public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084
@ 2022-07-04 19:40 gscfq@t-online.de
2022-07-04 20:13 ` [Bug middle-end/106190] " pinskia at gcc dot gnu.org
` (20 more replies)
0 siblings, 21 replies; 22+ messages in thread
From: gscfq@t-online.de @ 2022-07-04 19:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Bug ID: 106190
Summary: [12/13 Regression] ICE in expand_builtin_eh_common, at
except.cc:2084
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: gscfq@t-online.de
Target Milestone: ---
Started between 20210822 and 20210905, at -O0 (or -g)
and with file gcc.dg/asan/pr105396.c :
$ gcc-13-20220703 -c pr105396.c -fnon-call-exceptions
-fsanitize=address,undefined -fno-sanitize-recover=all
during RTL pass: expand
pr105396.c: In function 'main':
pr105396.c:7:1: internal compiler error: in expand_builtin_eh_common, at
except.cc:2084
7 | main ()
| ^~~~
0x8bd051 expand_builtin_eh_common
../../gcc/except.cc:2084
0x8be3a9 expand_builtin_eh_pointer(tree_node*)
../../gcc/except.cc:2095
0x7b1db2 expand_builtin(tree_node*, rtx_def*, rtx_def*, machine_mode, int)
../../gcc/builtins.cc:7578
0x8dbe48 expand_expr_real_1(tree_node*, rtx_def*, machine_mode,
expand_modifier, rtx_def**, bool)
../../gcc/expr.cc:11641
0x8e6193 store_expr(tree_node*, rtx_def*, int, bool, bool)
../../gcc/expr.cc:6117
0x8e778e expand_assignment(tree_node*, tree_node*, bool)
../../gcc/expr.cc:5849
0x7d1f72 expand_call_stmt
../../gcc/cfgexpand.cc:2829
0x7d1f72 expand_gimple_stmt_1
../../gcc/cfgexpand.cc:3869
0x7d1f72 expand_gimple_stmt
../../gcc/cfgexpand.cc:4033
0x7d6fa7 expand_gimple_basic_block
../../gcc/cfgexpand.cc:6085
0x7d9a6e execute
../../gcc/cfgexpand.cc:6811
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
@ 2022-07-04 20:13 ` pinskia at gcc dot gnu.org
2022-07-04 22:17 ` pinskia at gcc dot gnu.org
` (19 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-07-04 20:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |12.2
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
2022-07-04 20:13 ` [Bug middle-end/106190] " pinskia at gcc dot gnu.org
@ 2022-07-04 22:17 ` pinskia at gcc dot gnu.org
2022-07-04 22:25 ` pinskia at gcc dot gnu.org
` (18 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-07-04 22:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
int
main ()
{
int a;
int *b[1];
int c[10];
int d[1][1];
for (a = 0; a < 1; a++)
d[1][a] = 0;
return 0;
}
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
2022-07-04 20:13 ` [Bug middle-end/106190] " pinskia at gcc dot gnu.org
2022-07-04 22:17 ` pinskia at gcc dot gnu.org
@ 2022-07-04 22:25 ` pinskia at gcc dot gnu.org
2022-07-04 22:25 ` [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all pinskia at gcc dot gnu.org
` (17 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-07-04 22:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
The main difference between GCC 11 and GCC 12 is during ehlowering how
try/finally is lowered.
Maybe it is due to the patch which fixed PR 101423 (aka
r12-2243-g123d0a597beb6d).
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (2 preceding siblings ...)
2022-07-04 22:25 ` pinskia at gcc dot gnu.org
@ 2022-07-04 22:25 ` pinskia at gcc dot gnu.org
2022-07-05 7:58 ` rguenth at gcc dot gnu.org
` (16 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-07-04 22:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[12/13 Regression] ICE in |[12/13 Regression] ICE in
|expand_builtin_eh_common, |expand_builtin_eh_common
|at except.cc:2084 |with -fnon-call-exceptions
| |-fsanitize=address,undefine
| |d -fno-sanitize-recover=all
Status|UNCONFIRMED |NEW
Keywords| |needs-bisection
Ever confirmed|0 |1
Last reconfirmed| |2022-07-04
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Confirmed.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (3 preceding siblings ...)
