public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access
@ 2004-01-14 15:37 bangerth at dealii dot org
2004-01-14 22:38 ` [Bug optimization/13681] " pinskia at gcc dot gnu dot org
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: bangerth at dealii dot org @ 2004-01-14 15:37 UTC (permalink / raw)
To: gcc-bugs
Seems like tree-ssa is getting too good at optimizing :-)
Here's an out-of-bounds access that ICEs tree-ssa:
----------------------------
struct X {
double values[1];
double & foo (const unsigned int index)
{ return values[index]; }
};
void foo() {
double d;
X h1;
h1.foo(1) = d;
}
-------------------------
Note that if I call h1.foo(0), then everything is fine, since we
stay inside the bounds of the values array. However, with the code
as shown, we get
deal.II/base> c++ -c -O2 x.cc
x.cc: In function `void foo()':
x.cc:8: internal compiler error: in get_expr_operands, at
tree-ssa-operands.c:918
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://gcc.gnu.org/bugs.html> for instructions.
This is with yesterday's tree-ssa branch. I hope it will be reasonable
simple to fix, since this is the last ICE I presently get with tree-ssa,
and if it is fixed I'll switch on a nightly tester for tree-ssa that
compiles our library. I can then also finally try to run the generated
code and find all those code-gen bugs :-)
Thanks
W.
--
Summary: [tree-ssa] ICE in get_expr_operands with out-of-bounds
access
Product: gcc
Version: tree-ssa
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: critical
Priority: P2
Component: optimization
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: bangerth at dealii dot org
CC: gcc-bugs at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
@ 2004-01-14 22:38 ` pinskia at gcc dot gnu dot org
2004-01-15 22:17 ` bangerth at dealii dot org
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-01-14 22:38 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-01-14 22:38 -------
Confirmed.
>From Phil's regression hunter: Search converges between 2003-11-29-ssa (#144) and 2003-12
-02-ssa (#145).
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
Last reconfirmed|0000-00-00 00:00:00 |2004-01-14 22:38:48
date| |
Target Milestone|--- |tree-ssa
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
2004-01-14 22:38 ` [Bug optimization/13681] " pinskia at gcc dot gnu dot org
@ 2004-01-15 22:17 ` bangerth at dealii dot org
2004-01-16 10:06 ` steven at gcc dot gnu dot org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: bangerth at dealii dot org @ 2004-01-15 22:17 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From bangerth at dealii dot org 2004-01-15 22:17 -------
I should add that the problem is not easily worked around, as it may
seem at first glance. I have this code on code-paths that are not
taken when the size of the array is smaller than the index. For example
here:
---------------------
void f();
template <int N> struct X {
double values[N];
double & foo (const unsigned int index)
{ return values[index]; }
};
template <int N> void foo() {
double d;
X<N> h1;
if (N<=2)
f();
h1.foo(2) = d;
}
template void foo<2>();
----------------------------
f() is a no-return function, but unfortunately the author forgot
to mark it as that. Now, it is quite impressive to see that
gcc doesn't ICE any more once I mark f() as noreturn, but the
present behavior is annoying nevertheless. It triggers at least
half a dozen times in my code :-(
W.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
2004-01-14 22:38 ` [Bug optimization/13681] " pinskia at gcc dot gnu dot org
2004-01-15 22:17 ` bangerth at dealii dot org
@ 2004-01-16 10:06 ` steven at gcc dot gnu dot org
2004-01-16 12:13 ` steven at gcc dot gnu dot org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: steven at gcc dot gnu dot org @ 2004-01-16 10:06 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From steven at gcc dot gnu dot org 2004-01-16 10:06 -------
I'll have a look at this.
--
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |steven at gcc dot gnu dot
|dot org |org
Status|NEW |ASSIGNED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
` (2 preceding siblings ...)
