search

csmith-project / creduce

C-Reduce, a C and C++ program reducer
Other
1.25k stars 123 forks source link

additional segfault on c++ #228

Closed ZhangZhuoSJTU closed 3 years ago

ZhangZhuoSJTU commented 3 years ago

test.cc:

int main() {
       [] (short __attribute__ ((noinline(throw __builtin_extend_pointer0 ? (x != 2 && ((x & (0 + 0 - x ? 0 : ({
      return 0;

PASS_BUG_INFO.TXT:

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::remove-unused-function has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=remove-unused-function --counter=1 /tmp/creduce-iiP8E_/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_000
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::callexpr-to-value has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=callexpr-to-value --counter=1 /tmp/creduce-u9rEl3/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_001
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::replace-callexpr has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=replace-callexpr --counter=1 /tmp/creduce-JDnaw_/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_002
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::simplify-callexpr has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=simplify-callexpr --counter=1 /tmp/creduce-X7pfYO/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_003
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::remove-unused-enum-member has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=remove-unused-enum-member --counter=1 /tmp/creduce-osB59_/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_004
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::remove-enum-member-value has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=remove-enum-member-value --counter=1 /tmp/creduce-4lG3qp/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_005
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::remove-namespace has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=remove-namespace --counter=1 /tmp/creduce-kdPVEP/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_006
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::aggregate-to-scalar has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=aggregate-to-scalar --counter=1 /tmp/creduce-E8mchV/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_007
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::param-to-global has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=param-to-global --counter=1 /tmp/creduce-DEI6r2/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_008
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************

creduce 2.10.0
fb91843
Linux
xxx
4.15.0-135-generic
#139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021
x86_64

***************************************************

pass_clang::param-to-local has encountered a bug:
crashed: "/usr/lib/x86_64-linux-gnu/clang_delta" --transformation=param-to-local --counter=1 /tmp/creduce-67bkWQ/test.cc

Please consider tarring up /data/xxx/docker_share/clang/creduce_bug_009
and mailing it to creduce-bugs@flux.utah.edu and we will try to fix
the bug.

This bug is not fatal, C-Reduce will continue to execute.

***************************************************
marxin commented 3 years ago

Confirmed, crashes here:

==10207== Invalid read of size 8
==10207==    at 0x882A2FE: UnknownInlinedFun (PointerIntPair.h:61)
==10207==    by 0x882A2FE: UnknownInlinedFun (PointerUnion.h:188)
==10207==    by 0x882A2FE: hasExtInfo (Decl.h:686)
==10207==    by 0x882A2FE: getTypeSourceInfo (Decl.h:701)
==10207==    by 0x882A2FE: hasDeducedReturnType (SemaStmt.cpp:3261)
==10207==    by 0x882A2FE: clang::Sema::ActOnCapScopeReturnStmt(clang::SourceLocation, clang::Expr*) (SemaStmt.cpp:3276)
==10207==    by 0x882CF37: clang::Sema::BuildReturnStmt(clang::SourceLocation, clang::Expr*) (SemaStmt.cpp:3616)
==10207==    by 0x882CD4A: clang::Sema::ActOnReturnStmt(clang::SourceLocation, clang::Expr*, clang::Scope*) (SemaStmt.cpp:3593)
==10207==    by 0x7A17656: clang::Parser::ParseReturnStatement() (ParseStmt.cpp:2180)
==10207==    by 0x7A1098E: clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::Parser::ParsedAttributesWithRange&) (ParseStmt.cpp:282)
==10207==    by 0x7A0FEC2: clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) (ParseStmt.cpp:106)
==10207==    by 0x7A197F2: clang::Parser::ParseCompoundStatementBody(bool) (ParseStmt.cpp:1089)
==10207==    by 0x79BCBAE: UnknownInlinedFun (ParseStmt.cpp:903)
==10207==    by 0x79BCBAE: UnknownInlinedFun (ParseStmt.cpp:868)
==10207==    by 0x79BCBAE: clang::Parser::ParseParenExpression(clang::Parser::ParenParseOption&, bool, bool, clang::OpaquePtr<clang::QualType>&, clang::SourceLocation&) (ParseExpr.cpp:2871)
==10207==    by 0x79B79CC: clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, bool&, clang::Parser::TypeCastState, bool, bool*) (ParseExpr.cpp:957)
==10207==    by 0x79B099F: ParseCastExpression (ParseExpr.cpp:681)
==10207==    by 0x79B099F: clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) (ParseExpr.cpp:173)
==10207==    by 0x79B1446: clang::Parser::ParseRHSOfBinaryExpression(clang::ActionResult<clang::Expr*, true>, clang::prec::Level) (ParseExpr.cpp:544)
==10207==    by 0x79B0A59: clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) (ParseExpr.cpp:176)
==10207==  Address 0x38 is not stack'd, malloc'd or (recently) free'd
chenyang78 commented 3 years ago

Looks like it's another crash in clang. 

