[Bug middle-end/37889] New: SEGV, conditional execution proactively executed the false arm.

[Bug middle-end/37889] New: SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

The following executable testcase, reduced from the CRIS port of an old
3.2.x-based version of gcc, is miscompiled at -O2 with
"gcc-4_3-branch revision 141262" and
"trunk revision 141281" configured with --prefix=/usr --enable-languages=c
--with-cpu=generic.  When run, it catches a SEGV.  It is known to work with at
least the Fedora "gcc-4.1.2-33" release.

gcc.c-torture/execute/prNNNNN-1.c:
int flag_pic;
const char * reg_names[(16 + 1 + 1 + 1)] = {"x", "y", "z"};
extern void abort (void) __attribute__ ((__noreturn__));
extern void exit (int) __attribute__ ((__noreturn__));
void __attribute__ ((__noinline__)) asm_fprintf (void *a, const char *b, const
char *c, const char *d)
{
  if (a == 0 || *c != 'x' || *d != 'x' || b == 0)
    abort ();
  asm volatile ("");
}

void __attribute__ ((__noinline__))
cris_target_asm_function_prologue (void *file, long got_really_used)
{
  if (got_really_used)
    {
      asm_fprintf (file, "%s %s\n",
       reg_names[(flag_pic ? 0 : (~(unsigned int) 0))],
       reg_names[(flag_pic ? 0 : (~(unsigned int) 0))]);
    }
  asm_fprintf (file, "", "x", "x");
}

int main (void)
{
  flag_pic = 2;
  cris_target_asm_function_prologue ("", 1);
  exit (0);
}

There's a spurious warning emitted with -Wall:
x.c: In function 'cris_target_asm_function_prologue':
x.c:17: warning: array subscript is above array bounds
and a tell-tale SEGV-causing instruction:
 movabsq reg_names+34359738360, %rax
(corresponding to a read of reg_names[~(unsigned int) 0] into %rax)
which is wrongly moved *before* the flag_pic test.


-- 
           Summary: SEGV, conditional execution proactively executed the
                    false arm.
           Product: gcc
           Version: 4.3.3
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: middle-end
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: hp at gcc dot gnu dot org
  GCC host triplet: x86_64-unknown-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug middle-end/37889] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

-- 

hp at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1
 GCC target triplet|                            |x86_64-unknown-linux-gnu
   Last reconfirmed|0000-00-00 00:00:00         |2008-10-22 02:26:01
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug middle-end/37889] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

------- Comment #1 from hp at gcc dot gnu dot org  2008-10-22 02:40 -------
I've had a user report the same error with the Fedora 9 "gcc-4.3.0-8", so the
lower known-to-fail is 4.3.0.


-- 

hp at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to fail|                            |4.3.0
      Known to work|                            |4.1.2


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug middle-end/37889] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

------- Comment #2 from hp at gcc dot gnu dot org  2008-10-22 11:55 -------
A user reports that 4.2.3 worked.


-- 

hp at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to work|4.1.2                       |4.2.3


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3 Regression] SEGV, conditional execution proactively executed the false arm.

[rguenth at gcc dot gnu dot org]

------- Comment #3 from rguenth at gcc dot gnu dot org  2008-10-22 14:26 -------
Confirmed.  This is ifcvt at work, ce1 is buggy already (it probably thinks
accesses to reg_names cannot trap).


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rguenth at gcc dot gnu dot
                   |                            |org
          Component|middle-end                  |rtl-optimization
   Target Milestone|---                         |4.3.3


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[rguenth at gcc dot gnu dot org]

------- Comment #4 from rguenth at gcc dot gnu dot org  2008-10-22 14:28 -------
trunk is also broken the same way.


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to fail|4.3.0                       |4.3.0 4.4.0
            Summary|[4.3 Regression] SEGV,      |[4.3/4.4 Regression] SEGV,
                   |conditional execution       |conditional execution
                   |proactively executed the    |proactively executed the
                   |false arm.                  |false arm.


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[jakub at gcc dot gnu dot org]

------- Comment #5 from jakub at gcc dot gnu dot org  2008-10-22 16:28 -------
If the array has known bounds, we could say that accesses above bounds trap
and likely it wouldn't hurt much.  But for
extern const char *reg_names[];
where we don't know the bounds, we'd have to assume the worst, i.e. that all
indexes may trap.  I'm afraid that's going to penalize quite some code.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[rguenth at gcc dot gnu dot org]

-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P2


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

------- Comment #6 from hp at gcc dot gnu dot org  2009-01-21 03:53 -------
There's reason to believe the patch in PR38921, fixes this bug too, by divine
mockery.  I haven't verified yet, though.  It would destroy the suspense...