2004-01-16 10:06 ` steven at gcc dot gnu dot org
@ 2004-01-16 12:13 ` steven at gcc dot gnu dot org
2004-01-16 12:48 ` steven at gcc dot gnu dot org
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: steven at gcc dot gnu dot org @ 2004-01-16 12:13 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From steven at gcc dot gnu dot org 2004-01-16 12:13 -------
The key problem here is that we cannot fold the out-of-bounds
array reference. For the first dominator optimization pass, we
start with the following:
void foo() ()
{
unsigned int T.1;
double & <D1486>;
struct X * const this;
const unsigned int index;
struct X h1;
double d;
double & T.2;
double & retval.3;
# BLOCK 0
# PRED: ENTRY (fallthru)
this_1 = &h1;
index_2 = 0; // Or 1 for the case that fails
T.1_3 = index_2 * 8;
<D1486>_4 = T.1_3 + this_1;
retval.3_5 = <D1486>_4;
T.2_6 = retval.3_5;
*T.2_6 = d_7;
return;
# SUCC: EXIT
}
Them DOM1 goes to work and we replace T.2_6
< Replaced 'T.2_6' with constant '&h1 + 8'
---
> Replaced 'T.2_6' with constant '&h1.values[0]'
> Folded to: h1.values[0] = d_7;
So for the index==0 case, we have h1.values[0] = d_7;
and for the index==1 case, we get *(&h1 + 8) = d_7;
We cannot fold the latter to an array reference, and this
causes us to abort in get_expr_operands on something with
a comment that only the folded case can be handled:
tree-ssa-operands.c:
916 /* Everything else should have been folded elsewhere. */
917 else
918 abort ();
I was surprised to see that "*(&h1 + 8)" is a valid GIMPLE lvalue
according to is_gimple_lvalue(). I would think this address needs
to be loaded in a temporary. Apparently we're assuming optimistically
somewhere that we can always fold these indirect references for
array types, and this assumption is incorrect.
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |law at redhat dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
` (3 preceding siblings ...)
2004-01-16 12:13 ` steven at gcc dot gnu dot org
@ 2004-01-16 12:48 ` steven at gcc dot gnu dot org
2004-01-21 22:17 ` rth at gcc dot gnu dot org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: steven at gcc dot gnu dot org @ 2004-01-16 12:48 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From steven at gcc dot gnu dot org 2004-01-16 12:48 -------
Obviously, this is the patch that causes it.
2003-12-01 Richard Henderson <rth@redhat.com>
* tree-dfa.c (get_expr_operands): Don't handle PLUS_EXPR inside
INDIRECT_REF.
* tree-ssa-ccp.c (maybe_fold_offset_to_array_ref): Use int_const_binop
(maybe_fold_offset_to_component_ref): Likewise.
(maybe_fold_stmt_indirect): Likewise.
(maybe_fold_stmt_plus): Expand ARRAY_REF when seen with addend.
* fold-const.c (int_const_binop): Export.
* tree.h (int_const_binop): Declare.
Diego has offered to look at this.
--
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|steven at gcc dot gnu dot |dnovillo at redhat dot com
|org |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
` (4 preceding siblings ...)
2004-01-16 12:48 ` steven at gcc dot gnu dot org
@ 2004-01-21 22:17 ` rth at gcc dot gnu dot org
2004-01-21 22:37 ` bangerth at dealii dot org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: rth at gcc dot gnu dot org @ 2004-01-21 22:17 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From rth at gcc dot gnu dot org 2004-01-21 22:17 -------
This should be resolved by a fixme in my fold_stmt_r routines.
--
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|dnovillo at redhat dot com |rth at redhat dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
` (5 preceding siblings ...)
2004-01-21 22:17 ` rth at gcc dot gnu dot org
@ 2004-01-21 22:37 ` bangerth at dealii dot org
2004-01-22 0:05 ` rth at redhat dot com
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: bangerth at dealii dot org @ 2004-01-21 22:37 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From bangerth at dealii dot org 2004-01-21 22:37 -------
Richard, I don't quite understand what you mean by your comment --
a quick check with a version pulled from CVS immediately after your
comment still shows the ICE.
