public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/104159] New: ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer
@ 2022-01-21 10:52 zsojka at seznam dot cz
2022-01-21 11:31 ` [Bug analyzer/104159] " rguenth at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: zsojka at seznam dot cz @ 2022-01-21 10:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104159
Bug ID: 104159
Summary: ICE: in finalize, at vector-builder.h:513 with -O
-fanalyzer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Created attachment 52255
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52255&action=edit
reduced testcase
Compiler output:
$ x86_64-pc-linux-gnu-gcc -O -fanalyzer testcase.c
during IPA pass: analyzer
testcase.c: In function 'foo':
testcase.c:12:13: internal compiler error: in finalize, at vector-builder.h:513
12 | t = (T){} + u + u;
| ~~~^~~
0x1632ec6 vector_builder<tree_node*, tree_node*,
tree_vector_builder>::finalize()
/repo/gcc-trunk/gcc/vector-builder.h:513
0x163251d tree_vector_builder::build()
/repo/gcc-trunk/gcc/tree-vector-builder.cc:42
0xfcc53c native_interpret_vector_part
/repo/gcc-trunk/gcc/fold-const.cc:8764
0xfe9bd2 fold_view_convert_vector_encoding
/repo/gcc-trunk/gcc/fold-const.cc:9130
0xfe9bd2 fold_view_convert_expr
/repo/gcc-trunk/gcc/fold-const.cc:9150
0xfe9bd2 const_unop(tree_code, tree_node*, tree_node*)
/repo/gcc-trunk/gcc/fold-const.cc:1753
0xfdf392 fold_unary_loc(unsigned int, tree_code, tree_node*, tree_node*)
/repo/gcc-trunk/gcc/fold-const.cc:9255
0x17560a2 ana::region_model_manager::maybe_fold_unaryop(tree_node*, tree_code,
ana::svalue const*)
/repo/gcc-trunk/gcc/analyzer/region-model-manager.cc:429
0x17563ba ana::region_model_manager::get_or_create_unaryop(tree_node*,
tree_code, ana::svalue const*)
/repo/gcc-trunk/gcc/analyzer/region-model-manager.cc:458
0x173c49c ana::region_model::get_rvalue(ana::path_var,
ana::region_model_context*) const
/repo/gcc-trunk/gcc/analyzer/region-model.cc:1880
0x173e448 ana::region_model::get_rvalue(tree_node*, ana::region_model_context*)
const
/repo/gcc-trunk/gcc/analyzer/region-model.cc:1895
0x173e448 ana::region_model::get_gassign_result(gassign const*,
ana::region_model_context*)
/repo/gcc-trunk/gcc/analyzer/region-model.cc:701
0x173f0dc ana::region_model::on_assignment(gassign const*,
ana::region_model_context*)
/repo/gcc-trunk/gcc/analyzer/region-model.cc:870
0x171a648 ana::exploded_node::on_stmt(ana::exploded_graph&, ana::supernode
const*, gimple const*, ana::program_state*, ana::uncertainty_t*,
ana::path_context*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:1305
0x171d84f ana::exploded_graph::process_node(ana::exploded_node*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:3694
0x171e822 ana::exploded_graph::process_worklist()
/repo/gcc-trunk/gcc/analyzer/engine.cc:3137
0x1720d26 ana::impl_run_checkers(ana::logger*)
/repo/gcc-trunk/gcc/analyzer/engine.cc:5716
0x1721b9e ana::run_checkers()
/repo/gcc-trunk/gcc/analyzer/engine.cc:5787
0x1711148 execute
/repo/gcc-trunk/gcc/analyzer/analyzer-pass.cc:87
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r12-6785-20220120234803-g6f45deb2aed-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/12.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu
--with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r12-6785-20220120234803-g6f45deb2aed-checking-yes-rtl-df-extra-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.0.1 20220121 (experimental) (GCC)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/104159] ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer
2022-01-21 10:52 [Bug analyzer/104159] New: ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer zsojka at seznam dot cz
@ 2022-01-21 11:31 ` rguenth at gcc dot gnu.org
2022-01-21 13:55 ` marxin at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-01-21 11:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104159
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Last reconfirmed| |2022-01-21
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
424 break;
425 }
426
427 /* Constants. */
428 if (tree cst = arg->maybe_get_constant ())
429 if (tree result = fold_unary (op, type, cst))
430 {
431 if (CONSTANT_CLASS_P (result))
432 return get_or_create_constant_svalue (result);
433
(gdb) p debug_tree (cst)
<vector_cst 0x7ffff668e558
type <vector_type 0x7ffff66a53f0 W
type <integer_type 0x7ffff655f7e0 long unsigned int public unsigned DI
size <integer_cst 0x7ffff6543d50 constant 64>
unit-size <integer_cst 0x7ffff6543d68 constant 8>
align:64 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff655f7e0 precision:64 min <integer_cst 0x7ffff6563030 0> max <integer_cst
0x7ffff6544520 18446744073709551615>
pointer_to_this <pointer_type 0x7ffff656f348>>
unsigned V2DI
size <integer_cst 0x7ffff6543d98 constant 128>
unit-size <integer_cst 0x7ffff6543db0 constant 16>
align:128 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff66a5348 nunits:2 context <translation_unit_decl 0x7ffff6551bb8 t.c>>
constant npatterns:1 nelts-per-pattern:1
elt:0: <integer_cst 0x7ffff6563030 type <integer_type 0x7ffff655f7e0 long
unsigned int> constant 0>>
$1 = void
(gdb) p debug_tree (type)
<vector_type 0x7ffff66a5000 T
type <integer_type 0x7ffff655f5e8 int public SI
size <integer_cst 0x7ffff6543f90 constant 32>
unit-size <integer_cst 0x7ffff6543fa8 constant 4>
align:32 warn_if_not_align:0 symtab:0 alias-set 1 canonical-type
0x7ffff655f5e8 precision:32 min <integer_cst 0x7ffff6543f48 -2147483648> max
<integer_cst 0x7ffff6543f60 2147483647>
pointer_to_this <pointer_type 0x7ffff6567a80>>
V1SI size <integer_cst 0x7ffff6543f90 32> unit-size <integer_cst
0x7ffff6543fa8 4>
align:32 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff667bbd0 nunits:1 context <translation_unit_decl 0x7ffff6551bb8 t.c>
pointer_to_this <pointer_type 0x7ffff66a5bd0>>
$2 = void
and using VIEW_CONVERT_EXPR as op. For truncations you should use
VEC_PACK_TRUNC, but eventually giving up for not explicitely handled
cases would be better.
