search

csmith-project / creduce

C-Reduce, a C and C++ program reducer
Other
1.46k stars 128 forks source link

another segfault in multiple transformations (c++) #227

Closed ZhangZhuoSJTU closed 3 years ago

ZhangZhuoSJTU commented 3 years ago

test.cc:

int main() {
    union {
        union {
    typeof(({
                union {
                    auto x = f0;

PASS_BUG_INFO.TXT:

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::remove-unused-function has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=remove-unused-function --counter=1 /tmp/creduce-QEoCqz/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_000
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::callexpr-to-value has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=callexpr-to-value --counter=1 /tmp/creduce-IV8bGU/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_001
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::replace-callexpr has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=replace-callexpr --counter=1 /tmp/creduce-GimnLc/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_002
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::simplify-callexpr has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=simplify-callexpr --counter=1 /tmp/creduce-C3CxER/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_003
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::remove-unused-enum-member has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=remove-unused-enum-member --counter=1 /tmp/creduce-GzJsNd/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_004
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::remove-enum-member-value has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=remove-enum-member-value --counter=1 /tmp/creduce-RdfymH/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_005
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::remove-namespace has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=remove-namespace --counter=1 /tmp/creduce-zvVsLl/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_006
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::aggregate-to-scalar has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=aggregate-to-scalar --counter=1 /tmp/creduce-B6nbdB/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_007
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::param-to-global has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=param-to-global --counter=1 /tmp/creduce-OwYdqk/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_008
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::param-to-local has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=param-to-local --counter=1 /tmp/creduce-ogT306/test.cc

Please consider tarring up /data/zhan3299/docker_share/clang/creduce_bug_009
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************
marxin commented 3 years ago

Confirmed, crashes here:

==10160== Invalid read of size 2
==10160==    at 0x83641F2: getDeclKind (DeclBase.h:1810)
==10160==    by 0x83641F2: isObjCContainer (DeclBase.h:1856)
==10160==    by 0x83641F2: clang::Sema::ActOnTagFinishDefinition(clang::Scope*, clang::Decl*, clang::SourceRange) (SemaDecl.cpp:16234)
==10160==    by 0x79A35A0: clang::Parser::ParseCXXMemberSpecification(clang::SourceLocation, clang::SourceLocation, clang::Parser::ParsedAttributesWithRange&, unsigned int, clang::Decl*) (ParseDeclCXX.cpp:3402)
==10160==    by 0x79A01E9: clang::Parser::ParseClassSpecifier(clang::tok::TokenKind, clang::SourceLocation, clang::DeclSpec&, clang::Parser::ParsedTemplateInfo const&, clang::AccessSpecifier, bool, clang::Parser::DeclSpecContext, clang::Parser::ParsedAttributesWithRange&) (ParseDeclCXX.cpp:1962)
==10160==    by 0x797B9BD: clang::Parser::ParseDeclarationSpecifiers(clang::DeclSpec&, clang::Parser::ParsedTemplateInfo const&, clang::AccessSpecifier, clang::Parser::DeclSpecContext, clang::Parser::LateParsedAttrList*) (ParseDecl.cpp:3834)
==10160==    by 0x797B1E6: clang::Parser::ParseSimpleDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::Parser::ParsedAttributesWithRange&, bool, clang::Parser::ForRangeInit*, clang::SourceLocation*) (ParseDecl.cpp:1671)
==10160==    by 0x797AACD: clang::Parser::ParseDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::Parser::ParsedAttributesWithRange&, clang::SourceLocation*) (ParseDecl.cpp:1633)
==10160==    by 0x7A1045A: clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::Parser::ParsedAttributesWithRange&) (ParseStmt.cpp:222)
==10160==    by 0x7A0FEC2: clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) (ParseStmt.cpp:106)
==10160==    by 0x7A197F2: clang::Parser::ParseCompoundStatementBody(bool) (ParseStmt.cpp:1089)
==10160==    by 0x7A1AB7F: clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) (ParseStmt.cpp:2237)
==10160==    by 0x7A3719E: clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) (Parser.cpp:1339)
==10160==    by 0x798278D: clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::SourceLocation*, clang::Parser::ForRangeInit*) (ParseDecl.cpp:1924)
==10160==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
chenyang78 commented 3 years ago

Similar to issue #226. This crash also came from clang's parsing routines. 

$ clang -c test.cc                                                                     
test.cc:6:13: error: 'auto' not allowed in non-static union member                                                                                                                                          
...
clang: /backup/work/compilers/compiler-source/llvm-project/clang/lib/Sema/SemaDecl.cpp:1286: void clang::Sema::PushDeclContext(clang::Scope *, clang::DeclContext *): Assertion `DC->getLexicalParent() == C
urContext && "The next DeclContext should be lexically contained in the current one."' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /backup/work/compilers/compiler-install/llvm-12.0.0-dev/bin/clang -c test.cc
1.      <eof> parser at end of file
2.      test.cc:1:12: parsing function body 'main'
3.      test.cc:1:12: in compound statement ('{}')
4.      test.cc:2:3: parsing struct/union/class body ''
 #0 0x0000000002f7987a llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/Unix/Signals.inc:563:11
 #1 0x0000000002f79a4b PrintStackTraceSignalHandler(void*) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/Unix/Signals.inc:630:1
 #2 0x0000000002f7803b llvm::sys::RunSignalHandlers() /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/Signals.cpp:70:5
 #3 0x0000000002f7916e llvm::sys::CleanupOnSignal(unsigned long) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/Unix/Signals.inc:362:1
 #4 0x0000000002eb3618 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:75:20
 #5 0x0000000002eb38f3 CrashRecoverySignalHandler(int) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:389:1
 #6 0x00007f91245d0890 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
 #7 0x00007f9123022e97 raise /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
 #8 0x00007f9123024801 abort /build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:81:0
 #9 0x00007f912301439a __assert_fail_base /build/glibc-OTsEL5/glibc-2.27/assert/assert.c:89:0
#10 0x00007f9123014412 (/lib/x86_64-linux-gnu/libc.so.6+0x30412)
#11 0x0000000006b19229 clang::Sema::PushDeclContext(clang::Scope*, clang::DeclContext*) /backup/work/compilers/compiler-source/llvm-project/clang/lib/Sema/SemaDecl.cpp:1287:16

Closing it as not a creduce issue. Thanks.