[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

Martin Liška  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #17 from Martin Liška  ---
Fixed.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #16 from Martin Liška  ---
(In reply to PeteVine from comment #15)
> No, that's not it - gcov-dump 6/7 have no problem dumping previous versions.
> I'm just not sure if the problem with gcov-dump-8 is architecture specific
> (ARM) or it's something to do with my setup. I'm going to leave it there.

Note that I did some ABI changes of the format in GCC 8. Thus gcov-dump-8 has
definitely issue with gcda/gcno files created by an older GCC version.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[tulipawn at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #15 from PeteVine  ---
No, that's not it - gcov-dump 6/7 have no problem dumping previous versions.
I'm just not sure if the problem with gcov-dump-8 is architecture specific
(ARM) or it's something to do with my setup. I'm going to leave it there.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #14 from Martin Liška  ---
(In reply to PeteVine from comment #13)
> Almost certainly not related, but there's been some sort of regression in
> gcov-dump from GCC 8 branch. Trying to dump any *.gcda file (ver. 8
> included) ends like this:
> 
> $ gcov-dump-8 Unified_cpp_js_src25.gcda 
> Unified_cpp_js_src25.gcda:data:magic `gcda':version `504*'
> Unified_cpp_js_src25.gcda:warning:current version is `A80e'
> Unified_cpp_js_src25.gcda:stamp 532248120
> Unified_cpp_js_src25.gcda:tag `01ba' is invalid
> Unified_cpp_js_src25.gcda:01ba:3336454216:UNKNOWN

Looks you're using GCC compiler version 5.x to build executable and then you're
using gcov-dump-8. Please check it and if valid, please create another PR.
Thanks.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[tulipawn at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #13 from PeteVine  ---
Almost certainly not related, but there's been some sort of regression in
gcov-dump from GCC 8 branch. Trying to dump any *.gcda file (ver. 8 included)
ends like this:

$ gcov-dump-8 Unified_cpp_js_src25.gcda 
Unified_cpp_js_src25.gcda:data:magic `gcda':version `504*'
Unified_cpp_js_src25.gcda:warning:current version is `A80e'
Unified_cpp_js_src25.gcda:stamp 532248120
Unified_cpp_js_src25.gcda:tag `01ba' is invalid
Unified_cpp_js_src25.gcda:01ba:3336454216:UNKNOWN

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #12 from Martin Liška  ---
So problem is quite simple, there's a branch counter that has negative value:

$ ./gcov-dump  -l Unified_cpp_js_src31.gcda
...
Unified_cpp_js_src31.gcda:  0100:   3:FUNCTION ident=642196265,
lineno_checksum=0xca05d7bd, cfg_checksum=0xa9867a71
Unified_cpp_js_src31.gcda:01a1:  46:COUNTERS arcs 23 counts
Unified_cpp_js_src31.gcda:   0: 37 37 37 0 0 0 0 0 
Unified_cpp_js_src31.gcda:   8: 0 0 0 0 0 0 0 0 
Unified_cpp_js_src31.gcda:  16: 7650095318414917635
-5852759779117600487 128876347392 0 0 0 0 

Which is very suspicious. I points to following function:
https://github.com/servo/mozjs/blob/master/mozjs/js/src/jsweakmap.h#L153

Note that first arcs counter has value 37, which should be number of execution
of entry basic block. Thus counters at offset 16, 17, 18 look somehow skewed.
Note that these counters at very end of *.gcda file and thus maybe somehow
corrupted.

We can obviously add some validation of such numbers, but it would be more
interesting to find where these numbers come from.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

Martin Liška  changed:

