public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591
@ 2021-12-23 16:10 k.even-mendoza at imperial dot ac.uk
2021-12-23 19:52 ` [Bug ipa/103818] [12 Regression] " pinskia at gcc dot gnu.org
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: k.even-mendoza at imperial dot ac.uk @ 2021-12-23 16:10 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
Bug ID: 103818
Summary: ICE: in insert, at ipa-modref-tree.c:591
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: k.even-mendoza at imperial dot ac.uk
Target Milestone: ---
The following code fails with -O1, -O2, -O3, and -Os in GCC-12, but works fine
with -O0:
struct a {
int b[0]
} c(struct a *d) {
d->b[0] = d->b[-144115188075855873] + d->b[11] * d->b[2] +
d->b[0] % d->b[1025] + d->b[5];
d->b[0] =
d->b[144678138029277184] + d->b[0] & d->b[-3] * d->b[053] + d->b[7] ^
d->b[-9] + d->b[14] + d->b[9] % d->b[49] + d->b[024] + d->b[82] &
d->b[4096];
}
void main() {}
It works fine with GCC-11.
===
The trace in GCC-12 Version is:
/home/user42/data/gcc-csmith-1223/gcc-install/bin/gcc -O2 fuzzer-file-14593.c
fuzzer-file-14593.c:3:1: warning: no semicolon at end of struct or union
3 | } c(struct a *d) {
| ^
during GIMPLE pass: modref
fuzzer-file-14593.c: In function ‘c’:
fuzzer-file-14593.c:11:1: internal compiler error: in insert, at
ipa-modref-tree.c:591
11 | void main() {}
| ^~~~
0x73439f modref_access_node::insert(vec<modref_access_node, va_gc, vl_embed>*&,
modref_access_node, unsigned long, bool)
.././../gcc-source/gcc/ipa-modref-tree.c:591
0xcc201a modref_ref_node<int>::insert_access(modref_access_node, unsigned long,
bool)
.././../gcc-source/gcc/ipa-modref-tree.h:194
0xcc201a modref_tree<int>::insert(unsigned int, unsigned int, unsigned int,
int, int, modref_access_node, bool)
.././../gcc-source/gcc/ipa-modref-tree.h:445
0xcb303c modref_tree<int>::insert(tree_node*, int, int, modref_access_node
const&, bool)
.././../gcc-source/gcc/ipa-modref-tree.h:472
0xcb303c record_access
.././../gcc-source/gcc/ipa-modref.c:1076
0xcb3968 analyze_load
.././../gcc-source/gcc/ipa-modref.c:1707
0xc09dd1 walk_stmt_load_store_addr_ops(gimple*, void*, bool (*)(gimple*,
tree_node*, tree_node*, void*), bool (*)(gimple*, tree_node*, tree_node*,
void*), bool (*)(gimple*, tree_node*, tree_node*, void*))
.././../gcc-source/gcc/gimple-walk.c:800
0xcbc7a1 analyze_stmt
.././../gcc-source/gcc/ipa-modref.c:1788
0xcbc7a1 analyze
.././../gcc-source/gcc/ipa-modref.c:1900
0xcbc7a1 analyze_function
.././../gcc-source/gcc/ipa-modref.c:3219
0xcbec2a execute
.././../gcc-source/gcc/ipa-modref.c:4186
Please submit a full bug report,
===
I tested it with gcc (GCC) 12.0.0 20211023 (experimental), gcc (GCC) 12.0.0
20211216 (experimental), and gcc (GCC) 12.0.0 20211223 (experimental) (current
version: commit ef26c151c14a87177d46fd3d725e7f82e040e89f) checking the fix of
bugs 102687 and 103073 there.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
@ 2021-12-23 19:52 ` pinskia at gcc dot gnu.org
2021-12-28 10:22 ` [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173 marxin at gcc dot gnu.org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-12-23 19:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Last reconfirmed| |2021-12-23
Keywords| |ice-on-valid-code
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Confirmed.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
2021-12-23 19:52 ` [Bug ipa/103818] [12 Regression] " pinskia at gcc dot gnu.org
@ 2021-12-28 10:22 ` marxin at gcc dot gnu.org
2022-01-26 13:39 ` marxin at gcc dot gnu.org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-12-28 10:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |12.0
Summary|[12 Regression] ICE: in |[12 Regression] ICE: in
|insert, at |insert, at
|ipa-modref-tree.c:591 |ipa-modref-tree.c:591 since
| |r12-3202-gf5ff3a8ed4ca9173
CC| |hubicka at gcc dot gnu.org
Priority|P3 |P1
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r12-3202-gf5ff3a8ed4ca9173.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
2021-12-23 19:52 ` [Bug ipa/103818] [12 Regression] " pinskia at gcc dot gnu.org
2021-12-28 10:22 ` [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173 marxin at gcc dot gnu.org
@ 2022-01-26 13:39 ` marxin at gcc dot gnu.org
2022-01-26 13:39 ` marxin at gcc dot gnu.org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-01-26 13:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at gcc dot gnu.org |hubicka at gcc dot gnu.org
--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
@Honza: Can you please take a look?
