* [Bug tree-optimization/105368] [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
@ 2022-04-25 7:08 ` rguenth at gcc dot gnu.org
2022-04-25 8:06 ` zsojka at seznam dot cz
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-04-25 7:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
I can't reproduce but I also don't see how the code could crash there.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
2022-04-25 7:08 ` [Bug tree-optimization/105368] " rguenth at gcc dot gnu.org
@ 2022-04-25 8:06 ` zsojka at seznam dot cz
2022-04-25 8:46 ` zsojka at seznam dot cz
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: zsojka at seznam dot cz @ 2022-04-25 8:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
--- Comment #2 from Zdenek Sojka <zsojka at seznam dot cz> ---
(gdb) disas
Dump of assembler code for function powi_cost(long):
0x0000000001538160 <+0>: push %r14
0x0000000001538162 <+2>: mov $0x20,%ecx
0x0000000001538167 <+7>: push %r13
0x0000000001538169 <+9>: push %r12
0x000000000153816b <+11>: push %rbp
0x000000000153816c <+12>: push %rbx
0x000000000153816d <+13>: mov %rdi,%rbx
0x0000000001538170 <+16>: sub $0x100,%rsp
0x0000000001538177 <+23>: neg %rbx
0x000000000153817a <+26>: cmovs %rdi,%rbx
0x000000000153817e <+30>: mov %rsp,%r13
0x0000000001538181 <+33>: xor %eax,%eax
0x0000000001538183 <+35>: xor %r12d,%r12d
0x0000000001538186 <+38>: mov %r13,%rdi
0x0000000001538189 <+41>: rep stos %rax,%es:(%rdi)
0x000000000153818c <+44>: movb $0x1,0x1(%rsp)
=> 0x0000000001538191 <+49>: cmp $0xff,%rbx
0x0000000001538198 <+56>: jg 0x15381b0 <powi_cost(long)+80>
0x000000000153819a <+58>: jmp 0x1538207 <powi_cost(long)+167>
1463
1464 /* Ignore the reciprocal when calculating the cost. */
1465 val = (n < 0) ? -n : n;
0x000000000153816d <+13>: mov %rdi,%rbx
1454 powi_cost (HOST_WIDE_INT n)
0x0000000001538170 <+16>: sub $0x100,%rsp
1455 {
1456 bool cache[POWI_TABLE_SIZE];
1457 unsigned HOST_WIDE_INT digit;
1458 unsigned HOST_WIDE_INT val;
1459 int result;
1460
1461 if (n == 0)
1462 return 0;
--Type <RET> for more, q to quit, c to continue without paging--
1463
1464 /* Ignore the reciprocal when calculating the cost. */
1465 val = (n < 0) ? -n : n;
0x0000000001538177 <+23>: neg %rbx
0x000000000153817a <+26>: cmovs %rdi,%rbx
...
/repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:
1469 cache[1] = true;
0x000000000153818c <+44>: movb $0x1,0x1(%rsp)
1472
1473 while (val >= POWI_TABLE_SIZE)
=> 0x0000000001538191 <+49>: cmp $0xff,%rbx
0x0000000001538198 <+56>: jg 0x15381b0 <powi_cost(long)+80>
0x000000000153819a <+58>: jmp 0x1538207 <powi_cost(long)+167>
(gdb) p/x n
$19 = 0x8000000000000000
(gdb) p/x val
$20 = 0x8000000000000000
(gdb) p/x $rbx
$22 = 0x8000000000000000
The "while (val >= POWI_TABLE_SIZE)" check seems to be done in signed
arithmetics ("jg" conditional jump), so the value is not reduced and cache[i]
accesses out of bounds.
