public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
@ 2010-08-26 9:04 zsojka at seznam dot cz
2010-08-26 9:05 ` [Bug tree-optimization/45412] " zsojka at seznam dot cz
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: zsojka at seznam dot cz @ 2010-08-26 9:04 UTC (permalink / raw)
To: gcc-bugs
Command line:
$ g++ -O2 -fipa-cp-clone -ftracer testcase.C
Valgrind output:
$ valgrind -q --trace-children=yes
/mnt/svn/gcc-trunk/binary-163468-lto-fortran-checking-yes-rtl-df/bin/g++ -O2
-fipa-cp-clone -ftracer testcase.C
==31083== Invalid read of size 8
==31083== at 0x112BDF0: search_line_sse2 (lex.c:384)
==31083== by 0x112BFD9: _cpp_clean_line (lex.c:649)
==31083== by 0x112C9D7: _cpp_get_fresh_line (lex.c:1862)
==31083== by 0x112E161: _cpp_lex_direct (lex.c:1927)
==31083== by 0x112EF56: _cpp_lex_token (lex.c:1801)
==31083== by 0x1131697: cpp_get_token (macro.c:1240)
==31083== by 0x113194F: cpp_get_token_with_location (macro.c:1352)
==31083== by 0x687E5C: c_lex_with_flags (c-lex.c:302)
==31083== by 0x59ADAF: cp_lexer_get_preprocessor_token (parser.c:525)
==31083== by 0x5C19BA: c_parse_file (parser.c:425)
==31083== by 0x68D4EA: c_common_parse_file (c-opts.c:1206)
==31083== by 0x9E7518: toplev_main (toplev.c:971)
==31083== Address 0x71085b8 is 216 bytes inside a block of size 217 alloc'd
==31083== at 0x4C261DF: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31083== by 0x115545C: xrealloc (xmalloc.c:179)
==31083== by 0x1120BAF: _cpp_convert_input (charset.c:1734)
==31083== by 0x1129542: read_file (files.c:648)
==31083== by 0x1129F6A: _cpp_stack_file (files.c:723)
==31083== by 0x112B850: cpp_read_main_file (init.c:570)
==31083== by 0x68CB9A: c_common_post_options (c-opts.c:1124)
==31083== by 0x9E6A14: toplev_main (toplev.c:1743)
==31083== by 0x6589BBC: (below main) (in /lib64/libc-2.11.2.so)
==31083==
==31083== Invalid read of size 8
==31083== at 0x112BDE3: search_line_sse2 (lex.c:372)
==31083== by 0x112BFD9: _cpp_clean_line (lex.c:649)
==31083== by 0x112C9D7: _cpp_get_fresh_line (lex.c:1862)
==31083== by 0x112E161: _cpp_lex_direct (lex.c:1927)
==31083== by 0x112EF56: _cpp_lex_token (lex.c:1801)
==31083== by 0x1131697: cpp_get_token (macro.c:1240)
==31083== by 0x113194F: cpp_get_token_with_location (macro.c:1352)
==31083== by 0x687E5C: c_lex_with_flags (c-lex.c:302)
==31083== by 0x59ADAF: cp_lexer_get_preprocessor_token (parser.c:525)
==31083== by 0x5C19BA: c_parse_file (parser.c:425)
==31083== by 0x68D4EA: c_common_parse_file (c-opts.c:1206)
==31083== by 0x9E7518: toplev_main (toplev.c:971)
==31083== Address 0x71085b8 is 216 bytes inside a block of size 217 alloc'd
==31083== at 0x4C261DF: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31083== by 0x115545C: xrealloc (xmalloc.c:179)
==31083== by 0x1120BAF: _cpp_convert_input (charset.c:1734)
==31083== by 0x1129542: read_file (files.c:648)
==31083== by 0x1129F6A: _cpp_stack_file (files.c:723)
==31083== by 0x112B850: cpp_read_main_file (init.c:570)
==31083== by 0x68CB9A: c_common_post_options (c-opts.c:1124)
==31083== by 0x9E6A14: toplev_main (toplev.c:1743)
==31083== by 0x6589BBC: (below main) (in /lib64/libc-2.11.2.so)
==31083==
==31083== Invalid read of size 8
==31083== at 0xA2CDE5: update_ssa (tree-flow-inline.h:479)
