[Bug fortran/87945] New: [9 Regression] ICE in var_element, at fortran/decl.c:281

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] New: [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

            Bug ID: 87945
           Summary: [9 Regression] ICE in var_element, at
                    fortran/decl.c:281
           Product: gcc
           Version: 9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: fortran
          Assignee: unassigned at gcc dot gnu.org
          Reporter: [hidden email]
  Target Milestone: ---

Changed recently :


$ cat z1.f90
program p
   character :: a, b
   data a%len /1/
   data b%kind /'b'/
end


$ gfortran-9-20181104 -c z1.f90
f951: internal compiler error: Segmentation fault
0xb205df crash_signal
        ../../gcc/toplev.c:325
0x60299e var_element
        ../../gcc/fortran/decl.c:281
0x604ce4 top_var_list
        ../../gcc/fortran/decl.c:321
0x604ce4 gfc_match_data()
        ../../gcc/fortran/decl.c:598
0x66a3c1 match_word
        ../../gcc/fortran/parse.c:65
0x66db06 decode_statement
        ../../gcc/fortran/parse.c:468
0x66e72a next_free
        ../../gcc/fortran/parse.c:1234
0x66e72a next_statement
        ../../gcc/fortran/parse.c:1466
0x66fd3b parse_spec
        ../../gcc/fortran/parse.c:3858
0x672807 parse_progunit
        ../../gcc/fortran/parse.c:5671
0x673e89 gfc_parse_file()
        ../../gcc/fortran/parse.c:6211
0x6bc03f gfc_be_parse_file
        ../../gcc/fortran/f95-lang.c:204
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P4
   Target Milestone|---                         |9.0
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
In reply to this post by asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |ice-on-valid-code
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2018-11-12
     Ever confirmed|0                           |1

--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Related to/duplicate of pr87881?

IMO this is not a regression.
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
In reply to this post by asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

--- Comment #2 from G. Steinmetz <[hidden email]> ---

z1.90 above should be _invalid_ code, because a type parameter
inquiry can never be assigned a value, and should not be on LHS.
An aequivalent example :

$ cat z4.f90
program p
   character :: a, b
   a%len = 1
   b%kind = 'b'   ! plus type mismatch
end


Both examples from pr87881 comment 2 are looking good with their
legal inquiries.

Tested with latest official snapshot, no additonal patches applied.
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
In reply to this post by asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

--- Comment #3 from kargl at gcc dot gnu.org ---
Index: gcc/fortran/decl.c
===================================================================
--- gcc/fortran/decl.c  (revision 266192)
+++ gcc/fortran/decl.c  (working copy)
@@ -278,6 +278,14 @@ var_element (gfc_data_variable *new_var)
   if (m != MATCH_YES)
     return m;

+  if (new_var->expr->expr_type == EXPR_CONSTANT
+      && new_var->expr->symtree == NULL)
+    {
+      gfc_error ("Inquiry parameter cannot appear in a "
+                "data-stmt-object-list at %C");
+      return MATCH_ERROR;
+    }
+
   sym = new_var->expr->symtree->n.sym;

   /* Symbol should already have an associated type.  */
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
In reply to this post by asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

--- Comment #4 from kargl at gcc dot gnu.org ---
Author: kargl
Date: Sun Dec  9 04:02:44 2018
New Revision: 266915

URL: https://gcc.gnu.org/viewcvs?rev=266915&root=gcc&view=rev
Log:
20180-12-08  Steven G. Kargl  <[hidden email]>

        PR fortran/87945
        * decl.c (var_element): Inquiry parameters cannit be data objects.

20180-12-08  Steven G. Kargl  <[hidden email]>

        PR fortran/87945
        * gfortran.dg/pr87945_1.f90: New test.
        * gfortran.dg/pr87945_2.f90: New test.

Added:
    trunk/gcc/testsuite/gfortran.dg/pr87945_1.f90
    trunk/gcc/testsuite/gfortran.dg/pr87945_2.f90
Modified:
    trunk/gcc/fortran/ChangeLog
    trunk/gcc/fortran/decl.c
    trunk/gcc/testsuite/ChangeLog
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
In reply to this post by asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

kargl at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |kargl at gcc dot gnu.org
         Resolution|---                         |FIXED
           Assignee|unassigned at gcc dot gnu.org      |kargl at gcc dot gnu.org

--- Comment #5 from kargl at gcc dot gnu.org ---
Fixed on trunk. Closing
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
In reply to this post by asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

David Binderman <dcb314 at hotmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dcb314 at hotmail dot com

--- Comment #6 from David Binderman <dcb314 at hotmail dot com> ---
Not sure this is related, but I tried compiling ./gfortran.dg/pr87945_1.f90
on an asan build of gcc trunk revision 267200 and got this:

./gfortran.dg/pr87945_1.f90
=================================================================
==30485==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000003ed8
at pc 0x000001323891 bp 0x7fff1aa0dbd0 sp 0x7fff1aa0dbc8
READ of size 8 at 0x617000003ed8 thread T0
    #0 0x1323890 in simplify_ref_chain ../../trunk/gcc/fortran/expr.c:1943
    #1 0x132226c in gfc_simplify_expr(gfc_expr*, int)
../../trunk/gcc/fortran/expr.c:2164
    #2 0x144b2a9 in gfc_match_varspec(gfc_expr*, int, bool, bool)
../../trunk/gcc/fortran/primary.c:2287
    #3 0x144d207 in match_variable ../../trunk/gcc/fortran/primary.c:3971

$ ~/gcc/results/bin/gfortran -v
Using built-in specs.
COLLECT_GCC=/home/dcb/gcc/results/bin/gfortran
COLLECT_LTO_WRAPPER=/home/dcb/gcc/results.267200.asan/libexec/gcc/x86_64-pc-linux-gnu/9.0.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../trunk/configure --prefix=/home/dcb/gcc/results.267200.asan
--with-build-config=bootstrap-asan --disable-multilib --disable-werror
--enable-checking=release --enable-languages=c,c++,fortran
Thread model: posix
gcc version 9.0.0 20181217 (experimental) (GCC)
$
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
In reply to this post by asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

--- Comment #7 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> Not sure this is related, but I tried compiling ./gfortran.dg/pr87945_1.f90
> on an asan build of gcc trunk revision 267200 and got this:

I think it is a duplicate of pr87881.
Reply | Threaded
Open this post in threaded view
|

[Bug fortran/87945] [9 Regression] ICE in var_element, at fortran/decl.c:281

asolokha at gmx dot com
In reply to this post by asolokha at gmx dot com
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87945

--- Comment #8 from kargl at gcc dot gnu.org ---
(In reply to David Binderman from comment #6)
> Not sure this is related, but I tried compiling ./gfortran.dg/pr87945_1.f90
> on an asan build of gcc trunk revision 267200 and got this:
>

I think it's irrelevant to my patch.  Fixing the ICE
simply allows one to get to where the sanitizers get
upset.

When find_inquiry_ref() is used to a inquiry reference,
it nullifies a pointer.  If it is called twice on the
same expression, then this might be why there is a
use after free.