public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/101290] New: ICE with -O1 on valid code: in maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976
@ 2021-07-01 22:20 cnsun at uwaterloo dot ca
2021-07-02 6:32 ` [Bug middle-end/101290] " rguenth at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: cnsun at uwaterloo dot ca @ 2021-07-01 22:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101290
Bug ID: 101290
Summary: ICE with -O1 on valid code: in
maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976
Product: gcc
Version: tree-ssa
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: cnsun at uwaterloo dot ca
Target Milestone: ---
$ gcc-trunk -v
Using built-in specs.
COLLECT_GCC=gcc-trunk
COLLECT_LTO_WRAPPER=/scratch/software/gcc-trunk/libexec/gcc/x86_64-pc-linux-gnu/12.0.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /tmp/tmp.66z1mEqhUB-gcc-builder/gcc/configure
--enable-languages=c,c++,lto --enable-checking-yes --enable-multiarch
--prefix=/scratch/software/gcc-trunk --disable-bootstrap
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.0.0 20210701 (experimental) [master revision
:b1f5e3e73:a688c284dd3848b6c4ea553035f0f9769fb4fbc9] (GCC)
$ cat mutant.c
typedef *a;
typedef struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
struct {
unsigned b, c, d, e
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, d, e, f
} b, c, f
} * g;
int h;
struct i k;
struct i {
a j
} l(struct i *m) {
*(volatile *)&((g)m->j)->f;
}
n() {
k.j = &h;
l(&k);
}
$ gcc-trunk -w -O1 mutant.c
during GIMPLE pass: copyprop
mutant.c: In function ‘n’:
mutant.c:66:1: internal compiler error: in maybe_canonicalize_mem_ref_addr, at
gimple-fold.c:5976
66 | n() {
| ^
0x6def4a maybe_canonicalize_mem_ref_addr
/tmp/tmp.66z1mEqhUB-gcc-builder/gcc/gcc/gimple-fold.c:5976
0xc1f18a fold_stmt_1
/tmp/tmp.66z1mEqhUB-gcc-builder/gcc/gcc/gimple-fold.c:6085
0x10db4c6 substitute_and_fold_dom_walker::before_dom_children(basic_block_def*)
/tmp/tmp.66z1mEqhUB-gcc-builder/gcc/gcc/tree-ssa-propagate.c:853
0x194d647 dom_walker::walk(basic_block_def*)
/tmp/tmp.66z1mEqhUB-gcc-builder/gcc/gcc/domwalk.c:309
0x10da869 substitute_and_fold_engine::substitute_and_fold(basic_block_def*)
/tmp/tmp.66z1mEqhUB-gcc-builder/gcc/gcc/tree-ssa-propagate.c:987
0x104726a fini_copy_prop
/tmp/tmp.66z1mEqhUB-gcc-builder/gcc/gcc/tree-ssa-copy.c:566
0x104726a execute_copy_prop
/tmp/tmp.66z1mEqhUB-gcc-builder/gcc/gcc/tree-ssa-copy.c:619
0x104726a execute
/tmp/tmp.66z1mEqhUB-gcc-builder/gcc/gcc/tree-ssa-copy.c:649
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug middle-end/101290] ICE with -O1 on valid code: in maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976
2021-07-01 22:20 [Bug tree-optimization/101290] New: ICE with -O1 on valid code: in maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976 cnsun at uwaterloo dot ca
@ 2021-07-02 6:32 ` rguenth at gcc dot gnu.org
2021-07-05 19:56 ` joseph at codesourcery dot com
2021-07-06 6:09 ` [Bug c/101290] " rguenth at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-07-02 6:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101290
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |accepts-invalid
Component|tree-optimization |middle-end
CC| |jsm28 at gcc dot gnu.org
Version|tree-ssa |12.0
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
We're asking get_addr_base_and_unit_offset on arg0 of
MEM[(volatile int *)&MEM[(struct *)&h].f]
and the FIELD_DECL is
<field_decl 0x7ffff66a48e8 f
type <record_type 0x7ffff6677e70 type_0 BLK
size <integer_cst 0x7ffff6686220 constant public overflow
0x256fa5b99019a5c80>
unit-size <integer_cst 0x7ffff66a33c0 constant public overflow
5395113836446698384>
align:32 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff6677e70
fields <field_decl 0x7ffff66a44c0 b type <record_type 0x7ffff6677f18>
BLK t.c:56:7
size <integer_cst 0x7ffff66861c0 constant 0x21165458500521280>
unit-size <integer_cst 0x7ffff66a3330 constant 4768371582031250000>
align:32 warn_if_not_align:0 offset_align 128
