public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const
@ 2021-12-22 22:29 k.even-mendoza at imperial dot ac.uk
2021-12-22 22:36 ` [Bug middle-end/103813] " pinskia at gcc dot gnu.org
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: k.even-mendoza at imperial dot ac.uk @ 2021-12-22 22:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
Bug ID: 103813
Summary: Crash in decompose, at wide-int.h:984 fold-const
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: k.even-mendoza at imperial dot ac.uk
Target Milestone: ---
The following code crashed GCC 11 and 12, with -O1, -O2, -O3 and -Os but -O0
works just fine.
struct a d;
struct a {
int b;
int c[]
} main() {
d.c[268435456] || d.c[1];
}
I tested it with GCC 11.1.0 Ubuntu 20.04 and GCC 12.0.0 20211216 (experimental)
Ubuntu 18. I can see other bugs open but none related to fold-const.
With that trace:
fuzzer-file-159198.c:6:3: internal compiler error: in decompose, at
wide-int.h:984
6 | d.c[268435456] || d.c[1];
| ^
0x6f4748 wi::int_traits<generic_wide_int<wide_int_ref_storage<false, false> >
>::decompose(long*, unsigned int, generic_wide_int<wide_int_ref_storage<false,
false> > const&)
.././../gcc-source/gcc/wide-int.h:984
0x6fbea1 wi::int_traits<generic_wide_int<wide_int_ref_storage<false, false> >
>::decompose(long*, unsigned int, generic_wide_int<wide_int_ref_storage<false,
false> > const&)
.././../gcc-source/gcc/tree.h:3555
0x6fbea1 wide_int_ref_storage<false,
false>::wide_int_ref_storage<generic_wide_int<wide_int_ref_storage<false,
false> > >(generic_wide_int<wide_int_ref_storage<false, false> > const&,
unsigned int)
.././../gcc-source/gcc/wide-int.h:1034
0x6fbea1 generic_wide_int<wide_int_ref_storage<false, false>
>::generic_wide_int<generic_wide_int<wide_int_ref_storage<false, false> >
>(generic_wide_int<wide_int_ref_storage<false, false> > const&, unsigned int)
.././../gcc-source/gcc/wide-int.h:790
0x6fbea1 unsigned long
wi::extract_uhwi<generic_wide_int<wide_int_ref_storage<false, false> >
>(generic_wide_int<wide_int_ref_storage<false, false> > const&, unsigned int,
unsigned int)
.././../gcc-source/gcc/wide-int.h:3212
0x6fbea1 unextend
.././../gcc-source/gcc/fold-const.c:6110
0xb991ed fold_truth_andor_1
.././../gcc-source/gcc/fold-const.c:6461
0xb9a4bd fold_truth_andor
.././../gcc-source/gcc/fold-const.c:9687
0xb7aaf4 fold_binary_loc(unsigned int, tree_code, tree_node*, tree_node*,
tree_node*)
.././../gcc-source/gcc/fold-const.c:12036
0xb82629 fold_build2_loc(unsigned int, tree_code, tree_node*, tree_node*,
tree_node*)
.././../gcc-source/gcc/fold-const.c:13781
0x9358b2 c_fully_fold_internal
.././../gcc-source/gcc/c/c-fold.c:545
0x936089 c_fully_fold(tree_node*, bool, bool*, bool)
.././../gcc-source/gcc/c/c-fold.c:125
0x8d00ec c_process_expr_stmt(unsigned int, tree_node*)
.././../gcc-source/gcc/c/c-typeck.c:11320
0x8d03cd c_finish_expr_stmt(unsigned int, tree_node*)
.././../gcc-source/gcc/c/c-typeck.c:11365
0x90409f c_parser_statement_after_labels
.././../gcc-source/gcc/c/c-parser.c:6261
0x9067ac c_parser_compound_statement_nostart
.././../gcc-source/gcc/c/c-parser.c:5798
0x927f75 c_parser_compound_statement
.././../gcc-source/gcc/c/c-parser.c:5607
0x929b2a c_parser_declaration_or_fndef
.././../gcc-source/gcc/c/c-parser.c:2544
0x932583 c_parser_external_declaration
.././../gcc-source/gcc/c/c-parser.c:1779
0x933093 c_parser_translation_unit
.././../gcc-source/gcc/c/c-parser.c:1652
Please submit a full bug report,
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] Crash in decompose, at wide-int.h:984 fold-const
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
@ 2021-12-22 22:36 ` pinskia at gcc dot gnu.org
2021-12-22 22:37 ` [Bug middle-end/103813] [11/12 Regression] " pinskia at gcc dot gnu.org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-12-22 22:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |ice-on-valid-code
Component|c |middle-end
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The code is undefined for sure.