==31083== by 0x8F95D7: execute_function_todo (passes.c:1206)
==31083== by 0x8F9BEE: execute_todo (passes.c:1283)
==31083== by 0x8FC2B9: execute_one_pass (passes.c:1591)
==31083== by 0x8FC4E4: execute_pass_list (passes.c:1623)
==31083== by 0x8FC4F6: execute_pass_list (passes.c:1624)
==31083== by 0xA3EE65: tree_rest_of_compilation (tree-optimize.c:452)
==31083== by 0xBFB595: cgraph_expand_function (cgraphunit.c:1469)
==31083== by 0xBFDF99: cgraph_optimize (cgraphunit.c:1548)
==31083== by 0xBFE4E9: cgraph_finalize_compilation_unit (cgraphunit.c:1012)
==31083== by 0x58BD9C: cp_write_global_declarations (decl2.c:3924)
==31083== by 0x9E7554: toplev_main (toplev.c:983)
==31083== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==31083==
testcase.C: In member function 'virtual int S::vm()':
testcase.C:11:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
Tested revisions:
r163468 - crash
r162940 - crash
r161659 - OK
--
Summary: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-
inline.h:479) with -O2 -fipa-cp-clone -ftracer
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: zsojka at seznam dot cz
GCC host triplet: x86_64-pc-linux-gnu
GCC target triplet: x86_64-pc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
@ 2010-08-26 9:05 ` zsojka at seznam dot cz
2010-08-26 9:43 ` rguenth at gcc dot gnu dot org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: zsojka at seznam dot cz @ 2010-08-26 9:05 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from zsojka at seznam dot cz 2010-08-26 09:04 -------
Created an attachment (id=21569)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=21569&action=view)
reduced testcase
$ g++ -O2 -fipa-cp-clone -ftracer pr45412.C
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
2010-08-26 9:05 ` [Bug tree-optimization/45412] " zsojka at seznam dot cz
@ 2010-08-26 9:43 ` rguenth at gcc dot gnu dot org
2010-08-26 14:16 ` hjl dot tools at gmail dot com
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-08-26 9:43 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from rguenth at gcc dot gnu dot org 2010-08-26 09:42 -------
Confirmed.
The tracer seriously messes up virtual operands. I'm not sure the copy
tables work like the author thought they would.
After duplicating we have
virtual int S::vm() (struct S * const this)
{
int state;
int D.2129;
int retval.0;
<bb 2>:
# .MEM_8 = VDEF <.MEM_7(D)>
retval.0_1 = foo (&state);
switch (retval.0_1) <default: <L3>, case 0: <L0>, case 1: <L1>>
<L0>:
# .MEM_9 = VDEF <.MEM_8>
bar ();
<bb 7>:
# .MEM_14 = PHI <.MEM_9(3)>
if (this_3(D) != 0B)
goto <bb 8>;
else
goto <bb 6> (<L3>);
<bb 8>:
# .MEM_15 = VDEF <.MEM_5>
S::~S (this_3(D));
# .MEM_16 = VDEF <.MEM_12>
operator delete (this_3(D));
<bb 9>:
# .MEM_17 = PHI <.MEM_13(8)>
# VUSE <.MEM_10>
D.2129_18 = state;
return D.2129_4;
# .MEM_5 = PHI <.MEM_8(2)>
<L1>:
if (this_3(D) != 0B)
goto <bb 5>;
else
goto <bb 6> (<L3>);
<bb 5>:
# .MEM_12 = VDEF <.MEM_5>
S::~S (this_3(D));
# .MEM_13 = VDEF <.MEM_12>
operator delete (this_3(D));
# .MEM_10 = PHI <.MEM_8(2), .MEM_5(4), .MEM_13(5), .MEM_5(7)>
<L3>:
# VUSE <.MEM_10>
D.2129_4 = state;
return D.2129_4;
}
see how virtual SSA form is messed up (and no symbol is marked for
renaming).