   What|Removed |Added

 Status|WAITING |ASSIGNED

--- Comment #11 from Martin Liška  ---
(In reply to Marco Castelluccio from comment #10)
> (In reply to Martin Liška from comment #9)
> > (In reply to Marco Castelluccio from comment #8)
> > > Created attachment 42462 [details]
> > > Archive with GCNO and GCDA file generated with GCC 6
> > > 
> > > This is an archive containing the GCNO and GCDA files generated with GCC 
> > > 6.
> > > 
> > > We are going to test 7 next.
> > 
> > Thanks for that. Still can't reproduce and it will be highly probably that
> > it's related to fact that I do not have source files which are annotated.
> > Can you please attach them?
> > 
> > Moreover, can you please run it in gdb and paste full backtrace?
> 
> I don't have the source files either, they are built on a remote machine and
> I'm only downloading the gcno/gcda file.
> 
> Here's the backtrace:
> #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> #1  0x77a2df5d in __GI_abort () at abort.c:90
> #2  0x77a7628d in __libc_message (action=action@entry=(do_abort |
> do_backtrace), fmt=fmt@entry=0x77b9b9e6 "*** %s ***: %s terminated\n")
> at ../sysdeps/posix/libc_fatal.c:181
> #3  0x77b1c7ef in __GI___fortify_fail_abort
> (need_backtrace=need_backtrace@entry=true, msg=msg@entry=0x77b9b96d
> "buffer overflow detected")
> at fortify_fail.c:33
> #4  0x77b1c811 in __GI___fortify_fail (msg=msg@entry=0x77b9b96d
> "buffer overflow detected") at fortify_fail.c:44
> #5  0x77b1a500 in __GI___chk_fail () at chk_fail.c:28
> #6  0x77b199e9 in _IO_str_chk_overflow (fp=,
> c=) at vsprintf_chk.c:31
> #7  0x77a7ad59 in __GI__IO_default_xsputn (f=0x7fffd0f0,
> data=, n=19) at genops.c:455
> #8  0x77a4932d in _IO_vfprintf_internal (s=s@entry=0x7fffd0f0,
> format=, format@entry=0x46f771 "%ld", 
> ap=ap@entry=0x7fffd230) at vfprintf.c:1642
> #9  0x77b19a8b in ___vsprintf_chk (s=0x697670  long, int)::buffer> "-674122451547433726", flags=1, slen=20, 
> format=0x46f771 "%ld", args=args@entry=0x7fffd230) at
> vsprintf_chk.c:82
> #10 0x77b199ba in ___sprintf_chk (s=s@entry=0x697670
>  "-674122451547433726",
> flags=flags@entry=1, 
> slen=slen@entry=20, format=format@entry=0x46f771 "%ld") at
> sprintf_chk.c:31
> #11 0x00405934 in sprintf (__fmt=0x46f771 "%ld", __s=0x697670
>  "-674122451547433726")
> at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34
> #12 format_gcov (top=, bottom=, dp=-1) at
> ../../src/gcc/gcov.c:1998
> #13 0x00404b41 in output_lines (src=0x1108e00, gcov_file=0x71a650)
> at ../../src/gcc/gcov.c:2563
> #14 output_gcov_file (src=0x1108e00, file_name=0xa8f490
> "Unified_cpp_js_src31.gcda") at ../../src/gcc/gcov.c:962
> #15 generate_results (file_name=) at ../../src/gcc/gcov.c:1035
> #16 main (argc=, argv=) at
> ../../src/gcc/gcov.c:640

Thanks! Now I know where's the problem. Let me fix it.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[mcastelluccio at mozilla dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #10 from Marco Castelluccio  ---
(In reply to Martin Liška from comment #9)
> (In reply to Marco Castelluccio from comment #8)
> > Created attachment 42462 [details]
> > Archive with GCNO and GCDA file generated with GCC 6
> > 
> > This is an archive containing the GCNO and GCDA files generated with GCC 6.
> > 
> > We are going to test 7 next.
> 
> Thanks for that. Still can't reproduce and it will be highly probably that
> it's related to fact that I do not have source files which are annotated.
> Can you please attach them?
> 
> Moreover, can you please run it in gdb and paste full backtrace?

I don't have the source files either, they are built on a remote machine and
I'm only downloading the gcno/gcda file.