$ clang -c test.cc                                                                     
test.cc:2:79: error: use of undeclared identifier 'x'                                                                                                                                                       
               [] (short __attribute__ ((noinline(throw __builtin_extend_pointer0 ? (x != 2 && ((x & (0 + 0 - x ? 0 : ({                                                                                    
                                                                                     ^                                                                                                                      
test.cc:2:91: error: use of undeclared identifier 'x'                                                                                                                                                       
               [] (short __attribute__ ((noinline(throw __builtin_extend_pointer0 ? (x != 2 && ((x & (0 + 0 - x ? 0 : ({                                                                                    
                                                                                                 ^                                                                                                          
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.                                                                       
Stack dump:                                                                                                                                                                                                 
0.      Program arguments: /backup/work/compilers/compiler-install/llvm-12.0.0-dev/bin/clang -c test.cc                                                                                                     
1.      test.cc:3:33: current parser token ';'                                                                                                                                                              
2.      test.cc:1:12: parsing function body 'main'                                                                                                                                                          
3.      test.cc:1:12: in compound statement ('{}')                                                                                                                                                          
4.      test.cc:2:9: lambda expression parsing                                                                                                                                                              
5.      test.cc:2:113: in compound statement ('{}')                                                                                                                                                         
 #0 0x0000000002f7987a llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/Unix/Signals.inc:563:11                                     
 #1 0x0000000002f79a4b PrintStackTraceSignalHandler(void*) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/Unix/Signals.inc:630:1                                                      
 #2 0x0000000002f7803b llvm::sys::RunSignalHandlers() /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/Signals.cpp:70:5                                                                 
 #3 0x0000000002f7916e llvm::sys::CleanupOnSignal(unsigned long) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/Unix/Signals.inc:362:1                                                
 #4 0x0000000002eb3618 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:75:20 
 #5 0x0000000002eb38f3 CrashRecoverySignalHandler(int) /backup/work/compilers/compiler-source/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:389:1                                                  
 #6 0x00007f507c538890 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)                                                                                                                         
 #7 0x000000000335b2c0 llvm::PointerIntPair<void*, 1u, int, llvm::pointer_union_detail::PointerUnionUIntTraits<clang::TypeSourceInfo*, clang::DeclaratorDecl::ExtInfo*>, llvm::PointerIntPairInfo<void*, 1u$
 llvm::pointer_union_detail::PointerUnionUIntTraits<clang::TypeSourceInfo*, clang::DeclaratorDecl::ExtInfo*> > >::getInt() const /backup/work/compilers/compiler-source/llvm-project/llvm/include/llvm/ADT/P
ointerIntPair.h:61:57
 #8 0x000000000335b28f bool llvm::PointerUnion<clang::TypeSourceInfo*, clang::DeclaratorDecl::ExtInfo*>::is<clang::DeclaratorDecl::ExtInfo*>() const /backup/work/compilers/compiler-source/llvm-project/llv
m/include/llvm/ADT/PointerUnion.h:181:31
 #9 0x000000000335b19e clang::DeclaratorDecl::hasExtInfo() const /backup/work/compilers/compiler-source/llvm-project/clang/include/clang/AST/Decl.h:701:29
#10 0x000000000335a98c clang::DeclaratorDecl::getTypeSourceInfo() const /backup/work/compilers/compiler-source/llvm-project/clang/include/clang/AST/Decl.h:716:12
#11 0x00000000073f82b8 hasDeducedReturnType(clang::FunctionDecl*) /backup/work/compilers/compiler-source/llvm-project/clang/lib/Sema/SemaStmt.cpp:3298:32
#12 0x00000000073f76f7 clang::Sema::ActOnCapScopeReturnStmt(clang::SourceLocation, clang::Expr*) /backup/work/compilers/compiler-source/llvm-project/clang/lib/Sema/SemaStmt.cpp:3313:20
#13 0x00000000073f98a8 clang::Sema::BuildReturnStmt(clang::SourceLocation, clang::Expr*) /backup/work/compilers/compiler-source/llvm-project/clang/lib/Sema/SemaStmt.cpp:3653:12
...

Similar to #226 and #227. I am closing this issue as well. Thanks.