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed|0 |1
Last reconfirmed|0000-00-00 00:00:00 |2010-08-26 09:42:55
date| |
Target Milestone|--- |4.6.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
2010-08-26 9:05 ` [Bug tree-optimization/45412] " zsojka at seznam dot cz
2010-08-26 9:43 ` rguenth at gcc dot gnu dot org
@ 2010-08-26 14:16 ` hjl dot tools at gmail dot com
2010-08-31 19:07 ` zsojka at seznam dot cz
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: hjl dot tools at gmail dot com @ 2010-08-26 14:16 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from hjl dot tools at gmail dot com 2010-08-26 14:16 -------
It is caused by revision 162842:
http://gcc.gnu.org/ml/gcc-cvs/2010-08/msg00053.html
--
hjl dot tools at gmail dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hubicka at gcc dot gnu dot
| |org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
` (2 preceding siblings ...)
2010-08-26 14:16 ` hjl dot tools at gmail dot com
@ 2010-08-31 19:07 ` zsojka at seznam dot cz
2010-09-02 11:24 ` rguenth at gcc dot gnu dot org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: zsojka at seznam dot cz @ 2010-08-31 19:07 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from zsojka at seznam dot cz 2010-08-31 19:07 -------
Created an attachment (id=21612)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=21612&action=view)
different testcase, probably better
This one needs only -O2 to reproduce:
$ valgrind -q --trace-children=yes gcc -O2 pr45412-2.c
...
==32673== Invalid read of size 8
==32673== at 0x8F1D95: update_ssa (tree-flow-inline.h:479)
==32673== by 0x7BDA67: execute_function_todo (passes.c:1206)
==32673== by 0x7BE07E: execute_todo (passes.c:1283)
==32673== by 0x7C0739: execute_one_pass (passes.c:1591)
==32673== by 0x7C0964: execute_pass_list (passes.c:1623)
==32673== by 0x7C0976: execute_pass_list (passes.c:1624)
==32673== by 0x903E45: tree_rest_of_compilation (tree-optimize.c:452)
==32673== by 0xAC0C05: cgraph_expand_function (cgraphunit.c:1469)
==32673== by 0xAC3609: cgraph_optimize (cgraphunit.c:1548)
==32673== by 0xAC3B59: cgraph_finalize_compilation_unit (cgraphunit.c:1012)
==32673== by 0x4E0E4E: c_write_global_declarations (c-decl.c:9735)
==32673== by 0x8ABAD4: toplev_main (toplev.c:983)
==32673== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==32673==
pr45412-2.c: In function 'bar':
pr45412-2.c:6:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
` (3 preceding siblings ...)
2010-08-31 19:07 ` zsojka at seznam dot cz
@ 2010-09-02 11:24 ` rguenth at gcc dot gnu dot org
2010-09-02 12:31 ` rguenth at gcc dot gnu dot org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-02 11:24 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from rguenth at gcc dot gnu dot org 2010-09-02 11:24 -------
Maybe a similar issue, but this one is after DOM where we have stuff like
<bb 7>:
# .MEM_8 = PHI <.MEM_7(D)(2)>
# VUSE <.MEM_5>
j.0_12 = j;
goto <bb 6>;
after jump-threading supposedly, so indeed a quite similar case.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P1
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
` (4 preceding siblings ...)