Here's the backtrace:
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x77a2df5d in __GI_abort () at abort.c:90
#2  0x77a7628d in __libc_message (action=action@entry=(do_abort |
do_backtrace), fmt=fmt@entry=0x77b9b9e6 "*** %s ***: %s terminated\n")
at ../sysdeps/posix/libc_fatal.c:181
#3  0x77b1c7ef in __GI___fortify_fail_abort
(need_backtrace=need_backtrace@entry=true, msg=msg@entry=0x77b9b96d "buffer
overflow detected")
at fortify_fail.c:33
#4  0x77b1c811 in __GI___fortify_fail (msg=msg@entry=0x77b9b96d
"buffer overflow detected") at fortify_fail.c:44
#5  0x77b1a500 in __GI___chk_fail () at chk_fail.c:28
#6  0x77b199e9 in _IO_str_chk_overflow (fp=,
c=) at vsprintf_chk.c:31
#7  0x77a7ad59 in __GI__IO_default_xsputn (f=0x7fffd0f0,
data=, n=19) at genops.c:455
#8  0x77a4932d in _IO_vfprintf_internal (s=s@entry=0x7fffd0f0,
format=, format@entry=0x46f771 "%ld", 
ap=ap@entry=0x7fffd230) at vfprintf.c:1642
#9  0x77b19a8b in ___vsprintf_chk (s=0x697670  "-674122451547433726", flags=1, slen=20, 
format=0x46f771 "%ld", args=args@entry=0x7fffd230) at vsprintf_chk.c:82
#10 0x77b199ba in ___sprintf_chk (s=s@entry=0x697670  "-674122451547433726", flags=flags@entry=1, 
slen=slen@entry=20, format=format@entry=0x46f771 "%ld") at sprintf_chk.c:31
#11 0x00405934 in sprintf (__fmt=0x46f771 "%ld", __s=0x697670
 "-674122451547433726")
at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34
#12 format_gcov (top=, bottom=, dp=-1) at
../../src/gcc/gcov.c:1998
#13 0x00404b41 in output_lines (src=0x1108e00, gcov_file=0x71a650) at
../../src/gcc/gcov.c:2563
#14 output_gcov_file (src=0x1108e00, file_name=0xa8f490
"Unified_cpp_js_src31.gcda") at ../../src/gcc/gcov.c:962
#15 generate_results (file_name=) at ../../src/gcc/gcov.c:1035
#16 main (argc=, argv=) at
../../src/gcc/gcov.c:640

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #9 from Martin Liška  ---
(In reply to Marco Castelluccio from comment #8)
> Created attachment 42462 [details]
> Archive with GCNO and GCDA file generated with GCC 6
> 
> This is an archive containing the GCNO and GCDA files generated with GCC 6.
> 
> We are going to test 7 next.

Thanks for that. Still can't reproduce and it will be highly probably that it's
related to fact that I do not have source files which are annotated.
Can you please attach them?

Moreover, can you please run it in gdb and paste full backtrace?

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[mcastelluccio at mozilla dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #8 from Marco Castelluccio  ---
Created attachment 42462
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=42462=edit
Archive with GCNO and GCDA file generated with GCC 6

This is an archive containing the GCNO and GCDA files generated with GCC 6.

We are going to test 7 next.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[mcastelluccio at mozilla dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #7 from Marco Castelluccio  ---
(In reply to Martin Liška from comment #6)
> (In reply to Marco Castelluccio from comment #5)
> > (In reply to Martin Liška from comment #4)
> > > (In reply to Marco Castelluccio from comment #3)
> > > > > Thanks for the report Marco. Looks it comes from Firefox, am I right?
> > > > 
> > > > Yes, that's correct. Actually, from a build of the JS shell.
> > > > 
> > > > > Which version of GCC have you been using?
> > > > 
> > > > The build was done with "gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 
> > > > 20160609".
> > > > 
> > > > We were also able to reproduce the crash with a gcda generated normally,
> > > > without __gcov_dump.
> > > 
> > > I see, not the GCC 5.x is not longer supported. Anyway, please paste
> > > backtrace from gcov when the segfaults happens.
> > 
> > I'm having a hard time installing debugging symbols here, I might have to
> > build GCC from scratch.
> > If you already have a debug build of GCC 6 lurking around, you could try if
> > you could reproduce the crash yourself.
> 
> Yes, but am I right that the gcda and gcno files attached are created with
> GCC 5.4?
> I can't reproduce the segfault on my machine. Please paste command line
> invocation.

Yes, they were created with GCC 5.4.
Here's a crash report when I try to parse them with gcov-7:
https://bugs.launchpad.net/ubuntu/+source/gcc-7/+bug/1725255, perhaps you can
get the stacktrace from there.

I will report back after we finish testing with GCC 6/7.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #6 from Martin Liška  ---
(In reply to Marco Castelluccio from comment #5)
> (In reply to Martin Liška from comment #4)
> > (In reply to Marco Castelluccio from comment #3)
> > > > Thanks for the report Marco. Looks it comes from Firefox, am I right?
> > > 
> > > Yes, that's correct. Actually, from a build of the JS shell.
> > > 
> > > > Which version of GCC have you been using?
> > > 
> > > The build was done with "gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 
> > > 20160609".
> > > 
> > > We were also able to reproduce the crash with a gcda generated normally,
> > > without __gcov_dump.
> > 
> > I see, not the GCC 5.x is not longer supported. Anyway, please paste
> > backtrace from gcov when the segfaults happens.
> 
> I'm having a hard time installing debugging symbols here, I might have to
> build GCC from scratch.
> If you already have a debug build of GCC 6 lurking around, you could try if
> you could reproduce the crash yourself.

Yes, but am I right that the gcda and gcno files attached are created with GCC
5.4?
I can't reproduce the segfault on my machine. Please paste command line
invocation.

> 
> > I did quite some fixes to gcov that are included in GCC 7.x branch. Can you
> > please test a new release?
> 
> We are testing with GCC 6 now, and will try with GCC 7 later on.

Yes, please test newer versions.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[mcastelluccio at mozilla dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #5 from Marco Castelluccio  ---
(In reply to Martin Liška from comment #4)
> (In reply to Marco Castelluccio from comment #3)
> > > Thanks for the report Marco. Looks it comes from Firefox, am I right?
> > 
> > Yes, that's correct. Actually, from a build of the JS shell.
> > 
> > > Which version of GCC have you been using?
> > 
> > The build was done with "gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 
> > 20160609".
> > 
> > We were also able to reproduce the crash with a gcda generated normally,
> > without __gcov_dump.
> 
> I see, not the GCC 5.x is not longer supported. Anyway, please paste
> backtrace from gcov when the segfaults happens.

I'm having a hard time installing debugging symbols here, I might have to build
GCC from scratch.
If you already have a debug build of GCC 6 lurking around, you could try if you
could reproduce the crash yourself.

> I did quite some fixes to gcov that are included in GCC 7.x branch. Can you
> please test a new release?

We are testing with GCC 6 now, and will try with GCC 7 later on.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #4 from Martin Liška  ---
(In reply to Marco Castelluccio from comment #3)
> > Thanks for the report Marco. Looks it comes from Firefox, am I right?
> 
> Yes, that's correct. Actually, from a build of the JS shell.
> 
> > Which version of GCC have you been using?
> 
> The build was done with "gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609".
> 
> We were also able to reproduce the crash with a gcda generated normally,
> without __gcov_dump.

I see, not the GCC 5.x is not longer supported. Anyway, please paste backtrace
from gcov when the segfaults happens.

I did quite some fixes to gcov that are included in GCC 7.x branch. Can you
please test a new release?

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[mcastelluccio at mozilla dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #3 from Marco Castelluccio  ---
> Thanks for the report Marco. Looks it comes from Firefox, am I right?

Yes, that's correct. Actually, from a build of the JS shell.

> Which version of GCC have you been using?

The build was done with "gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609".

We were also able to reproduce the crash with a gcda generated normally,
without __gcov_dump.

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

Martin Liška  changed:

   What|Removed |Added

 Status|UNCONFIRMED |WAITING
   Last reconfirmed||2017-10-19
 Ever confirmed|0   |1

--- Comment #2 from Martin Liška  ---
Thanks for the report Marco. Looks it comes from Firefox, am I right?
Which version of GCC have you been using?

[Bug gcov-profile/82614] GCOV crashes while parsing gcda file

[mcastelluccio at mozilla dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82614

--- Comment #1 from Marco Castelluccio  ---
Created attachment 42399
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=42399=edit
GCNO file