2022-07-04 22:25 ` [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all pinskia at gcc dot gnu.org
@ 2022-07-05 7:58 ` rguenth at gcc dot gnu.org
2022-07-07 12:44 ` marxin at gcc dot gnu.org
` (15 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-07-05 7:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
Somehow we delted EH region 1 while still having
_18 = __builtin_eh_pointer (1);
in the IL.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (4 preceding siblings ...)
2022-07-05 7:58 ` rguenth at gcc dot gnu.org
@ 2022-07-07 12:44 ` marxin at gcc dot gnu.org
2022-07-07 12:44 ` [Bug middle-end/106190] [9/10/11/12/13 " marxin at gcc dot gnu.org
` (14 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-07-07 12:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |marxin at gcc dot gnu.org
--- Comment #5 from Martin Liška <marxin at gcc dot gnu.org> ---
With gcc pr106190.c -c -fnon-call-exceptions -fexceptions
-fsanitize=address,undefined -fno-sanitize-recover=all
it starts with my r7-4350-g6dc4a6045089adc9 where I added
-fsanitize-address-use-after-scope.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [9/10/11/12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (5 preceding siblings ...)
2022-07-07 12:44 ` marxin at gcc dot gnu.org
@ 2022-07-07 12:44 ` marxin at gcc dot gnu.org
2022-07-14 12:47 ` marxin at gcc dot gnu.org
` (13 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-07-07 12:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[12/13 Regression] ICE in |[9/10/11/12/13 Regression]
|expand_builtin_eh_common |ICE in
|with -fnon-call-exceptions |expand_builtin_eh_common
|-fsanitize=address,undefine |with -fnon-call-exceptions
|d -fno-sanitize-recover=all |-fsanitize=address,undefine
| |d -fno-sanitize-recover=all
Status|NEW |ASSIGNED
CC| |rguenth at gcc dot gnu.org
Assignee|unassigned at gcc dot gnu.org |marxin at gcc dot gnu.org
--- Comment #6 from Martin Liška <marxin at gcc dot gnu.org> ---
Lemme take a look.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [9/10/11/12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (6 preceding siblings ...)
2022-07-07 12:44 ` [Bug middle-end/106190] [9/10/11/12/13 " marxin at gcc dot gnu.org
@ 2022-07-14 12:47 ` marxin at gcc dot gnu.org
2022-07-25 15:16 ` rguenth at gcc dot gnu.org
` (12 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: marxin at gcc dot gnu.org @ 2022-07-14 12:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEW
Assignee|marxin at gcc dot gnu.org |unassigned at gcc dot gnu.org
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [9/10/11/12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (7 preceding siblings ...)
2022-07-14 12:47 ` marxin at gcc dot gnu.org
@ 2022-07-25 15:16 ` rguenth at gcc dot gnu.org
2022-07-25 15:16 ` [Bug middle-end/106190] [10/11/12/13 " rguenth at gcc dot gnu.org
` (11 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-07-25 15:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10/11/12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (8 preceding siblings ...)
2022-07-25 15:16 ` rguenth at gcc dot gnu.org
@ 2022-07-25 15:16 ` rguenth at gcc dot gnu.org
2023-03-27 14:15 ` jakub at gcc dot gnu.org
` (10 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-07-25 15:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[9/10/11/12/13 Regression] |[10/11/12/13 Regression]
|ICE in |ICE in
|expand_builtin_eh_common |expand_builtin_eh_common
|with -fnon-call-exceptions |with -fnon-call-exceptions
|-fsanitize=address,undefine |-fsanitize=address,undefine
|d -fno-sanitize-recover=all |d -fno-sanitize-recover=all
Target Milestone|12.2 |10.5
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10/11/12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (9 preceding siblings ...)
2022-07-25 15:16 ` [Bug middle-end/106190] [10/11/12/13 " rguenth at gcc dot gnu.org
@ 2023-03-27 14:15 ` jakub at gcc dot gnu.org
2023-03-27 14:58 ` jakub at gcc dot gnu.org
` (9 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-03-27 14:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
From what I can see, because of the -fsanitize-address-use-after-scope being on
by default, we end up with .ASAN_MARK (POISON, &d, 4); inside of a finally
block for try/finally, while previously we just had clobbers there.