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
` (2 preceding siblings ...)
2022-01-26 13:39 ` marxin at gcc dot gnu.org
@ 2022-01-26 13:39 ` marxin at gcc dot gnu.org
2022-04-09 20:25 ` hubicka at gcc dot gnu.org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-01-26 13:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
` (3 preceding siblings ...)
2022-01-26 13:39 ` marxin at gcc dot gnu.org
@ 2022-04-09 20:25 ` hubicka at gcc dot gnu.org
2022-04-11 16:00 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: hubicka at gcc dot gnu.org @ 2022-04-09 20:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
--- Comment #4 from Jan Hubicka <hubicka at gcc dot gnu.org> ---
We have access list:
Base 0: alias set 2
Ref 0: alias set 1
access: Parm 0 param offset:0 offset:-4611686018427387936 size:32
max_size:32
access: Parm 0 param offset:0 offset:352 size:32 max_size:32
access: Parm 0 param offset:0 offset:64 size:32 max_size:32
access: Parm 0 param offset:0 offset:0 size:32 max_size:32
access: Parm 0 param offset:0 offset:32800 size:32 max_size:32
access: Parm 0 param offset:0 offset:160 size:32 max_size:32
access: Parm 0 param offset:0 offset:4629700416936869888 size:32
max_size:32
access: Parm 0 param offset:0 offset:-96 size:32 max_size:32
access: Parm 0 param offset:0 offset:1376 size:32 max_size:32
access: Parm 0 param offset:0 offset:224 size:32 max_size:32
access: Parm 0 param offset:0 offset:-288 size:32 max_size:32
access: Parm 0 param offset:0 offset:448 size:32 max_size:32
access: Parm 0 param offset:0 offset:288 size:32 max_size:32
access: Parm 0 param offset:0 offset:1568 size:32 max_size:32
access: Parm 0 param offset:0 offset:640 size:32 max_size:32
access: Parm 0 param offset:0 offset:2624 size:32 max_size:32
and we want to merge
Parm 0 param offset:0 offset:-4611686018427387936 size:32 max_size:32
and
Parm 0 param offset:0 offset:4629700416936869888 size:32 max_size:32
into one entry since we think they have small difference.
So an overflow issue:
new_max_size = max_size2 + offset2 - offset1;
if (known_le (new_max_size, max_size1))
new_max_size = max_size1;
So we need 128bit math here.
I need to look into proper way to get this right (and corresponding overflow
that makes the lgoic to choose these two entries as closest to each other.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
` (4 preceding siblings ...)
2022-04-09 20:25 ` hubicka at gcc dot gnu.org
@ 2022-04-11 16:00 ` jakub at gcc dot gnu.org
2022-04-12 10:50 ` hubicka at kam dot mff.cuni.cz
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jakub at gcc dot gnu.org @ 2022-04-11 16:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org,
| |rsandifo at gcc dot gnu.org
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
For 128-bit math, you can e.g. use poly_offset_int, which generally looks like
a better type for these offsets and sizes (especially if they are counted in
bits not bytes).
Just to perform the <= comparison on the wider poly_offset_int, perhaps:
--- gcc/ipa-modref-tree.cc.jj 2022-04-06 16:44:44.000000000 +0200
+++ gcc/ipa-modref-tree.cc 2022-04-11 17:50:02.937784764 +0200
@@ -380,9 +380,13 @@ modref_access_node::update2 (poly_int64
new_max_size = max_size2;
else
{
- new_max_size = max_size2 + offset2 - offset1;
- if (known_le (new_max_size, max_size1))
+ poly_offset_int n = max_size2;
+ n += offset2;
+ n -= offset1;
+ if (known_le (n, max_size1))
new_max_size = max_size1;
+ else
+ new_max_size = max_size2 + offset2 - offset1;
}
update (parm_offset1, offset1,
(though, not sure how can you narrow that back to poly_int64).