-- 

hp at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  BugsThisDependsOn|                            |38921


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[rguenth at gcc dot gnu dot org]

------- Comment #7 from rguenth at gcc dot gnu dot org  2009-01-24 10:20 -------
GCC 4.3.3 is being released, adjusting target milestone.


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|4.3.3                       |4.3.4


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[bonzini at gnu dot org]

------- Comment #8 from bonzini at gnu dot org  2009-01-31 15:32 -------
Can you check comment #6?


-- 

bonzini at gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |WAITING


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

------- Comment #9 from hp at gcc dot gnu dot org  2009-01-31 22:25 -------
(In reply to comment #8)
> Can you check comment #6?

Sorry, I'm a bit busy right now, but will as soon as I can.
On the other hand, anyone can check it, so it's not necessary to keep this PR
"busy".


-- 

hp at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |NEW
   Last reconfirmed|2008-10-22 02:26:01         |2009-01-31 22:25:11
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

-- 

hp at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |WAITING


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

------- Comment #10 from hp at gcc dot gnu dot org  2009-02-01 05:54 -------
Ok, I'm on it.


-- 

hp at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|unassigned at gcc dot gnu   |hp at gcc dot gnu dot org
                   |dot org                     |
             Status|WAITING                     |ASSIGNED
   Last reconfirmed|2009-01-31 22:25:11         |2009-02-01 05:54:48
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[bonzini at gnu dot org]

------- Comment #11 from bonzini at gnu dot org  2009-02-03 15:15 -------
No, the patch does not fix it.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[bonzini at gnu dot org]

------- Comment #12 from bonzini at gnu dot org  2009-02-03 15:19 -------
But at least it gets cc1 to call rtx_addr_can_trap_p_1. Mine


-- 

bonzini at gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|hp at gcc dot gnu dot org   |bonzini at gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[bonzini at gnu dot org]

------- Comment #13 from bonzini at gnu dot org  2009-02-03 15:48 -------
Created an attachment (id=17235)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17235&action=view)
patch to be tested

The patch fixes the bug.  As a follow up (see PR38921 audit trail)
MTP_AFTER_MOVE and MTP_UNALIGNED_MEMS could be folded, but I'm not going to do
that right now.

If anyone can test it for me, I'd be grateful.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

------- Comment #14 from hp at gcc dot gnu dot org  2009-02-03 16:34 -------
(In reply to comment #11)
> No, the patch does not fix it.

Yes, I found that out too ;) but haven't had time to follow up.
FWIW, I have an overlapping patch for PR38921 that does fold the code as
suggested.  It doesn't do much for this PR, however.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[bonzini at gnu dot org]

------- Comment #15 from bonzini at gnu dot org  2009-02-03 16:40 -------
Subject: Re:  [4.3/4.4 Regression] SEGV, 
        conditional execution proactively executed the false arm.

> Yes, I found that out too ;) but haven't had time to follow up.
> FWIW, I have an overlapping patch for PR38921 that does fold the code as
> suggested.  It doesn't do much for this PR, however.

If you submit it, I'll happily take care of the conflicts.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[hp at gcc dot gnu dot org]

------- Comment #16 from hp at gcc dot gnu dot org  2009-02-03 17:54 -------
(In reply to comment #15)
> If you submit it, I'll happily take care of the conflicts.

I've put it in the PR, though it's not a proper submit yet.
Also, only regtested for cris-elf on the 4.3 branch and
x86_64-unknown-linux-gnu on trunk.

Thanks for dealing with this PR, your patch looks correct.
(The overlap seems to be minimal, just your last chunk.)


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[bonzini at gnu dot org]

------- Comment #17 from bonzini at gnu dot org  2009-02-03 17:57 -------
Thanks, I'll merge it with mine, bootstrap/regtest i686-pc-linux-gnu and submit
it.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3/4.4 Regression] SEGV, conditional execution proactively executed the false arm.

