[Bug fortran/87908] ICE in check_interface0, at fortran/interface.c:1841

2019-09-29 Thread egallager at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87908

Eric Gallager  changed:

   What|Removed |Added

   Keywords||error-recovery,
   ||ice-on-invalid-code
 CC||egallager at gcc dot gnu.org
   Severity|normal  |minor

--- Comment #2 from Eric Gallager  ---
(In reply to Dominique d'Humieres from comment #1)
> > ICE affects versions 8/9 :
> 
> For gcc7 I see
> 
> (null):0: confused by earlier errors, bailing out
> 
> which is equivalent to an ICE when gcc is configured with
> --enable-checking=release
> 
> gcc6 gives
> 
> pr87908.f90:6:21:
> 
>generic :: read(formatted) => g
>  1
> Error: Expected '=>' at (1)
> pr87908.f90:12:20:
> 
>interface read(formatted)
> 1
> Error: Syntax error: Trailing garbage in INTERFACE statement at (1)
> pr87908.f90:13:9:
> 
>   procedure g
>  1
> Error: Unclassifiable statement at (1)
> pr87908.f90:14:9:
> 
>end interface
>  1
> Error: Expecting END SUBROUTINE statement at (1)
> 

so that makes this an ice-on-invalid then

[Bug fortran/87908] ICE in check_interface0, at fortran/interface.c:1841

2018-11-06 Thread dominiq at lps dot ens.fr 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87908

Dominique d'Humieres  changed:

   What|Removed |Added

 Status|UNCONFIRMED |NEW
   Last reconfirmed||2018-11-06
 Ever confirmed|0   |1

--- Comment #1 from Dominique d'Humieres  ---
> ICE affects versions 8/9 :

For gcc7 I see

(null):0: confused by earlier errors, bailing out

which is equivalent to an ICE when gcc is configured with
--enable-checking=release

gcc6 gives

pr87908.f90:6:21:

   generic :: read(formatted) => g
 1
Error: Expected '=>' at (1)
pr87908.f90:12:20:

   interface read(formatted)
1
Error: Syntax error: Trailing garbage in INTERFACE statement at (1)
pr87908.f90:13:9:

  procedure g
 1
Error: Unclassifiable statement at (1)
pr87908.f90:14:9:

   end interface
 1
Error: Expecting END SUBROUTINE statement at (1)

Compiling the test with an instrumented compiler gives

=
==69263==ERROR: AddressSanitizer: heap-use-after-free on address 0x61309e14
at pc 0x000100170f91 bp 0x7ffeefbfe5f0 sp 0x7ffeefbfe5e8
READ of size 1 at 0x61309e14 thread T0
#0 0x100170f90 in check_interface0(gfc_interface*, char const*)
interface.c:1836
#1 0x10018e217 in check_sym_interfaces(gfc_symbol*) interface.c:1974
#2 0x1004bb14d in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*)) symbol.c:4151
#3 0x1004d8313 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
symbol.c:4176
#4 0x10019595f in gfc_check_interfaces(gfc_namespace*) interface.c:2085
#5 0x100438af2 in resolve_types(gfc_namespace*) resolve.c:16643
#6 0x100438903 in resolve_types(gfc_namespace*) resolve.c:16638
#7 0x1003cabe0 in gfc_resolve(gfc_namespace*) resolve.c:16741
#8 0x10034f049 in gfc_parse_file() parse.c:6266
#9 0x100522fbf in gfc_be_parse_file() f95-lang.c:204
#10 0x10611cde8 in compile_file() toplev.c:455
#11 0x1061284a3 in do_compile() toplev.c:2172
#12 0x10915f5d7 in toplev::main(int, char**) toplev.c:2307
#13 0x1095b359c in main main.c:39
#14 0x7fff703f908c in start (libdyld.dylib:x86_64+0x1708c)

0x61309e14 is located 84 bytes inside of 344-byte region
[0x61309dc0,0x61309f18)
freed by thread T0 here:
#0 0x158cb18e0 in wrap_free.part.0 sanitizer_malloc_mac.inc:121
#1 0x1004d7a4a in gfc_free_symbol(gfc_symbol*) symbol.c:3081
#2 0x1004d7d96 in gfc_release_symbol(gfc_symbol*) symbol.c:3108
#3 0x10034 in gfc_fixup_sibling_symbols(gfc_symbol*, gfc_namespace*)
parse.c:5485
#4 0x10034d679 in parse_contained(int) parse.c:5577
#5 0x10034e74e in parse_module() parse.c:5943
#6 0x10034f77e in gfc_parse_file() parse.c:6239
#7 0x100522fbf in gfc_be_parse_file() f95-lang.c:204
#8 0x10611cde8 in compile_file() toplev.c:455
#9 0x1061284a3 in do_compile() toplev.c:2172
#10 0x10915f5d7 in toplev::main(int, char**) toplev.c:2307
#11 0x1095b359c in main main.c:39
#12 0x7fff703f908c in start (libdyld.dylib:x86_64+0x1708c)

previously allocated by thread T0 here:
#0 0x158cb0db3 in wrap_calloc sanitizer_malloc_mac.inc:132
#1 0x10869f9ea in xcalloc xmalloc.c:162
#2 0x1004cf141 in gfc_new_symbol(char const*, gfc_namespace*) symbol.c:3117
#3 0x1004d16cf in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool) symbol.c:3369
#4 0x1004d2cfd in gfc_get_symbol(char const*, gfc_namespace*, gfc_symbol**)
symbol.c:3419
#5 0x1000b22c2 in match_procedure_in_interface() decl.c:6912
#6 0x1000ef830 in gfc_match_procedure() decl.c:6952
#7 0x100330018 in match_word(char const*, match (*)(), locus*) parse.c:65
#8 0x10033da46 in decode_statement() parse.c:541
#9 0x10033eef6 in next_free() parse.c:1234
#10 0x10033f8cb in next_statement() parse.c:1466
#11 0x1003473bb in parse_interface() parse.c:3455
#12 0x100345f9f in parse_spec(gfc_statement) parse.c:3810
#13 0x10034cbfa in parse_progunit(gfc_statement) parse.c:5671
#14 0x10034d622 in parse_contained(int) parse.c:5574
#15 0x10034e74e in parse_module() parse.c:5943
#16 0x10034f77e in gfc_parse_file() parse.c:6239
#17 0x100522fbf in gfc_be_parse_file() f95-lang.c:204
#18 0x10611cde8 in compile_file() toplev.c:455
#19 0x1061284a3 in do_compile() toplev.c:2172
#20 0x10915f5d7 in toplev::main(int, char**) toplev.c:2307
#21 0x1095b359c in main main.c:39
#22 0x7fff703f908c in start (libdyld.dylib:x86_64+0x1708c)

SUMMARY: AddressSanitizer: heap-use-after-free interface.c:1836 in
check_interface0(gfc_interface*, char const*)
Shadow bytes around the buggy address:
  0x1c261370: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c261380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd