[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |wrong-code
           Priority|P3                          |P1

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[bredelin at ucla dot edu]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

--- Comment #5 from bredelin at ucla dot edu 2010-10-06 15:46:08 UTC ---
This bug still existed as of Oct 4, 2010.

gcc version 4.6.0 20101004 (experimental) [trunk revision 164952] (Ubuntu
20101004-0ubuntu1) 

After this bug is fixed, I'll be able to do some more testing of 4.6 for a
large c++ program.

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[jamborm at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

--- Comment #6 from Martin Jambor <jamborm at gcc dot gnu.org> 2010-10-08 12:12:34 UTC ---
The problem seems to be the only folding of OBJ_TYPE_REF we do and
which comes from a (copy) constructor.  So I assume this is the same
issue as PR 45934.

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[jamborm at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

--- Comment #7 from Martin Jambor <jamborm at gcc dot gnu.org> 2010-10-08 14:40:41 UTC ---
Please disregard the previous comment, I saw what I wanted to see and
not what was actually there.  But it is true that avoiding the only
O_T_R folding avoids the segfault.  But so far I see nothing wrong
with that devirtualization... I will keep staring at it for a bit
longer.

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[bredelin at ucla dot edu]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

--- Comment #8 from bredelin at ucla dot edu 2010-10-08 15:58:49 UTC ---
When you say segfault, I presume you mean abort?

When I use the debugger, the problem appears to be in the call to

 new Parameters(*P);

On x86_64, the problem occurs as follows: (x86_32 is different)

In the copy constructor, Parameters::SuperModel2 is constructed OK.

Then the copy constructor for Parameters::Probability_Model is called,
which calls the copy constructor for Probability_Model::Model2, which
calls the copy constructor for Model2::vector<double>.

In the (synthesized) copy constructor
   vector<double>::vector<double>(const vector<double>& __x),
the debugger claims that "this" and "__x" are both optimized out, and won't let
me inspect anything.

The SIGABORT actually occurs because the __x has a __x.size() of
18446726482060379005. It should have a size of 0.
(I can't call __x.size(), but I can access __n, which is initialized from
__x.size()).

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[bredelin at ucla dot edu]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

--- Comment #9 from bredelin at ucla dot edu 2010-10-08 16:37:15 UTC ---
On x86_32, the problem occurs somewhat differently.  All I did differently is
add "-m32".

It seems that on x86_32, the copy constructor
   vector<int>::vector<int>(const vector& __x)
for SuperModel2::object fails, whereas it succeeded on x86_64.  The values for
"this" and "__x" are not optimized out for SuperModel2::object, so they  can be
inspected.

The values for __x appear to be crazy.  This leads to a large __n, and thus
another abort because of an attempt to allocate too much memory. (__n should be
0).  The error may be caused by the fact that &__x points to the wrong memory
location (0xffffd4a0, instead of the correct value 0xffffd484).

I think the location of __x is wrong on x86_64 also, but it just so happens on
x86_64 that __x._M_finish - __x._M_start is 0 for the wrong location of __x,
whereas on x86_32 it does not happen to be 0.

Does this help any?

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[jamborm at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

--- Comment #10 from Martin Jambor <jamborm at gcc dot gnu.org> 2010-10-08 16:51:19 UTC ---
I think I know what is going on.  BINFO_VIRTUALS of the BINFO
describing Probability_Model within Parameters pint to a wring thunk
of the method Parameters:clone().

Therefore when the call is devirtualized, the this parameter is not
adjusted to point to the whole Ptr object and points only to the part
representing the Probability_Model ancestor.  And so all references to
the fields of the object just load garbage.

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[jamborm at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

--- Comment #11 from Martin Jambor <jamborm at gcc dot gnu.org> 2010-10-08 17:57:11 UTC ---
Created attachment 21998
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=21998
proposed patch

But fortunately BINFOs contain the delta and so we can find the
appropriate thunk in the call graph.

I'm attaching an untested proposed fix which seems to work on the
testcase.  Obviously I need to clean it up a little bit and will also
try to make a simple testcase.

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[jamborm at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

--- Comment #12 from Martin Jambor <jamborm at gcc dot gnu.org> 2010-10-11 18:45:28 UTC ---
Author: jamborm
Date: Mon Oct 11 18:45:23 2010
New Revision: 165327

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=165327
Log:
2010-10-11  Martin Jambor  <mjambor@suse.cz>

    PR middle-end/45699
    * gimple-fold.c (gimple_fold_obj_type_ref_known_binfo): Choose among
    thunks.