This results in code like:
...
finally_tmp.1 = 0;
goto <D.3191>;
<D.3191>:
.ASAN_MARK (POISON, &d, 4);
switch (finally_tmp.1) <default: <D.3194>, case 1: <D.3193>>
<D.3194>:
goto <D.3189>;
...
<D.3192>:
finally_tmp.1 = 1;
goto <D.3191>;
<D.3193>:
resx 1
Where D.3192 is an EH landing pad.
This is because lower_try_finally decided not to copy the .ASAN_MARK (POISON,
&d, 4);
call when we aren't optimizing (it could happen also when optimizing if the
finally
block was large).
Next (perhaps something we could look at), in sanopt we see
.UBSAN_BOUNDS (0B, 1, 1);
which is there on the
d[1][a] = 0;
statement first because it is an unconditional out of bound access given
d[1][...] declaration. We actually emit
if (1 >= 1)
goto <bb 12>; [0.05%]
else
goto <bb 11>; [99.95%]
;; succ: 11 [100.0% (guessed)] (FALSE_VALUE)
;; 12 [0.0% (guessed)] (TRUE_VALUE)
;; basic block 12, loop depth 1, maybe hot
;; prev block 3, next block 11, flags: (NEW)
;; pred: 3 [0.0% (guessed)] (TRUE_VALUE)
__builtin___ubsan_handle_out_of_bounds_abort (&*.Lubsan_data0, 1);
;; succ: 11 [always] (FALLTHRU)
;; basic block 11, loop depth 1, maybe hot
without folding the condition and having fallthrough edge even after the
noreturn call.
And later on during optimized pass we try to cleanup the cfg, see that the
d[1][a] = 0
statement is unreachable due to __builtin___ubsan_handle_out_of_bounds_abort
aborting unconditionally before that, so the EH block is unreachable and remove
that EH region. But the code that uses __builtin_eh_pointer (1) looks to be
reachable (it is not, but nothing finds out that finally_tmp.1 is always 0.
And we ICE trying to expand the
__builtin_eh_pointer (1) call.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10/11/12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (10 preceding siblings ...)
2023-03-27 14:15 ` jakub at gcc dot gnu.org
@ 2023-03-27 14:58 ` jakub at gcc dot gnu.org
2023-03-28 8:58 ` cvs-commit at gcc dot gnu.org
` (8 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-03-27 14:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |jakub at gcc dot gnu.org
--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 54768
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54768&action=edit
gcc13-pr106190.patch
Though apparently doing that TODO_cleanup_cfg in sanopt if we lower something
fixes the ICE...
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10/11/12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (11 preceding siblings ...)
2023-03-27 14:58 ` jakub at gcc dot gnu.org
@ 2023-03-28 8:58 ` cvs-commit at gcc dot gnu.org
2023-03-28 9:17 ` [Bug middle-end/106190] [10/11/12 " jakub at gcc dot gnu.org
` (7 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-03-28 8:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:39a43dc336561e0eba0de477b16c7355f19d84ee
commit r13-6897-g39a43dc336561e0eba0de477b16c7355f19d84ee
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Mar 28 10:56:44 2023 +0200
sanopt: Return TODO_cleanup_cfg if any .{UB,HWA,A}SAN_* calls were lowered
[PR106190]
The following testcase ICEs, because without optimization eh lowering
decides not to duplicate finally block of try/finally and so we end up
with variable guarded cleanup. The sanopt pass creates a cfg that ought
to be cleaned up (some IFN_UBSAN_* functions are lowered in this case with
constant conditions in gcond and when not allowing recovery some bbs which
end with noreturn calls actually have successor edges), but the cfg cleanup
is actually (it is -O0) done only during the optimized pass. We notice
there that the d[1][a] = 0; statement which has an EH edge is unreachable
(because ubsan would always abort on the out of bounds d[1] access), remove
the EH landing pad and block, but because that block just sets a variable
and jumps to another one which tests that variable and that one is
reachable
from normal control flow, the __builtin_eh_pointer (1) later in there is
kept in the IL and we ICE during expansion of that statement because the
EH region has been removed.