offset <integer_cst 0x7ffff6543d20 constant 0>
bit-offset <integer_cst 0x7ffff6543d68 constant 0> context
<record_type 0x7ffff6677e70> chain <field_decl 0x7ffff66a4558 c>> context
<translation_unit_decl 0x7ffff6551b40 t.c>
pointer_to_this <pointer_type 0x7ffff669ce70> chain <type_decl
0x7ffff656b4c0 D.1944>>
BLK t.c:57:11 size <integer_cst 0x7ffff6686220 overflow
0x256fa5b99019a5c80> unit-size <integer_cst 0x7ffff66a33c0 overflow
5395113836446698384>
align:32 warn_if_not_align:0 offset_align 32
offset <integer_cst 0x7ffff6686240 type <integer_type 0x7ffff655c000
sizetype> constant public overflow 10790227672893396768> bit-offset
<integer_cst 0x7ffff6543d68 0> context <record_type 0x7ffff6677dc8>>
and we hit
case COMPONENT_REF:
{
tree field = TREE_OPERAND (exp, 1);
tree this_offset = component_ref_field_offset (exp);
poly_int64 hthis_offset;
if (!this_offset
|| !poly_int_tree_p (this_offset, &hthis_offset)
|| (TREE_INT_CST_LOW (DECL_FIELD_BIT_OFFSET (field))
% BITS_PER_UNIT))
return NULL_TREE;
because this_offset doesn't fit the signed poly_int64. IIRC we do have to
support negative field offsets.
Eventually this testcase is invalid since sizeof (*g) is bigger than half
of the address space. Joseph? We seem to happily wrap TYPE_SIZE[_UNIT]
even over the sizetype bounds without diagnosing anything - we do emit
some diagnostics from layout_type so that might be the place to complain
(we could then set TYPE_SIZE[_UNIT] to error_mark_node).
<record_type 0x7ffff6677dc8 type_0 BLK
size <integer_cst 0x7ffff66862a0 type <integer_type 0x7ffff655c0a8
bitsizetype> constant public overflow 0x704ef12cb04cf1580>
unit-size <integer_cst 0x7ffff6686260 type <integer_type 0x7ffff655c000
sizetype> constant public overflow 16185341509340095152>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug middle-end/101290] ICE with -O1 on valid code: in maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976
2021-07-01 22:20 [Bug tree-optimization/101290] New: ICE with -O1 on valid code: in maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976 cnsun at uwaterloo dot ca
2021-07-02 6:32 ` [Bug middle-end/101290] " rguenth at gcc dot gnu.org
@ 2021-07-05 19:56 ` joseph at codesourcery dot com
2021-07-06 6:09 ` [Bug c/101290] " rguenth at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: joseph at codesourcery dot com @ 2021-07-05 19:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101290
--- Comment #2 from joseph at codesourcery dot com <joseph at codesourcery dot com> ---
Anything constructing a constant-size type half the address space or
larger in size should be diagnosed.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug c/101290] ICE with -O1 on valid code: in maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976
2021-07-01 22:20 [Bug tree-optimization/101290] New: ICE with -O1 on valid code: in maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976 cnsun at uwaterloo dot ca
2021-07-02 6:32 ` [Bug middle-end/101290] " rguenth at gcc dot gnu.org
2021-07-05 19:56 ` joseph at codesourcery dot com
@ 2021-07-06 6:09 ` rguenth at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-07-06 6:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101290
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Component|middle-end |c
Ever confirmed|0 |1
Keywords| |ice-on-invalid-code
Last reconfirmed| |2021-07-06
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
OK, the most convenient place to diagnose this (and to avoid overflow on *_SIZE
or *_OFFSET) is stor-layout.c then.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-07-06 6:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-01 22:20 [Bug tree-optimization/101290] New: ICE with -O1 on valid code: in maybe_canonicalize_mem_ref_addr, at gimple-fold.c:5976 cnsun at uwaterloo dot ca
2021-07-02 6:32 ` [Bug middle-end/101290] " rguenth at gcc dot gnu.org
2021-07-05 19:56 ` joseph at codesourcery dot com
2021-07-06 6:09 ` [Bug c/101290] " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).