Note the original stmt is
_1 = VIEW_CONVERT_EXPR<T>(_4);
with both _4 and _1 V1SI (signed/unsigned convert), so not sure how
we got to V2DI here.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/104159] ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer
2022-01-21 10:52 [Bug analyzer/104159] New: ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer zsojka at seznam dot cz
2022-01-21 11:31 ` [Bug analyzer/104159] " rguenth at gcc dot gnu.org
@ 2022-01-21 13:55 ` marxin at gcc dot gnu.org
2022-01-21 15:18 ` dmalcolm at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-01-21 13:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104159
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |marxin at gcc dot gnu.org
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r12-1931-ge61ffa201403e381.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/104159] ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer
2022-01-21 10:52 [Bug analyzer/104159] New: ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer zsojka at seznam dot cz
2022-01-21 11:31 ` [Bug analyzer/104159] " rguenth at gcc dot gnu.org
2022-01-21 13:55 ` marxin at gcc dot gnu.org
@ 2022-01-21 15:18 ` dmalcolm at gcc dot gnu.org
2022-01-22 15:27 ` cvs-commit at gcc dot gnu.org
2022-01-22 15:45 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-01-21 15:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104159
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this bug. Possibly this is due to sloppy type-handling in
region_model::get_rvalue; I'm investigating.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/104159] ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer
2022-01-21 10:52 [Bug analyzer/104159] New: ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer zsojka at seznam dot cz
` (2 preceding siblings ...)
2022-01-21 15:18 ` dmalcolm at gcc dot gnu.org
@ 2022-01-22 15:27 ` cvs-commit at gcc dot gnu.org
2022-01-22 15:45 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-01-22 15:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104159
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:45b999f642a531c083c982dda79fa6ad65730a7c
commit r12-6817-g45b999f642a531c083c982dda79fa6ad65730a7c
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Jan 21 09:56:56 2022 -0500
analyzer: fix ICE on vector casts [PR104159]
PR analyzer/104159 describes an ICE attempting to convert a vector_cst,
which occurs when symbolically executing within a recursive call on:
_4 = BIT_FIELD_REF <w_3(D), 32, 0>;
_1 = VIEW_CONVERT_EXPR<T>(_4);
where the BIT_FIELD_REF leads to a get_or_create_cast from
VEC<long, 8> to VEC<unsigned 4>
which get_code_for_cast erroneously picks NOP_EXPR for the cast, leading
to a bogus input to the VIEW_CONVERT_EXPR.
This patch fixes the issue by giving up on attempts to cast symbolic
values of vector types, treating the result of such casts as unknowable.
gcc/analyzer/ChangeLog:
PR analyzer/104159
* region-model-manager.cc
(region_model_manager::get_or_create_cast): Bail out if the types
are the same. Don't attempt to handle casts involving vector
types.
gcc/testsuite/ChangeLog:
PR analyzer/104159
* gcc.dg/analyzer/torture/pr104159.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/104159] ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer
2022-01-21 10:52 [Bug analyzer/104159] New: ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer zsojka at seznam dot cz
` (3 preceding siblings ...)
2022-01-22 15:27 ` cvs-commit at gcc dot gnu.org
@ 2022-01-22 15:45 ` dmalcolm at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-01-22 15:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104159
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above patch.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-01-22 15:45 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-21 10:52 [Bug analyzer/104159] New: ICE: in finalize, at vector-builder.h:513 with -O -fanalyzer zsojka at seznam dot cz
2022-01-21 11:31 ` [Bug analyzer/104159] " rguenth at gcc dot gnu.org
2022-01-21 13:55 ` marxin at gcc dot gnu.org
2022-01-21 15:18 ` dmalcolm at gcc dot gnu.org
2022-01-22 15:27 ` cvs-commit at gcc dot gnu.org
2022-01-22 15:45 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).