The following patch fixes it by doing the cfg cleanup already during
sanopt pass if we create something that might need it, while the EH
landing pad is then removed already during sanopt pass, there is ehcleanup
later and we don't ICE anymore.
2023-03-28 Jakub Jelinek <jakub@redhat.com>
PR middle-end/106190
* sanopt.cc (pass_sanopt::execute): Return TODO_cleanup_cfg if any
of the IFN_{UB,HWA,A}SAN_* internal fns are lowered.
* gcc.dg/asan/pr106190.c: New test.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10/11/12 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (12 preceding siblings ...)
2023-03-28 8:58 ` cvs-commit at gcc dot gnu.org
@ 2023-03-28 9:17 ` jakub at gcc dot gnu.org
2023-04-18 7:16 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-03-28 9:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[10/11/12/13 Regression] |[10/11/12 Regression] ICE
|ICE in |in expand_builtin_eh_common
|expand_builtin_eh_common |with -fnon-call-exceptions
|with -fnon-call-exceptions |-fsanitize=address,undefine
|-fsanitize=address,undefine |d -fno-sanitize-recover=all
|d -fno-sanitize-recover=all |
--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed on the trunk so far.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10/11/12 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (13 preceding siblings ...)
2023-03-28 9:17 ` [Bug middle-end/106190] [10/11/12 " jakub at gcc dot gnu.org
@ 2023-04-18 7:16 ` cvs-commit at gcc dot gnu.org
2023-04-18 7:21 ` [Bug middle-end/106190] [10/11 " jakub at gcc dot gnu.org
` (5 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-04-18 7:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
--- Comment #11 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-12 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:2d96422f4608c04d6a7c8444f14446c309416e24
commit r12-9424-g2d96422f4608c04d6a7c8444f14446c309416e24
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Mar 28 10:56:44 2023 +0200
sanopt: Return TODO_cleanup_cfg if any .{UB,HWA,A}SAN_* calls were lowered
[PR106190]
The following testcase ICEs, because without optimization eh lowering
decides not to duplicate finally block of try/finally and so we end up
with variable guarded cleanup. The sanopt pass creates a cfg that ought
to be cleaned up (some IFN_UBSAN_* functions are lowered in this case with
constant conditions in gcond and when not allowing recovery some bbs which
end with noreturn calls actually have successor edges), but the cfg cleanup
is actually (it is -O0) done only during the optimized pass. We notice
there that the d[1][a] = 0; statement which has an EH edge is unreachable
(because ubsan would always abort on the out of bounds d[1] access), remove
the EH landing pad and block, but because that block just sets a variable
and jumps to another one which tests that variable and that one is
reachable
from normal control flow, the __builtin_eh_pointer (1) later in there is
kept in the IL and we ICE during expansion of that statement because the
EH region has been removed.
The following patch fixes it by doing the cfg cleanup already during
sanopt pass if we create something that might need it, while the EH
landing pad is then removed already during sanopt pass, there is ehcleanup
later and we don't ICE anymore.
2023-03-28 Jakub Jelinek <jakub@redhat.com>
PR middle-end/106190
* sanopt.cc (pass_sanopt::execute): Return TODO_cleanup_cfg if any
of the IFN_{UB,HWA,A}SAN_* internal fns are lowered.
* gcc.dg/asan/pr106190.c: New test.
(cherry picked from commit 39a43dc336561e0eba0de477b16c7355f19d84ee)
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10/11 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (14 preceding siblings ...)
2023-04-18 7:16 ` cvs-commit at gcc dot gnu.org
@ 2023-04-18 7:21 ` jakub at gcc dot gnu.org
2023-05-02 20:16 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-04-18 7:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[10/11/12 Regression] ICE |[10/11 Regression] ICE in
|in expand_builtin_eh_common |expand_builtin_eh_common
|with -fnon-call-exceptions |with -fnon-call-exceptions
|-fsanitize=address,undefine |-fsanitize=address,undefine
|d -fno-sanitize-recover=all |d -fno-sanitize-recover=all
--- Comment #12 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed also for 12.3.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10/11 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (15 preceding siblings ...)