    * testsuite/g++.dg/torture/pr45699.C: New test.
    * testsuite/g++.dg/otr-fold-1.C: Adjusted.
    * testsuite/g++.dg/otr-fold-1.C: Likewise.


Added:
    trunk/gcc/testsuite/g++.dg/torture/pr45699.C
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/gimple-fold.c
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/testsuite/g++.dg/otr-fold-1.C
    trunk/gcc/testsuite/g++.dg/otr-fold-2.C

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[jamborm at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

Martin Jambor <jamborm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #13 from Martin Jambor <jamborm at gcc dot gnu.org> 2010-10-11 18:46:34 UTC ---
Fixed.

[Bug middle-end/45699] New: Incorrect copy constructor generated with -O

[bredelin at ucla dot edu]

If you compile the attached file without optimization, it runs fine.  However,
if you compile with -O, then you get:

$ ~/Devel/GCC/local/4.6/bin/g++-4.6 -g -O crash.C -o crash --save-temps
$ ./crash
terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc
Aborted
Interestingly, 4.5 works fine.

The version of 4.6 is revision 164339.

$ ~/Devel/GCC/local/4.6/bin/g++-4.6 -v
Using built-in specs.
COLLECT_GCC=/home/bredelings/Devel/GCC/local/4.6/bin/g++-4.6
COLLECT_LTO_WRAPPER=/home/bredelings/Devel/GCC/local/4.6/libexec/gcc/x86_64-unknown-linux-gnu/4.6.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ../gcc-trunk/configure --enable-languages=c,c++,fortran
--prefix=/home/bredelings/Devel/GCC/local/4.6 --enable-shared
--enable-linker-build-id --with-system-zlib --disable-nls --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin
--enable-gold --with-plugin-ld=ld.gold --with-tune=generic --disable-werror
--enable-checking=yes --program-suffix=-4.6
Thread model: posix
gcc version 4.6.0 20100916 (experimental) (GCC) 
The version of 4.5 is:
$ g++-4.5 -v
Using built-in specs.
COLLECT_GCC=/usr/bin/g++-4.5
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.5.1/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.5.1-5'
--with-bugurl=file:///usr/share/doc/gcc-4.5/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-4.5 --enable-shared --enable-multiarch
--enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.5 --libdir=/usr/lib --enable-nls
--enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes
--enable-plugin --enable-gold --with-plugin-ld=ld.gold --enable-objc-gc
--with-arch-32=i586 --with-tune=generic --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.5.1 (Debian 4.5.1-5) 
The crash seems to result from using the wrong location for SuperModel2::object
in the generated copy constructor.


-- 
           Summary: Incorrect copy constructor generated with -O
           Product: gcc
           Version: 4.6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: bredelin at ucla dot edu
 GCC build triplet: x86_64-unknown-linux-gnu
  GCC host triplet: x86_64-unknown-linux-gnu
GCC target triplet: x86_64-unknown-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[rguenth at gcc dot gnu dot org]

-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Incorrect copy constructor  |[4.6 Regression] Incorrect
                   |generated with -O           |copy constructor generated
                   |                            |with -O
   Target Milestone|---                         |4.6.0


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[hjl dot tools at gmail dot com]

-- 

hjl dot tools at gmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1
   Last reconfirmed|0000-00-00 00:00:00         |2010-09-17 14:29:19
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[hjl dot tools at gmail dot com]

------- Comment #3 from hjl dot tools at gmail dot com  2010-09-17 14:29 -------
It is caused by revision 159362:

http://gcc.gnu.org/ml/gcc-cvs/2010-05/msg00414.html


-- 

hjl dot tools at gmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mjambor at suse dot cz


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699

[Bug middle-end/45699] [4.6 Regression] Incorrect copy constructor generated with -O

[jamborm at gcc dot gnu dot org]

------- Comment #4 from jamborm at gcc dot gnu dot org  2010-09-17 14:39 -------
I'll have a look at it but please be patient, my bug queue is rather long at
the moment.


-- 

jamborm at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|mjambor at suse dot cz      |jamborm at gcc dot gnu dot
                   |                            |org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45699