https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68331
David Abdurachmanov <david.abdurachmanov at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david.abdurachmanov at gmail dot c | |om --- Comment #10 from David Abdurachmanov <david.abdurachmanov at gmail dot com> --- I have been reg-testing GCC 6 for the last few weeks and I hit an issue with compile code straggly segfaulting. Compiler with GCC 5.3.0, ASan and valgrind shows no issues. Compiled with GCC 6.0.1, ASan and valgrind shows issues, program segfaults. If I go below -O2, the execution at least does not segfault. Developers so far couldn't understand whats happening. No issues if compiled with latest Clang or ICC. I am trying to understand if this is a potential GCC bug and it's worth filling another BZ ticket. I am trying to reg-test as much as I can before GCC 6.1.0 is cut. What are your thoughts? Bisect brought me to this commit as being the culprit: 7ae97ba6651703d99d9f0e20a4e48eb7743c103c is the first bad commit commit 7ae97ba6651703d99d9f0e20a4e48eb7743c103c Author: rguenth <rguenth@138bc75d-0d04-0410-961f-82ee72b054a4> Date: Thu Dec 10 09:41:08 2015 +0000 2015-12-10 Richard Biener <rguent...@suse.de> PR ipa/68331 [..] git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@231498 138bc75d-0d04-0410-961f-82ee72b054a4 What fails is: 421 std::unique_ptr<ParameterDescriptionNode> node = std::make_unique<ParameterDescription<T>>(iLabel, value, isTracked); 422 ParameterDescriptionNode* pnode = addNode(std::move(node), isOptional, writeToCfi); addNode will segfault std::unique_ptr content is wrong. If one would do node.get() you get 0x100000000 trying to access such memory will cause segfault. So, I took 7ae97ba6651703d99d9f0e20a4e48eb7743c103c (first bad commit) and 6c2acfc4892316b46df0fe4a6769fb6766ab1e0b (last good) and compared assembly for edmtest::ProducerWithPSetDesc::fillDescriptions(edm::ConfigurationDescriptions&). I found no significant differences, all are offsets. I know that the second call to edm::ParameterSetDescription::addNode fails. [..] 48 1f5f1: e8 9a 7d ff ff callq 17390 <edm::ParameterDescriptionBase* edm::ParameterSetDescription::add<int, char [6]>(char const (&) [6], int const&, bool, bool, bool)@plt> 49 1f5f6: 48 8d 35 d3 f4 01 00 lea 0x1f4d3(%rip),%rsi # 3ead0 <_fini+0x2a10> 50 1f5fd: 48 89 c7 mov %rax,%rdi 51 1f600: e8 db 83 ff ff callq 179e0 <edm::ParameterDescriptionNode::setComment(char const*)@plt> 52 1f605: 48 8d 85 50 fe ff ff lea -0x1b0(%rbp),%rax 53 1f60c: 48 8d bd 20 d7 ff ff lea -0x28e0(%rbp),%rdi 54 1f613: 48 8d 35 c9 cb 01 00 lea 0x1cbc9(%rip),%rsi # 3c1e3 <_fini+0x123> 55 1f61a: 31 c9 xor %ecx,%ecx 56 1f61c: c7 85 50 fe ff ff 01 movl $0x80000001,-0x1b0(%rbp) 57 1f623: 00 00 80 58 1f626: 48 89 c2 mov %rax,%rdx 59 1f629: 48 89 85 98 d0 ff ff mov %rax,-0x2f68(%rbp) 60 1f630: e8 7b 91 ff ff callq 187b0 <std::_MakeUniq<edm::ParameterDescription<int> >::__single_object std::make_unique<edm::ParameterDescription<int>, char const (&) [16], int const&, bool&>(char const (&) [16], int const&, bool&) [clone .isra.142] > 61 1f635: 48 8b 85 20 d7 ff ff mov -0x28e0(%rbp),%rax 62 1f63c: b9 01 00 00 00 mov $0x1,%ecx 63 1f641: 31 d2 xor %edx,%edx 64 1f643: 4c 89 f6 mov %r14,%rsi 65 1f646: 4c 89 ff mov %r15,%rdi 66 1f649: 48 89 85 10 ff ff ff mov %rax,-0xf0(%rbp) 67 1f650: e8 9b 77 ff ff callq 16df0 <edm::ParameterSetDescription::addNode(std::unique_ptr<edm::ParameterDescriptionNode, std::default_delete<edm::ParameterDescriptionNode> >, bool, bool)@plt> 68 1f655: 48 8b bd 10 ff ff ff mov -0xf0(%rbp),%rdi [..] Before that it calls the cloned function. Pointer becomes wrong after line 