[bonzini at gcc dot gnu dot org]

------- Comment #18 from bonzini at gnu dot org  2009-02-04 20:54 -------
Subject: Bug 37889

Author: bonzini
Date: Wed Feb  4 20:54:36 2009
New Revision: 143939

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=143939
Log:
2009-02-04  Paolo Bonzini  <bonzini@gnu.org>
            Hans-Peter Nilsson  <hp@axis.com>

        PR rtl-optimization/37889
        * rtlanal.c (rtx_addr_can_trap_p_1): Add offset and size arguments.
        Move offset handling from PLUS to before the switch.  Use new
        arguments when considering SYMBOL_REFs too.
        (rtx_addr_can_trap_p): Pass dummy offset and size.
        (enum may_trap_p_flags): Remove.
        (may_trap_p_1): Pass size from MEM_SIZE.

        PR rtl-optimization/38921
        * loop-invariant.c (find_invariant_insn): Use may_trap_or_fault_p.
        * rtl.h (may_trap_after_code_motion_p): Delete prototype.
        * rtlanal.c (may_trap_after_code_motion_p): Delete.
        (may_trap_p, may_trap_or_fault_p): Pass 0/1 as flags.


Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/loop-invariant.c
    trunk/gcc/rtl.h
    trunk/gcc/rtlanal.c


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3 Regression] SEGV, conditional execution proactively executed the false arm.

[bonzini at gnu dot org]

------- Comment #19 from bonzini at gnu dot org  2009-02-06 09:05 -------
See 39110 for another patch that would need to be backported (thinko fix).


-- 

bonzini at gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  BugsThisDependsOn|                            |39110
Bug 37889 depends on bug 39110, which changed state.

Bug 39110 Summary: [4.4 Regression] Revision 143939  breaks bootstrap on Linux/ia64
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39110

           What    |Old Value                   |New Value
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
             Status|NEW                         |WAITING
             Status|WAITING                     |RESOLVED
         Resolution|                            |FIXED

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3 Regression] SEGV, conditional execution proactively executed the false arm.

[rguenth at gcc dot gnu dot org]

------- Comment #20 from rguenth at gcc dot gnu dot org  2009-06-25 20:10 -------
Looking at a backport.


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|bonzini at gnu dot org      |rguenth at gcc dot gnu dot
                   |                            |org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3 Regression] SEGV, conditional execution proactively executed the false arm.

[rguenth at gcc dot gnu dot org]

------- Comment #21 from rguenth at gcc dot gnu dot org  2009-07-14 09:33 -------
Subject: Bug 37889

Author: rguenth
Date: Tue Jul 14 09:32:55 2009
New Revision: 149620

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=149620
Log:
2009-07-14  Richard Guenther  <rguenther@suse.de>

        Backport from mainline
        2009-02-05  Paolo Bonzini  <bonzini@gnu.org>

        PR rtl-optimization/39110
        * rtlanal.c (rtx_addr_can_trap_p_1): Shortcut unaligned
        addresses, not aligned ones.

        2009-02-04  Paolo Bonzini  <bonzini@gnu.org>
            Hans-Peter Nilsson  <hp@axis.com>

        PR rtl-optimization/37889
        * rtlanal.c (rtx_addr_can_trap_p_1): Add offset and size arguments.
        Move offset handling from PLUS to before the switch.  Use new
        arguments when considering SYMBOL_REFs too.
        (rtx_addr_can_trap_p): Pass dummy offset and size.
        (enum may_trap_p_flags): Remove.
        (may_trap_p_1): Pass size from MEM_SIZE.

        PR rtl-optimization/38921
        * loop-invariant.c (find_invariant_insn): Use may_trap_or_fault_p.
        * rtl.h (may_trap_after_code_motion_p): Delete prototype.
        * rtlanal.c (may_trap_after_code_motion_p): Delete.
        (may_trap_p, may_trap_or_fault_p): Pass 0/1 as flags.

Modified:
    branches/gcc-4_3-branch/gcc/ChangeLog
    branches/gcc-4_3-branch/gcc/loop-invariant.c
    branches/gcc-4_3-branch/gcc/rtl.h
    branches/gcc-4_3-branch/gcc/rtlanal.c


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889

[Bug rtl-optimization/37889] [4.3 Regression] SEGV, conditional execution proactively executed the false arm.

[rguenth at gcc dot gnu dot org]

------- Comment #22 from rguenth at gcc dot gnu dot org  2009-07-14 09:33 -------
Fixed.


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
      Known to fail|4.3.0                       |4.3.0 4.3.3
      Known to work|4.2.3 4.4.0                 |4.2.3 4.3.4 4.4.0
         Resolution|                            |FIXED


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37889