[Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[Bug optimization/13681] New: [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[bangerth at dealii dot org]

Seems like tree-ssa is getting too good at optimizing :-) 
 
Here's an out-of-bounds access that ICEs tree-ssa: 
---------------------------- 
struct X { 
    double values[1]; 
 
    double & foo (const unsigned int index) 
      { return values[index]; } 
}; 
 
void foo() { 
  double d; 
  X h1; 
  h1.foo(1) = d; 
} 
------------------------- 
Note that if I call h1.foo(0), then everything is fine, since we 
stay inside the bounds of the values array. However, with the code 
as shown, we get 
 
deal.II/base> c++ -c -O2 x.cc 
x.cc: In function `void foo()': 
x.cc:8: internal compiler error: in get_expr_operands, at 
tree-ssa-operands.c:918 
Please submit a full bug report, 
with preprocessed source if appropriate. 
See <URL:http://gcc.gnu.org/bugs.html> for instructions. 
 
This is with yesterday's tree-ssa branch. I hope it will be reasonable 
simple to fix, since this is the last ICE I presently get with tree-ssa, 
and if it is fixed I'll switch on a nightly tester for tree-ssa that 
compiles our library. I can then also finally try to run the generated 
code and find all those code-gen bugs :-) 
 
Thanks 
  W.

-- 
           Summary: [tree-ssa] ICE in get_expr_operands with out-of-bounds
                    access
           Product: gcc
           Version: tree-ssa
            Status: UNCONFIRMED
          Keywords: ice-on-valid-code
          Severity: critical
          Priority: P2
         Component: optimization
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: bangerth at dealii dot org
                CC: gcc-bugs at gcc dot gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[pinskia at gcc dot gnu dot org]

------- Additional Comments From pinskia at gcc dot gnu dot org  2004-01-14 22:38 -------
Confirmed.
>From Phil's regression hunter: Search converges between 2003-11-29-ssa (#144) and 2003-12
-02-ssa (#145).

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|                            |1
   Last reconfirmed|0000-00-00 00:00:00         |2004-01-14 22:38:48
               date|                            |
   Target Milestone|---                         |tree-ssa


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[bangerth at dealii dot org]

------- Additional Comments From bangerth at dealii dot org  2004-01-15 22:17 -------
I should add that the problem is not easily worked around, as it may 
seem at first glance. I have this code on code-paths that are not 
taken when the size of the array is smaller than the index. For example 
here: 
--------------------- 
void f(); 
 
template <int N> struct X {  
    double values[N];  
  
    double & foo (const unsigned int index)  
      { return values[index]; }  
};  
 
template <int N> void foo() {  
  double d;  
  X<N> h1; 
  if (N<=2) 
    f(); 
   
  h1.foo(2) = d;  
} 
 
template void foo<2>(); 
---------------------------- 
f() is a no-return function, but unfortunately the author forgot 
to mark it as that. Now, it is quite impressive to see that 
gcc doesn't ICE any more once I mark f() as noreturn, but the 
present behavior is annoying nevertheless. It triggers at least 
half a dozen times in my code :-( 
 
W. 

-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[steven at gcc dot gnu dot org]

------- Additional Comments From steven at gcc dot gnu dot org  2004-01-16 10:06 -------
I'll have a look at this. 

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|unassigned at gcc dot gnu   |steven at gcc dot gnu dot
                   |dot org                     |org
             Status|NEW                         |ASSIGNED


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[steven at gcc dot gnu dot org]

------- Additional Comments From steven at gcc dot gnu dot org  2004-01-16 12:13 -------
The key problem here is that we cannot fold the out-of-bounds 
array reference.  For the first dominator optimization pass, we 
start with the following: 
 
void foo() () 
{ 
  unsigned int T.1; 
  double & <D1486>; 
  struct X * const this; 
  const unsigned int index; 
  struct X h1; 
  double d; 
  double & T.2; 
  double & retval.3; 
 
  # BLOCK 0 
  # PRED: ENTRY (fallthru) 
  this_1 = &h1; 
  index_2 = 0;               // Or 1 for the case that fails 
  T.1_3 = index_2 * 8; 
  <D1486>_4 = T.1_3 + this_1; 
  retval.3_5 = <D1486>_4; 
  T.2_6 = retval.3_5; 
  *T.2_6 = d_7; 
  return; 
  # SUCC: EXIT 
 
} 
 
 
Them DOM1 goes to work and we replace T.2_6 
 
<   Replaced 'T.2_6' with constant '&h1 + 8' 
--- 
>   Replaced 'T.2_6' with constant '&h1.values[0]' 
>   Folded to: h1.values[0] = d_7; 
 