66 [%rax,-0xf0(%rbp)]. Then I looked into cloned function between two commits. This showed some differences: 3 @@ -19,7 +19,6 @@ 4 48 89 df mov %rbx,%rdi 5 e8 75 e8 ff ff callq 17060 <edm 6 48 8b 05 a6 36 03 00 mov 0x336a6(%rip),%rax # 4be98 <_DYNAMIC+0x430> 7 - 49 89 1c 24 mov %rbx,(%r12) 8 48 83 c0 10 add $0x10,%rax 9 48 89 03 mov %rax,(%rbx) 10 41 8b 45 00 mov 0x0(%r13),%eax 11 @@ -34,9 +33,10 @@ 12 48 89 c5 mov %rax,%rbp 13 48 89 df mov %rbx,%rdi 14 be 28 00 00 00 mov $0x28,%esi 15 - e8 50 e4 ff ff callq 16c70 <operator delete(void*, unsigned long)@plt> 16 + e8 54 e4 ff ff callq 16c70 <operator delete(void*, unsigned long)@plt> 17 48 89 ef mov %rbp,%rdi 18 - e8 48 ef ff ff callq 17770 <_Unwind_Resume@plt> 19 - 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 20 - 00 21 + e8 4c ef ff ff callq 17770 <_Unwind_Resume@plt> 22 + 66 90 xchg %ax,%ax 23 + 66 2e 0f 1f 84 00 00 nopw %cs 24 + 00 00 00 ##### ASAN REPORT ##### ASAN:DEADLYSIGNAL ================================================================= ==11345==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x2abffdb95e22 bp 0x7ffd8abe14b0 sp 0x7ffd8abe12c0 T0) #0 0x2abffdb95e21 in edm::ParameterDescriptionNode::checkAndGetLabelsAndTypes(std::set<std::string, std::less<std::string>, std::allocator<std::string> >&, std::set<edm::ParameterTypes, std::less<edm::ParameterTypes>, std::allocator<edm::ParameterTypes> >&, std::set<e dm::ParameterTypes, std::less<edm::ParameterTypes>, std::allocator<edm::ParameterTypes> >&) const /mnt/build/davidlt/CMSSW_8_1_X_2016-04-18-1100/src/FWCore/ParameterSet/interface/ParameterDescriptionNode.h:213 #1 0x2abffdb95e21 in edm::ParameterSetDescription::addNode(std::unique_ptr<edm::ParameterDescriptionNode, std::default_delete<edm::ParameterDescriptionNode> >, bool, bool) /mnt/build/davidlt/CMSSW_8_1_X_2016-04-18-1100/src/FWCore/ParameterSet/src/ParameterSetDescripti on.cc:92 #2 0x2ac0041a3961 in edm::ParameterDescriptionBase* edm::ParameterSetDescription::add<int, char [16]>(char const (&) [16], int const&, bool, bool, bool) /mnt/build/davidlt/CMSSW_8_1_X_2016-04-18-1100/src/FWCore/ParameterSet/interface/ParameterSetDescription.h:422 #3 0x2ac0041a3961 in edm::ParameterDescriptionBase* edm::ParameterSetDescription::addUntracked<int, char [16]>(char const (&) [16], int const&) /mnt/build/davidlt/CMSSW_8_1_X_2016-04-18-1100/src/FWCore/ParameterSet/interface/ParameterSetDescription.h:95 [..] ##### VALGRIND REPORT ##### These happens already after calling edm::ParameterSetDescription::addNode where the pointer is already wrong. ==31968== Use of uninitialised value of size 8 ==31968== at 0x40C7674: checkAndGetLabelsAndTypes (ParameterDescriptionNode.h:213) ==31968== by 0x40C7674: edm::ParameterSetDescription::addNode(std::unique_ptr<edm::ParameterDescriptionNode, std::default_delete<edm::ParameterDescriptionNode> >, bool, bool) (ParameterSetDescription.cc:92) ==31968== by 0x8705657: add<int, char [16]> (ParameterSetDescription.h:422) ==31968== by 0x8705657: addUntracked<int, char [16]> (ParameterSetDescription.h:95) ==31968== by 0x8705657: edmtest::ProducerWithPSetDesc::fillDescriptions(edm::ConfigurationDescriptions&) (ProducerWithPSetDesc.cc:459) ==31968== by 0x871ABBB: edm::ParameterSetDescriptionFiller<edmtest::ProducerWithPSetDesc>::fill(edm::ConfigurationDescriptions&) const (ParameterSetDescriptionFiller.h:55) ==31968== by 0x4059BF: operator() (edmWriteConfigs.cpp:90) ==31968== by 0x4059BF: wrap<(anonymous namespace)::writeCfisForPlugin(const string&, edm::ParameterSetDescriptionFillerPluginFactory*)::<lambda()> > (ConvertException.h:20) ==31968== by 0x4059BF: writeCfisForPlugin (edmWriteConfigs.cpp:91) ==31968== by 0x4059BF: __call<void, std::basic_string<char, std::char_traits<char>, std::allocator<char> >&, 0ul, 1ul> (functional:943) ==31968== by 0x4059BF: operator()<std::basic_string<char, std::char_traits<char>, std::allocator<char> >&> (functional:1002) ==31968== by 0x4059BF: for_each<__gnu_cxx::__normal_iterator<std::basic_string<char>*, std::vector<std::basic_string<char> > >, std::_Bind<void (*(std::_Placeholder<1>, edmplugin::PluginFactory<edm::ParameterSetDescriptionFillerBase*()>*))(const std::basic_string<cha r>&, edmplugin::PluginFactory<edm::ParameterSetDescriptionFillerBase*()>*)> > (stl_algo.h:3776) ==31968== by 0x4059BF: for_all<std::vector<std::basic_string<char> >, std::_Bind<void (*(std::_Placeholder<1>, edmplugin::PluginFactory<edm::ParameterSetDescriptionFillerBase*()>*))(const std::basic_string<char>&, edmplugin::PluginFactory<edm::ParameterSetDescription FillerBase*()>*)> > (Algorithms.h:17) ==31968== by 0x4059BF: operator() (edmWriteConfigs.cpp:285) ==31968== by 0x4059BF: wrap<main(int, char**)::<lambda()> > (ConvertException.h:20) ==31968== by 0x4059BF: main (edmWriteConfigs.cpp:286) ==31968== Uninitialised value was created by a stack allocation ==31968== at 0x8705544: edmtest::ProducerWithPSetDesc::fillDescriptions(edm::ConfigurationDescriptions&) (ProducerWithPSetDesc.cc:438) ==31968== ==31968== Invalid read of size 8 ==31968== at 0x40C7674: checkAndGetLabelsAndTypes (ParameterDescriptionNode.h:213) ==31968== by 0x40C7674: edm::ParameterSetDescription::addNode(std::unique_ptr<edm::ParameterDescriptionNode, std::default_delete<edm::ParameterDescriptionNode> >, bool, bool) (ParameterSetDescription.cc:92) ==31968== by 0x8705657: add<int, char [16]> (ParameterSetDescription.h:422) ==31968== by 0x8705657: addUntracked<int, char [16]> (ParameterSetDescription.h:95) ==31968== by 0x8705657: edmtest::ProducerWithPSetDesc::fillDescriptions(edm::ConfigurationDescriptions&) (ProducerWithPSetDesc.cc:459) ==31968== by 0x871ABBB: edm::ParameterSetDescriptionFiller<edmtest::ProducerWithPSetDesc>::fill(edm::ConfigurationDescriptions&) const (ParameterSetDescriptionFiller.h:55) ==31968== by 0x4059BF: operator() (edmWriteConfigs.cpp:90) ==31968== by 0x4059BF: wrap<(anonymous namespace)::writeCfisForPlugin(const string&, edm::ParameterSetDescriptionFillerPluginFactory*)::<lambda()> > (ConvertException.h:20) ==31968== by 0x4059BF: writeCfisForPlugin (edmWriteConfigs.cpp:91) ==31968== by 0x4059BF: __call<void, std::basic_string<char, std::char_traits<char>, std::allocator<char> >&, 0ul, 1ul> (functional:943) ==31968== by 0x4059BF: operator()<std::basic_string<char, std::char_traits<char>, std::allocator<char> >&> (functional:1002) ==31968== by 0x4059BF: for_each<__gnu_cxx::__normal_iterator<std::basic_string<char>*, std::vector<std::basic_string<char> > >, std::_Bind<void (*(std::_Placeholder<1>, edmplugin::PluginFactory<edm::ParameterSetDescriptionFillerBase*()>*))(const std::basic_string<cha r>&, edmplugin::PluginFactory<edm::ParameterSetDescriptionFillerBase*()>*)> > (stl_algo.h:3776) ==31968== by 0x4059BF: for_all<std::vector<std::basic_string<char> >, std::_Bind<void (*(std::_Placeholder<1>, edmplugin::PluginFactory<edm::ParameterSetDescriptionFillerBase*()>*))(const std::basic_string<char>&, edmplugin::PluginFactory<edm::ParameterSetDescription FillerBase*()>*)> > (Algorithms.h:17) ==31968== by 0x4059BF: operator() (edmWriteConfigs.cpp:285) ==31968== by 0x4059BF: wrap<main(int, char**)::<lambda()> > (ConvertException.h:20) ==31968== by 0x4059BF: main (edmWriteConfigs.cpp:286) ==31968== Address 0x1ffdfeb5400000 is not stack'd, malloc'd or (recently) free'd