != TREE_TYPE (init))
{
init = copy_node (init);
TREE_TYPE (init) = type;
}
I think if type is VLA, we should just keep the STRING_CST as is and do
something like __builtin_memcpy from the STRING_CST to the VLA, maybe followed
by __builtin_memset for the remainder if the STRING_CST is shorter than the VLA
size.
I can surely work around this in asan.c by ignoring STRING_CSTs with
non-constant sizes, but that just seems to be papering over the real bug.
[Bug sanitizer/79993] [5/6/7 Regression] ICE in tree_to_uhwi, at tree.c:7344
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79993 Marek Polacek changed: What|Removed |Added Target Milestone|--- |5.5 Summary|ICE in tree_to_uhwi, at |[5/6/7 Regression] ICE in |tree.c:7344 |tree_to_uhwi, at ||tree.c:7344