2023-04-18 7:21 ` [Bug middle-end/106190] [10/11 " jakub at gcc dot gnu.org
@ 2023-05-02 20:16 ` cvs-commit at gcc dot gnu.org
2023-05-03 9:26 ` [Bug middle-end/106190] [10 " jakub at gcc dot gnu.org
` (3 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-05-02 20:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
--- Comment #13 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:b6d67e397215fbfc408d0282be4522895717bf74
commit r11-10732-gb6d67e397215fbfc408d0282be4522895717bf74
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Mar 28 10:56:44 2023 +0200
sanopt: Return TODO_cleanup_cfg if any .{UB,HWA,A}SAN_* calls were lowered
[PR106190]
The following testcase ICEs, because without optimization eh lowering
decides not to duplicate finally block of try/finally and so we end up
with variable guarded cleanup. The sanopt pass creates a cfg that ought
to be cleaned up (some IFN_UBSAN_* functions are lowered in this case with
constant conditions in gcond and when not allowing recovery some bbs which
end with noreturn calls actually have successor edges), but the cfg cleanup
is actually (it is -O0) done only during the optimized pass. We notice
there that the d[1][a] = 0; statement which has an EH edge is unreachable
(because ubsan would always abort on the out of bounds d[1] access), remove
the EH landing pad and block, but because that block just sets a variable
and jumps to another one which tests that variable and that one is
reachable
from normal control flow, the __builtin_eh_pointer (1) later in there is
kept in the IL and we ICE during expansion of that statement because the
EH region has been removed.
The following patch fixes it by doing the cfg cleanup already during
sanopt pass if we create something that might need it, while the EH
landing pad is then removed already during sanopt pass, there is ehcleanup
later and we don't ICE anymore.
2023-03-28 Jakub Jelinek <jakub@redhat.com>
PR middle-end/106190
* sanopt.c (pass_sanopt::execute): Return TODO_cleanup_cfg if any
of the IFN_{UB,HWA,A}SAN_* internal fns are lowered.
* gcc.dg/asan/pr106190.c: New test.
(cherry picked from commit 39a43dc336561e0eba0de477b16c7355f19d84ee)
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (16 preceding siblings ...)
2023-05-02 20:16 ` cvs-commit at gcc dot gnu.org
@ 2023-05-03 9:26 ` jakub at gcc dot gnu.org
2023-05-03 15:23 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
20 siblings, 0 replies; 22+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-05-03 9:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[10/11 Regression] ICE in |[10 Regression] ICE in
|expand_builtin_eh_common |expand_builtin_eh_common
|with -fnon-call-exceptions |with -fnon-call-exceptions
|-fsanitize=address,undefine |-fsanitize=address,undefine
|d -fno-sanitize-recover=all |d -fno-sanitize-recover=all
--- Comment #14 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed for 11.4 as well.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (17 preceding siblings ...)
2023-05-03 9:26 ` [Bug middle-end/106190] [10 " jakub at gcc dot gnu.org
@ 2023-05-03 15:23 ` cvs-commit at gcc dot gnu.org
2023-05-04 7:18 ` jakub at gcc dot gnu.org
2024-03-11 1:03 ` chenxiaolong at loongson dot cn
20 siblings, 0 replies; 22+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-05-03 15:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
--- Comment #15 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:c8dc9e474549c3c6692a71f5d0c791ef900cb60c
commit r10-11383-gc8dc9e474549c3c6692a71f5d0c791ef900cb60c
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Mar 28 10:56:44 2023 +0200
sanopt: Return TODO_cleanup_cfg if any .{UB,HWA,A}SAN_* calls were lowered
[PR106190]
The following testcase ICEs, because without optimization eh lowering
decides not to duplicate finally block of try/finally and so we end up
with variable guarded cleanup. The sanopt pass creates a cfg that ought
to be cleaned up (some IFN_UBSAN_* functions are lowered in this case with
constant conditions in gcond and when not allowing recovery some bbs which
end with noreturn calls actually have successor edges), but the cfg cleanup
is actually (it is -O0) done only during the optimized pass. We notice
there that the d[1][a] = 0; statement which has an EH edge is unreachable
(because ubsan would always abort on the out of bounds d[1] access), remove
the EH landing pad and block, but because that block just sets a variable
and jumps to another one which tests that variable and that one is
reachable
from normal control flow, the __builtin_eh_pointer (1) later in there is
kept in the IL and we ICE during expansion of that statement because the
EH region has been removed.
