"-fno-inline" may cause miscompile / segmentation fault

[steffenb7333]

I am currently debugging a segmentation fault seemingly caused by passing "-fno-inline" to gcc. At the moment I am not able to give a minimal working example which is able to show the phenomenon and I cannot post the original code which causes the problem in question, so I will try to give as much information as possible.

The crashing code is question is a code block like

{
 // non-fmt-stuff-here
 const auto str = std::string{"a string"};
 return fmt::format("text text {}", str);
}

This results in a segmentation fault with a backtrace (sanitized):

#0  __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:391
#1  0x00000000003cf516 in std::__copy_move<false, true, std::random_access_iterator_tag>::__copy_m<char> (__first=<optimized out>, 
    __last=__last@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, __result=__result@entry=0x7fffe76e202c "")
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_algobase.h:431
#2  0x00000000003cf923 in std::__copy_move_a2<false, char const*, char*> (__first=<optimized out>, 
    __last=__last@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, __result=__result@entry=0x7fffe76e202c "")
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_algobase.h:495
#3  0x00000000003cf931 in std::__copy_move_a1<false, char const*, char*> (__first=<optimized out>, 
    __last=__last@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, __result=__result@entry=0x7fffe76e202c "")
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_algobase.h:522
#4  0x00000000003cf975 in std::__copy_move_a<false, char const*, char*> (__first=0x7fffffffc9c0 "`\272R", 
    __last=__last@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, __result=<optimized out>, __result@entry=0x7fffe76e202c "")
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_algobase.h:529
#5  0x00000000003cf9b6 in std::copy<char const*, char*> (__first=__first@entry=0x7fffffffc9c0 "`\272R", 
    __last=__last@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, __result=0x7fffe76e202c "")
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_algobase.h:620
#6  0x00000000003cf9c4 in std::__uninitialized_copy<true>::__uninit_copy<char const*, char*> (__first=__first@entry=0x7fffffffc9c0 "`\272R", 
    __last=__last@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, __result=<optimized out>)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_uninitialized.h:110
#7  0x00000000003cf9d2 in std::uninitialized_copy<char const*, char*> (__first=__first@entry=0x7fffffffc9c0 "`\272R", 
    __last=__last@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, __result=<optimized out>)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_uninitialized.h:151
#8  0x00000000003cf9e3 in std::__uninitialized_copy_n<char const*, unsigned long, char*> (__first=__first@entry=0x7fffffffc9c0 "`\272R", __n=__n@entry=4120324, __result=<optimized out>)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_uninitialized.h:825
#9  0x00000000003cf9f1 in std::uninitialized_copy_n<char const*, unsigned long, char*> (__first=__first@entry=0x7fffffffc9c0 "`\272R", __n=__n@entry=4120324, __result=<optimized out>)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/include/g++-v11/bits/stl_uninitialized.h:874
#10 0x00000000003cfa23 in fmt::v8::detail::buffer<char>::append<char> (this=0x7fffffffc5b0, begin=begin@entry=0x7fffffffc9c0 "`\272R", 
    end=end@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>) at /usr/include/fmt/format.h:636
#11 0x00000000003d2b3b in fmt::v8::detail::copy_str<char, char const*> (begin=0x7fffffffc9c0 "`\272R", 
    end=end@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, out=...) at /usr/include/fmt/core.h:1631
#12 0x00000000003d3f02 in fmt::v8::detail::copy_str_noinline<char, char const*, fmt::v8::appender> (begin=<optimized out>, 
    end=end@entry=0x8000003ea8c4 <error: Cannot access memory at address 0x8000003ea8c4>, out=..., out@entry=...) at /usr/include/fmt/format.h:471
#13 0x00000000003d4188 in fmt::v8::detail::write<char, fmt::v8::appender> (out=..., value=...) at /usr/include/fmt/format.h:2078
#14 0x00000000003d41f6 in fmt::v8::detail::default_arg_formatter<char>::operator()<fmt::v8::basic_string_view<char> > (this=this@entry=0x7fffffffc410, value=...)
    at /usr/include/fmt/format.h:2197
#15 0x00000000003e27f6 in fmt::v8::visit_format_arg<fmt::v8::detail::default_arg_formatter<char>, fmt::v8::basic_format_context<fmt::v8::appender, char> > (arg=..., vis=...)
    at /usr/include/fmt/core.h:1618
#16 fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler::on_replacement_field(int, char const*) (id=<optimized out>, this=0x7fffffffc4b0) at /usr/include/fmt/format.h:2962
#17 fmt::v8::detail::parse_replacement_field<char, fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler&>(char const*, char const*, fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler&) (begin=0x2214ed "}", begin@entry=0x2214ec "{}", end=end@entry=0x2214ee "", handler=...) at /usr/include/fmt/core.h:2591
#18 0x00000000003e2d8c in fmt::v8::detail::parse_format_string<false, char, fmt::v8::detail::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler>(fmt::v8::basic_string_view<char>, fmt::v8::deta--Type <RET> for more, q to quit, c to continue without paging--
il::vformat_to<char>(fmt::v8::detail::buffer<char>&, fmt::v8::basic_string_view<char>, fmt::v8::basic_format_args<fmt::v8::basic_format_context<std::conditional<std::is_same<fmt::v8::type_identity<char>::type, char>::value, fmt::v8::appender, std::back_insert_iterator<fmt::v8::detail::buffer<fmt::v8::type_identity<char>::type> > >::type, fmt::v8::type_identity<char>::type> >, fmt::v8::detail::locale_ref)::format_handler&&) (handler=..., format_str=...) at /usr/include/fmt/core.h:2626
#19 fmt::v8::detail::vformat_to<char> (buf=..., fmt=..., args=..., loc=...) at /usr/include/fmt/format.h:2988
...

gcc-11.2.0 with fmt-8.0.1 and fmt-8.1.1 were tested (header-only).
gcc options used: -std=c++17 -ggdb3 -Og -fvar-tracking-assignments

[vitaut]

I think we'll need a repro for this.

[steffenb7333]

I will keep trying to create one but up until now I can only get this in non-public production code.

But I have a gut feeling this may be somewhere / somehow related to #2357.

[vitaut]

The effects are similar to that of an ODR violation but I'm not sure why it would be caused by -fno-inline. My guess is that some TUs (maybe a dependency) are compiled with different compiler flags.

[vitaut]

BTW #2357 has been fixed so if you think this is related you might want to check the latest master.

[steffenb7333]

Hm... that may take some time b/c master breaks constructs like
fmt::format("text {} text", std::quoted(somestring));
which the code uses a lot...

If that is intentional, then I will have to tackle that problem before the next fmt-version is released anyway...

[vitaut]

Closing as this is not actionable right now but feel free to reopen with repro details.

If that is intentional

It is.