here is reduced testcase which has less invalidness to it:
struct a {
int b;
int c[];
} ;
struct a d;
int main() {
d.c[0x10000000] || d.c[1];
}
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11/12 Regression] Crash in decompose, at wide-int.h:984 fold-const
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
2021-12-22 22:36 ` [Bug middle-end/103813] " pinskia at gcc dot gnu.org
@ 2021-12-22 22:37 ` pinskia at gcc dot gnu.org
2021-12-22 22:58 ` pinskia at gcc dot gnu.org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-12-22 22:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to fail| |11.1.0
Status|UNCONFIRMED |NEW
Known to work| |10.3.0
Last reconfirmed| |2021-12-22
Summary|Crash in decompose, at |[11/12 Regression] Crash in
|wide-int.h:984 fold-const |decompose, at
| |wide-int.h:984 fold-const
Ever confirmed|0 |1
Target Milestone|--- |11.3
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Confirmed.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11/12 Regression] Crash in decompose, at wide-int.h:984 fold-const
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
2021-12-22 22:36 ` [Bug middle-end/103813] " pinskia at gcc dot gnu.org
2021-12-22 22:37 ` [Bug middle-end/103813] [11/12 Regression] " pinskia at gcc dot gnu.org
@ 2021-12-22 22:58 ` pinskia at gcc dot gnu.org
2021-12-23 8:34 ` [Bug middle-end/103813] [11/12 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e marxin at gcc dot gnu.org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-12-22 22:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Another testcase:
struct a {
char b;
char c[];
} ;
struct a d;
int main() {
return d.c[0x40000000] || d.c[1];
}
In GCC 10 (and before) fold would produce:
return ((unsigned char) BIT_FIELD_REF <MEM <struct a> [(void *)&d], 8, 16> &
255) != 0;
Which is a bit interesting because the d.c[0x40000000] part is left off.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11/12 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
` (2 preceding siblings ...)
2021-12-22 22:58 ` pinskia at gcc dot gnu.org
@ 2021-12-23 8:34 ` marxin at gcc dot gnu.org
2021-12-27 16:48 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-12-23 8:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org,
| |marxin at gcc dot gnu.org
Summary|[11/12 Regression] Crash in |[11/12 Regression] Crash in
|decompose, at |decompose, at
|wide-int.h:984 fold-const |wide-int.h:984 fold-const
| |since
| |r11-5271-g4866b2f5db117f9e
--- Comment #4 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r11-5271-g4866b2f5db117f9e.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11/12 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
` (3 preceding siblings ...)
2021-12-23 8:34 ` [Bug middle-end/103813] [11/12 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e marxin at gcc dot gnu.org
@ 2021-12-27 16:48 ` jakub at gcc dot gnu.org
2021-12-28 16:41 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-12-27 16:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |jakub at gcc dot gnu.org
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 52070
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52070&action=edit
gcc12-pr103813.patch
Untested fix.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11/12 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
` (4 preceding siblings ...)
2021-12-27 16:48 ` jakub at gcc dot gnu.org
@ 2021-12-28 16:41 ` cvs-commit at gcc dot gnu.org
2021-12-28 16:43 ` [Bug middle-end/103813] [11 " jakub at gcc dot gnu.org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-12-28 16:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:9258ac53cfcbe546e8b86a433e59343538743f74
commit r12-6135-g9258ac53cfcbe546e8b86a433e59343538743f74
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Dec 28 17:41:24 2021 +0100
fold-const: Fix up fold_truth_andor_1 shift handling [PR103813]
Some time ago I've changed const_binop -> wide_int_binop, so that it punts
on shifts by negative count. fold_truth_andor_1 doesn't check the results
of const_binop (?SHIFT_EXPR, ) though and assumes they will be always
non-NULL, which is no longer the case.