The following patch fixes it by doing the cfg cleanup already during
sanopt pass if we create something that might need it, while the EH
landing pad is then removed already during sanopt pass, there is ehcleanup
later and we don't ICE anymore.
2023-03-28 Jakub Jelinek <jakub@redhat.com>
PR middle-end/106190
* sanopt.c (pass_sanopt::execute): Return TODO_cleanup_cfg if any
of the IFN_{UB,HWA,A}SAN_* internal fns are lowered.
* gcc.dg/asan/pr106190.c: New test.
(cherry picked from commit 39a43dc336561e0eba0de477b16c7355f19d84ee)
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (18 preceding siblings ...)
2023-05-03 15:23 ` cvs-commit at gcc dot gnu.org
@ 2023-05-04 7:18 ` jakub at gcc dot gnu.org
2024-03-11 1:03 ` chenxiaolong at loongson dot cn
20 siblings, 0 replies; 22+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-05-04 7:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #16 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed for 10.5 too.
^ permalink raw reply [flat|nested] 22+ messages in thread
* [Bug middle-end/106190] [10 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
` (19 preceding siblings ...)
2023-05-04 7:18 ` jakub at gcc dot gnu.org
@ 2024-03-11 1:03 ` chenxiaolong at loongson dot cn
20 siblings, 0 replies; 22+ messages in thread
From: chenxiaolong at loongson dot cn @ 2024-03-11 1:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106190
chenxiaolong <chenxiaolong at loongson dot cn> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chenxiaolong at loongson dot cn
--- Comment #17 from chenxiaolong <chenxiaolong at loongson dot cn> ---
(In reply to Andrew Pinski from comment #1)
> int
> main ()
> {
> int a;
> int *b[1];
> int c[10];
> int d[1][1];
> for (a = 0; a < 1; a++)
> d[1][a] = 0;
> return 0;
> }
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2024-03-11 1:03 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-04 19:40 [Bug c/106190] New: [12/13 Regression] ICE in expand_builtin_eh_common, at except.cc:2084 gscfq@t-online.de
2022-07-04 20:13 ` [Bug middle-end/106190] " pinskia at gcc dot gnu.org
2022-07-04 22:17 ` pinskia at gcc dot gnu.org
2022-07-04 22:25 ` pinskia at gcc dot gnu.org
2022-07-04 22:25 ` [Bug middle-end/106190] [12/13 Regression] ICE in expand_builtin_eh_common with -fnon-call-exceptions -fsanitize=address,undefined -fno-sanitize-recover=all pinskia at gcc dot gnu.org
2022-07-05 7:58 ` rguenth at gcc dot gnu.org
2022-07-07 12:44 ` marxin at gcc dot gnu.org
2022-07-07 12:44 ` [Bug middle-end/106190] [9/10/11/12/13 " marxin at gcc dot gnu.org
2022-07-14 12:47 ` marxin at gcc dot gnu.org
2022-07-25 15:16 ` rguenth at gcc dot gnu.org
2022-07-25 15:16 ` [Bug middle-end/106190] [10/11/12/13 " rguenth at gcc dot gnu.org
2023-03-27 14:15 ` jakub at gcc dot gnu.org
2023-03-27 14:58 ` jakub at gcc dot gnu.org
2023-03-28 8:58 ` cvs-commit at gcc dot gnu.org
2023-03-28 9:17 ` [Bug middle-end/106190] [10/11/12 " jakub at gcc dot gnu.org
2023-04-18 7:16 ` cvs-commit at gcc dot gnu.org
2023-04-18 7:21 ` [Bug middle-end/106190] [10/11 " jakub at gcc dot gnu.org
2023-05-02 20:16 ` cvs-commit at gcc dot gnu.org
2023-05-03 9:26 ` [Bug middle-end/106190] [10 " jakub at gcc dot gnu.org
2023-05-03 15:23 ` cvs-commit at gcc dot gnu.org
2023-05-04 7:18 ` jakub at gcc dot gnu.org
2024-03-11 1:03 ` chenxiaolong at loongson dot cn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).