This happens with both boostrapped and non-bootstrapped compiler (using host
gcc-11.3.0)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
2022-04-25 7:08 ` [Bug tree-optimization/105368] " rguenth at gcc dot gnu.org
2022-04-25 8:06 ` zsojka at seznam dot cz
@ 2022-04-25 8:46 ` zsojka at seznam dot cz
2022-04-25 8:54 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: zsojka at seznam dot cz @ 2022-04-25 8:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
--- Comment #3 from Zdenek Sojka <zsojka at seznam dot cz> ---
I think the issue might be in the:
> 1463
> 1464 /* Ignore the reciprocal when calculating the cost. */
> 1465 val = (n < 0) ? -n : n;
expression, for the case n == LONG_MIN, but I am not a language lawyer. (-n is
not representable in the (promoted) signed type)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (2 preceding siblings ...)
2022-04-25 8:46 ` zsojka at seznam dot cz
@ 2022-04-25 8:54 ` rguenth at gcc dot gnu.org
2022-04-25 8:55 ` pinskia at gcc dot gnu.org
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-04-25 8:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-04-25
Status|UNCONFIRMED |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |rguenth at gcc dot gnu.org
Ever confirmed|0 |1
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Zdenek Sojka from comment #3)
> I think the issue might be in the:
>
> > 1463
> > 1464 /* Ignore the reciprocal when calculating the cost. */
> > 1465 val = (n < 0) ? -n : n;
>
> expression, for the case n == LONG_MIN, but I am not a language lawyer. (-n
> is not representable in the (promoted) signed type)
Ah, good point.
diff --git a/gcc/tree-ssa-math-opts.cc b/gcc/tree-ssa-math-opts.cc
index 102b7a2cc99..7555793948e 100644
--- a/gcc/tree-ssa-math-opts.cc
+++ b/gcc/tree-ssa-math-opts.cc
@@ -1462,7 +1462,7 @@ powi_cost (HOST_WIDE_INT n)
return 0;
/* Ignore the reciprocal when calculating the cost. */
- val = (n < 0) ? -n : n;
+ val = absu_hwi (n);
/* Initialize the exponent cache. */
memset (cache, 0, POWI_TABLE_SIZE * sizeof (bool));
should fix that.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (3 preceding siblings ...)
2022-04-25 8:54 ` rguenth at gcc dot gnu.org
@ 2022-04-25 8:55 ` pinskia at gcc dot gnu.org
2022-04-25 9:47 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-04-25 8:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Might be easier to reproduce using ubsan too.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (4 preceding siblings ...)
2022-04-25 8:55 ` pinskia at gcc dot gnu.org
@ 2022-04-25 9:47 ` cvs-commit at gcc dot gnu.org
2022-04-25 10:00 ` zsojka at seznam dot cz
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-25 9:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Richard Biener <rguenth@gcc.gnu.org>:
https://gcc.gnu.org/g:f0e170f72f8bfaa2a64e1d09ebdfd48f917420f1
commit r12-8242-gf0e170f72f8bfaa2a64e1d09ebdfd48f917420f1
Author: Richard Biener <rguenther@suse.de>
Date: Mon Apr 25 10:55:21 2022 +0200
tree-optimization/105368 - avoid overflow in powi_cost
The following avoids undefined signed overflow when computing
the absolute of the exponent in powi_cost.
2022-04-25 Richard Biener <rguenther@suse.de>
PR tree-optimization/105368
* tree-ssa-math-opts.cc (powi_cost): Use absu_hwi.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (5 preceding siblings ...)
2022-04-25 9:47 ` cvs-commit at gcc dot gnu.org
@ 2022-04-25 10:00 ` zsojka at seznam dot cz
2022-04-25 10:31 ` [Bug tree-optimization/105368] [10/11 " rguenth at gcc dot gnu.org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: zsojka at seznam dot cz @ 2022-04-25 10:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
--- Comment #7 from Zdenek Sojka <zsojka at seznam dot cz> ---
I can confirm the patch fixes the testcase for me.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (6 preceding siblings ...)