2010-09-02 11:24 ` rguenth at gcc dot gnu dot org
@ 2010-09-02 12:31 ` rguenth at gcc dot gnu dot org
2010-09-02 12:35 ` rguenth at gcc dot gnu dot org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-02 12:31 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from rguenth at gcc dot gnu dot org 2010-09-02 12:31 -------
This fixes the 2nd testcase for me:
Index: ipa-split.c
===================================================================
--- ipa-split.c (revision 163772)
+++ ipa-split.c (working copy)
@@ -993,8 +993,8 @@ split_function (struct split_point *spli
{
gimple stmt = gsi_stmt (gsi);
gcc_assert (!is_gimple_reg (gimple_phi_result (stmt)));
- mark_sym_for_renaming (SSA_NAME_VAR (PHI_RESULT (stmt)));
- gsi_remove (&gsi, false);
+ mark_virtual_phi_result_for_renaming (stmt);
+ remove_phi_node (&gsi, true);
}
}
/* When we pass aorund the value, use existing return block. */
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
` (5 preceding siblings ...)
2010-09-02 12:31 ` rguenth at gcc dot gnu dot org
@ 2010-09-02 12:35 ` rguenth at gcc dot gnu dot org
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
2010-09-02 13:44 ` rguenth at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-02 12:35 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from rguenth at gcc dot gnu dot org 2010-09-02 12:34 -------
And the first one. Mine.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |rguenth at gcc dot gnu dot
|dot org |org
Status|NEW |ASSIGNED
Last reconfirmed|2010-08-26 09:42:55 |2010-09-02 12:34:55
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
` (6 preceding siblings ...)
2010-09-02 12:35 ` rguenth at gcc dot gnu dot org
@ 2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
2010-09-02 13:44 ` rguenth at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-02 13:43 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from rguenth at gcc dot gnu dot org 2010-09-02 13:42 -------
Subject: Bug 45412
Author: rguenth
Date: Thu Sep 2 13:42:25 2010
New Revision: 163775
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=163775
Log:
2010-09-02 Richard Guenther <rguenther@suse.de>
PR tree-optimization/44937
PR tree-optimization/45412
* ipa-split.c (split_function): Properly remove PHI nodes.
* g++.dg/opt/pr45412.C: New testcase.
* gcc.c-torture/compile/pr45412.c: Likewise.
* gcc.c-torture/compile/pr44937.c: Likewise.
Added:
trunk/gcc/testsuite/g++.dg/opt/pr45412.C
trunk/gcc/testsuite/gcc.c-torture/compile/pr44937.c
trunk/gcc/testsuite/gcc.c-torture/compile/pr45412.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/ipa-split.c
trunk/gcc/testsuite/ChangeLog
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/45412] [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
` (7 preceding siblings ...)
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
@ 2010-09-02 13:44 ` rguenth at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2010-09-02 13:44 UTC (permalink / raw)
To: gcc-bugs
------- Comment #9 from rguenth at gcc dot gnu dot org 2010-09-02 13:43 -------
Fixed.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45412
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2010-09-02 13:44 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-26 9:04 [Bug tree-optimization/45412] New: [4.6 Regression] ICE: SIGSEGV in update_ssa (tree-flow-inline.h:479) with -O2 -fipa-cp-clone -ftracer zsojka at seznam dot cz
2010-08-26 9:05 ` [Bug tree-optimization/45412] " zsojka at seznam dot cz
2010-08-26 9:43 ` rguenth at gcc dot gnu dot org
2010-08-26 14:16 ` hjl dot tools at gmail dot com
2010-08-31 19:07 ` zsojka at seznam dot cz
2010-09-02 11:24 ` rguenth at gcc dot gnu dot org
2010-09-02 12:31 ` rguenth at gcc dot gnu dot org
2010-09-02 12:35 ` rguenth at gcc dot gnu dot org
2010-09-02 13:43 ` rguenth at gcc dot gnu dot org
2010-09-02 13:44 ` rguenth at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).