2021-12-28 Jakub Jelinek <jakub@redhat.com>
PR middle-end/103813
* fold-const.c (fold_truth_andor_1): Punt of const_binop
LSHIFT_EXPR
or RSHIFT_EXPR returns NULL. Formatting fix.
* gcc.c-torture/compile/pr103813.c: New test.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
` (5 preceding siblings ...)
2021-12-28 16:41 ` cvs-commit at gcc dot gnu.org
@ 2021-12-28 16:43 ` jakub at gcc dot gnu.org
2022-01-04 13:20 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2021-12-28 16:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[11/12 Regression] Crash in |[11 Regression] Crash in
|decompose, at |decompose, at
|wide-int.h:984 fold-const |wide-int.h:984 fold-const
|since |since
|r11-5271-g4866b2f5db117f9e |r11-5271-g4866b2f5db117f9e
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed on the trunk so far.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
` (6 preceding siblings ...)
2021-12-28 16:43 ` [Bug middle-end/103813] [11 " jakub at gcc dot gnu.org
@ 2022-01-04 13:20 ` rguenth at gcc dot gnu.org
2022-01-24 9:20 ` cvs-commit at gcc dot gnu.org
2022-01-24 9:30 ` jakub at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-01-04 13:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
` (7 preceding siblings ...)
2022-01-04 13:20 ` rguenth at gcc dot gnu.org
@ 2022-01-24 9:20 ` cvs-commit at gcc dot gnu.org
2022-01-24 9:30 ` jakub at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-01-24 9:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:fbc542de1bcf2361b9a3b5d2e52efbd5388c83bf
commit r11-9493-gfbc542de1bcf2361b9a3b5d2e52efbd5388c83bf
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Dec 28 17:41:24 2021 +0100
fold-const: Fix up fold_truth_andor_1 shift handling [PR103813]
Some time ago I've changed const_binop -> wide_int_binop, so that it punts
on shifts by negative count. fold_truth_andor_1 doesn't check the results
of const_binop (?SHIFT_EXPR, ) though and assumes they will be always
non-NULL, which is no longer the case.
2021-12-28 Jakub Jelinek <jakub@redhat.com>
PR middle-end/103813
* fold-const.c (fold_truth_andor_1): Punt of const_binop
LSHIFT_EXPR
or RSHIFT_EXPR returns NULL. Formatting fix.
* gcc.c-torture/compile/pr103813.c: New test.
(cherry picked from commit 9258ac53cfcbe546e8b86a433e59343538743f74)
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/103813] [11 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
` (8 preceding siblings ...)
2022-01-24 9:20 ` cvs-commit at gcc dot gnu.org
@ 2022-01-24 9:30 ` jakub at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-01-24 9:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103813
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed for 11.3 too.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2022-01-24 9:30 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-22 22:29 [Bug c/103813] New: Crash in decompose, at wide-int.h:984 fold-const k.even-mendoza at imperial dot ac.uk
2021-12-22 22:36 ` [Bug middle-end/103813] " pinskia at gcc dot gnu.org
2021-12-22 22:37 ` [Bug middle-end/103813] [11/12 Regression] " pinskia at gcc dot gnu.org
2021-12-22 22:58 ` pinskia at gcc dot gnu.org
2021-12-23 8:34 ` [Bug middle-end/103813] [11/12 Regression] Crash in decompose, at wide-int.h:984 fold-const since r11-5271-g4866b2f5db117f9e marxin at gcc dot gnu.org
2021-12-27 16:48 ` jakub at gcc dot gnu.org
2021-12-28 16:41 ` cvs-commit at gcc dot gnu.org
2021-12-28 16:43 ` [Bug middle-end/103813] [11 " jakub at gcc dot gnu.org
2022-01-04 13:20 ` rguenth at gcc dot gnu.org
2022-01-24 9:20 ` cvs-commit at gcc dot gnu.org
2022-01-24 9:30 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).