2022-04-25 10:00 ` zsojka at seznam dot cz
@ 2022-04-25 10:31 ` rguenth at gcc dot gnu.org
2022-04-25 10:32 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-04-25 10:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to fail|12.0 |
Summary|[10/11/12 Regression] ICE: |[10/11 Regression] ICE:
|SIGSEGV in powi_lookup_cost |SIGSEGV in powi_lookup_cost
|(tree-ssa-math-opts.cc:1441 |(tree-ssa-math-opts.cc:1441
|) with -Ofast and |) with -Ofast and
|__builtin_powf() |__builtin_powf()
Known to work| |12.0
--- Comment #8 from Richard Biener <rguenth at gcc dot gnu.org> ---
Thanks.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (7 preceding siblings ...)
2022-04-25 10:31 ` [Bug tree-optimization/105368] [10/11 " rguenth at gcc dot gnu.org
@ 2022-04-25 10:32 ` rguenth at gcc dot gnu.org
2022-05-19 14:03 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-04-25 10:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
Target Milestone|--- |10.4
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10/11 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (8 preceding siblings ...)
2022-04-25 10:32 ` rguenth at gcc dot gnu.org
@ 2022-05-19 14:03 ` cvs-commit at gcc dot gnu.org
2022-05-27 13:15 ` [Bug tree-optimization/105368] [10 " cvs-commit at gcc dot gnu.org
2022-05-27 13:17 ` rguenth at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-05-19 14:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Richard Biener
<rguenth@gcc.gnu.org>:
https://gcc.gnu.org/g:3e6ae76385c60ad1ef63270ba969729a40ca1245
commit r11-10019-g3e6ae76385c60ad1ef63270ba969729a40ca1245
Author: Richard Biener <rguenther@suse.de>
Date: Mon Apr 25 10:55:21 2022 +0200
tree-optimization/105368 - avoid overflow in powi_cost
The following avoids undefined signed overflow when computing
the absolute of the exponent in powi_cost.
2022-04-25 Richard Biener <rguenther@suse.de>
PR tree-optimization/105368
* tree-ssa-math-opts.c (powi_cost): Use absu_hwi.
(cherry picked from commit f0e170f72f8bfaa2a64e1d09ebdfd48f917420f1)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (9 preceding siblings ...)
2022-05-19 14:03 ` cvs-commit at gcc dot gnu.org
@ 2022-05-27 13:15 ` cvs-commit at gcc dot gnu.org
2022-05-27 13:17 ` rguenth at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-05-27 13:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
--- Comment #10 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Richard Biener
<rguenth@gcc.gnu.org>:
https://gcc.gnu.org/g:ebe6ffee1aa2d819e4fbdf4130e054a33c274b38
commit r10-10764-gebe6ffee1aa2d819e4fbdf4130e054a33c274b38
Author: Richard Biener <rguenther@suse.de>
Date: Mon Apr 25 10:55:21 2022 +0200
tree-optimization/105368 - avoid overflow in powi_cost
The following avoids undefined signed overflow when computing
the absolute of the exponent in powi_cost.
2022-04-25 Richard Biener <rguenther@suse.de>
PR tree-optimization/105368
* tree-ssa-math-opts.c (powi_cost): Use absu_hwi.
(cherry picked from commit f0e170f72f8bfaa2a64e1d09ebdfd48f917420f1)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug tree-optimization/105368] [10 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf()
2022-04-24 19:07 [Bug tree-optimization/105368] New: [10/11/12 Regression] ICE: SIGSEGV in powi_lookup_cost (tree-ssa-math-opts.cc:1441) with -Ofast and __builtin_powf() zsojka at seznam dot cz
` (10 preceding siblings ...)
2022-05-27 13:15 ` [Bug tree-optimization/105368] [10 " cvs-commit at gcc dot gnu.org
@ 2022-05-27 13:17 ` rguenth at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-05-27 13:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105368
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Known to work| |10.3.1
Resolution|--- |FIXED
Known to fail| |10.3.0
--- Comment #11 from Richard Biener <rguenth at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 13+ messages in thread