W.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
` (6 preceding siblings ...)
2004-01-21 22:37 ` bangerth at dealii dot org
@ 2004-01-22 0:05 ` rth at redhat dot com
2004-01-22 0:10 ` bangerth at dealii dot org
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: rth at redhat dot com @ 2004-01-22 0:05 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From rth at redhat dot com 2004-01-22 00:04 -------
Subject: Re: [tree-ssa] ICE in get_expr_operands with out-of-bounds access
On Wed, Jan 21, 2004 at 10:37:39PM -0000, bangerth at dealii dot org wrote:
> Richard, I don't quite understand what you mean by your comment --
> a quick check with a version pulled from CVS immediately after your
> comment still shows the ICE.
It means I'm working on it.
r~
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
` (7 preceding siblings ...)
2004-01-22 0:05 ` rth at redhat dot com
@ 2004-01-22 0:10 ` bangerth at dealii dot org
2004-01-22 1:58 ` cvs-commit at gcc dot gnu dot org
2004-01-22 2:16 ` rth at gcc dot gnu dot org
10 siblings, 0 replies; 12+ messages in thread
From: bangerth at dealii dot org @ 2004-01-22 0:10 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From bangerth at dealii dot org 2004-01-22 00:10 -------
Ah, ok. In any case, already now many many thanks for doing so!
W.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
` (8 preceding siblings ...)
2004-01-22 0:10 ` bangerth at dealii dot org
@ 2004-01-22 1:58 ` cvs-commit at gcc dot gnu dot org
2004-01-22 2:16 ` rth at gcc dot gnu dot org
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2004-01-22 1:58 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2004-01-22 01:58 -------
Subject: Bug 13681
CVSROOT: /cvs/gcc
Module name: gcc
Branch: tree-ssa-20020619-branch
Changes by: rth@gcc.gnu.org 2004-01-22 01:58:14
Modified files:
gcc : ChangeLog.tree-ssa tree-ssa-operands.c
Added files:
gcc/testsuite/g++.dg/opt: crash1.C
Log message:
PR opt/13681
* tree-ssa-operands.c (get_expr_operands): Handle (&x + c).
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.tree-ssa.diff?cvsroot=gcc&only_with_tag=tree-ssa-20020619-branch&r1=1.1.2.1120&r2=1.1.2.1121
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/tree-ssa-operands.c.diff?cvsroot=gcc&only_with_tag=tree-ssa-20020619-branch&r1=1.1.2.5&r2=1.1.2.6
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/g++.dg/opt/crash1.C.diff?cvsroot=gcc&only_with_tag=tree-ssa-20020619-branch&r1=NONE&r2=1.1.2.1
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
` (9 preceding siblings ...)
2004-01-22 1:58 ` cvs-commit at gcc dot gnu dot org
@ 2004-01-22 2:16 ` rth at gcc dot gnu dot org
10 siblings, 0 replies; 12+ messages in thread
From: rth at gcc dot gnu dot org @ 2004-01-22 2:16 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From rth at gcc dot gnu dot org 2004-01-22 02:16 -------
http://gcc.gnu.org/ml/gcc-patches/2004-01/msg02251.html
--
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2004-01-22 2:16 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-01-14 15:37 [Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access bangerth at dealii dot org
2004-01-14 22:38 ` [Bug optimization/13681] " pinskia at gcc dot gnu dot org
2004-01-15 22:17 ` bangerth at dealii dot org
2004-01-16 10:06 ` steven at gcc dot gnu dot org
2004-01-16 12:13 ` steven at gcc dot gnu dot org
2004-01-16 12:48 ` steven at gcc dot gnu dot org
2004-01-21 22:17 ` rth at gcc dot gnu dot org
2004-01-21 22:37 ` bangerth at dealii dot org
2004-01-22 0:05 ` rth at redhat dot com
2004-01-22 0:10 ` bangerth at dealii dot org
2004-01-22 1:58 ` cvs-commit at gcc dot gnu dot org
2004-01-22 2:16 ` rth at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).