Though, the big question is what should one do with these overflows or
underflows that aren't representable, update2 can't fail right now and the
above still ICEs.
Is there some way how to indicate it is an access to an unknown offset?
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
` (5 preceding siblings ...)
2022-04-11 16:00 ` jakub at gcc dot gnu.org
@ 2022-04-12 10:50 ` hubicka at kam dot mff.cuni.cz
2022-04-20 9:01 ` cvs-commit at gcc dot gnu.org
2022-04-20 9:11 ` hubicka at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: hubicka at kam dot mff.cuni.cz @ 2022-04-12 10:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
--- Comment #6 from hubicka at kam dot mff.cuni.cz ---
> For 128-bit math, you can e.g. use poly_offset_int, which generally looks like
> a better type for these offsets and sizes (especially if they are counted in
> bits not bytes).
> Just to perform the <= comparison on the wider poly_offset_int, perhaps:
> --- gcc/ipa-modref-tree.cc.jj 2022-04-06 16:44:44.000000000 +0200
> +++ gcc/ipa-modref-tree.cc 2022-04-11 17:50:02.937784764 +0200
> @@ -380,9 +380,13 @@ modref_access_node::update2 (poly_int64
> new_max_size = max_size2;
> else
> {
> - new_max_size = max_size2 + offset2 - offset1;
> - if (known_le (new_max_size, max_size1))
> + poly_offset_int n = max_size2;
> + n += offset2;
> + n -= offset1;
> + if (known_le (n, max_size1))
> new_max_size = max_size1;
> + else
> + new_max_size = max_size2 + offset2 - offset1;
> }
>
> update (parm_offset1, offset1,
> (though, not sure how can you narrow that back to poly_int64).
> Though, the big question is what should one do with these overflows or
> underflows that aren't representable, update2 can't fail right now and the
> above still ICEs.
> Is there some way how to indicate it is an access to an unknown offset?
I sent patch for this (and plan to commit it today). One can set new_max_size
to -1 which means unknown/unlimited rnag on overflow. Underflow should
be impossible, since we always keep offsets/sizes nonnegative.
Honza
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
` (6 preceding siblings ...)
2022-04-12 10:50 ` hubicka at kam dot mff.cuni.cz
@ 2022-04-20 9:01 ` cvs-commit at gcc dot gnu.org
2022-04-20 9:11 ` hubicka at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-20 9:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jan Hubicka <hubicka@gcc.gnu.org>:
https://gcc.gnu.org/g:0707f4280907c395b543464175411f8155817a9e
commit r12-8203-g0707f4280907c395b543464175411f8155817a9e
Author: Jan Hubicka <jh@suse.cz>
Date: Wed Apr 20 11:00:33 2022 +0200
Fix overflows in ipa-modref-tree.cc
gcc/ChangeLog:
2022-04-20 Jan Hubicka <hubicka@ucw.cz>
PR ipa/103818
* ipa-modref-tree.cc (modref_access_node::closer_pair_p): Use
poly_offset_int to avoid overflow.
(modref_access_node::update2): likewise.
gcc/testsuite/ChangeLog:
2022-04-20 Jan Hubicka <hubicka@ucw.cz>
* gcc.c-torture/compile/103818.c: New test.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
` (7 preceding siblings ...)
2022-04-20 9:01 ` cvs-commit at gcc dot gnu.org
@ 2022-04-20 9:11 ` hubicka at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: hubicka at gcc dot gnu.org @ 2022-04-20 9:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103818
Jan Hubicka <hubicka at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #8 from Jan Hubicka <hubicka at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2022-04-20 9:11 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-23 16:10 [Bug c/103818] New: ICE: in insert, at ipa-modref-tree.c:591 k.even-mendoza at imperial dot ac.uk
2021-12-23 19:52 ` [Bug ipa/103818] [12 Regression] " pinskia at gcc dot gnu.org
2021-12-28 10:22 ` [Bug ipa/103818] [12 Regression] ICE: in insert, at ipa-modref-tree.c:591 since r12-3202-gf5ff3a8ed4ca9173 marxin at gcc dot gnu.org
2022-01-26 13:39 ` marxin at gcc dot gnu.org
2022-01-26 13:39 ` marxin at gcc dot gnu.org
2022-04-09 20:25 ` hubicka at gcc dot gnu.org
2022-04-11 16:00 ` jakub at gcc dot gnu.org
2022-04-12 10:50 ` hubicka at kam dot mff.cuni.cz
2022-04-20 9:01 ` cvs-commit at gcc dot gnu.org
2022-04-20 9:11 ` hubicka at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).