So for the index==0 case, we have h1.values[0] = d_7; 
and for the index==1 case, we get *(&h1 + 8) = d_7; 
 
We cannot fold the latter to an array reference, and this 
causes us to abort in get_expr_operands on something with 
a comment that only the folded case can be handled: 
 
tree-ssa-operands.c: 
916      /* Everything else should have been folded elsewhere.  */ 
917      else 
918        abort (); 
 
I was surprised to see that "*(&h1 + 8)" is a valid GIMPLE lvalue 
according to is_gimple_lvalue().  I would think this address needs 
to be loaded in a temporary.  Apparently we're assuming optimistically 
somewhere that we can always fold these indirect references for  
array types, and this assumption is incorrect. 

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |law at redhat dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[steven at gcc dot gnu dot org]

------- Additional Comments From steven at gcc dot gnu dot org  2004-01-16 12:48 -------
Obviously, this is the patch that causes it. 
 
2003-12-01  Richard Henderson  <rth@redhat.com> 
 
        * tree-dfa.c (get_expr_operands): Don't handle PLUS_EXPR inside 
        INDIRECT_REF. 
        * tree-ssa-ccp.c (maybe_fold_offset_to_array_ref): Use int_const_binop 
        (maybe_fold_offset_to_component_ref): Likewise. 
        (maybe_fold_stmt_indirect): Likewise. 
        (maybe_fold_stmt_plus): Expand ARRAY_REF when seen with addend. 
        * fold-const.c (int_const_binop): Export. 
        * tree.h (int_const_binop): Declare. 
 
Diego has offered to look at this. 

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|steven at gcc dot gnu dot   |dnovillo at redhat dot com
                   |org                         |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[rth at gcc dot gnu dot org]

------- Additional Comments From rth at gcc dot gnu dot org  2004-01-21 22:17 -------
This should be resolved by a fixme in my fold_stmt_r routines.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|dnovillo at redhat dot com  |rth at redhat dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[bangerth at dealii dot org]

------- Additional Comments From bangerth at dealii dot org  2004-01-21 22:37 -------
Richard, I don't quite understand what you mean by your comment -- 
a quick check with a version pulled from CVS immediately after your 
comment still shows the ICE. 
 
W. 

-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[rth at redhat dot com]

------- Additional Comments From rth at redhat dot com  2004-01-22 00:04 -------
Subject: Re:  [tree-ssa] ICE in get_expr_operands with out-of-bounds access

On Wed, Jan 21, 2004 at 10:37:39PM -0000, bangerth at dealii dot org wrote:
> Richard, I don't quite understand what you mean by your comment -- 
> a quick check with a version pulled from CVS immediately after your 
> comment still shows the ICE. 

It means I'm working on it.


r~


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[bangerth at dealii dot org]

------- Additional Comments From bangerth at dealii dot org  2004-01-22 00:10 -------
Ah, ok. In any case, already now many many thanks for doing so! 
W. 

-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[cvs-commit at gcc dot gnu dot org]

------- Additional Comments From cvs-commit at gcc dot gnu dot org  2004-01-22 01:58 -------
Subject: Bug 13681

CVSROOT:	/cvs/gcc
Module name:	gcc
Branch: 	tree-ssa-20020619-branch
Changes by:	rth@gcc.gnu.org	2004-01-22 01:58:14

Modified files:
	gcc            : ChangeLog.tree-ssa tree-ssa-operands.c 
Added files:
	gcc/testsuite/g++.dg/opt: crash1.C 

Log message:
	PR opt/13681
	* tree-ssa-operands.c (get_expr_operands): Handle (&x + c).

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.tree-ssa.diff?cvsroot=gcc&only_with_tag=tree-ssa-20020619-branch&r1=1.1.2.1120&r2=1.1.2.1121
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/tree-ssa-operands.c.diff?cvsroot=gcc&only_with_tag=tree-ssa-20020619-branch&r1=1.1.2.5&r2=1.1.2.6
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/g++.dg/opt/crash1.C.diff?cvsroot=gcc&only_with_tag=tree-ssa-20020619-branch&r1=NONE&r2=1.1.2.1



-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681

[Bug optimization/13681] [tree-ssa] ICE in get_expr_operands with out-of-bounds access

[rth at gcc dot gnu dot org]

------- Additional Comments From rth at gcc dot gnu dot org  2004-01-22 02:16 -------
http://gcc.gnu.org/ml/gcc-patches/2004-01/msg02251.html

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13681