public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2
@ 2022-08-15 17:28 vsevolod.livinskiy at gmail dot com
2022-08-15 17:33 ` [Bug tree-optimization/106630] " pinskia at gcc dot gnu.org
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: vsevolod.livinskiy at gmail dot com @ 2022-08-15 17:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
Bug ID: 106630
Summary: [13 Regression] ICE: Segmentation fault signal
terminated program cc1plus with -O2
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: vsevolod.livinskiy at gmail dot com
Target Milestone: ---
Link to the Compiler Explorer: https://godbolt.org/z/1hs7ssMrd
Reproducer:
short d, e;
int f;
extern short g[][24];
char c;
void h() {
char a = 6;
c = a;
for (unsigned long a = (d || e) - 1; a < c; a += f)
for (signed b = 0; b < 24; b++)
g[a][b] = 4;
}
Error:
>$ g++ -O2 -c func.cpp
g++: internal compiler error: Segmentation fault signal terminated program
cc1plus
gcc version 13.0.0 20220815 (6624ad73064de241e937e97a28b65c50fe14c78e)
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
@ 2022-08-15 17:33 ` pinskia at gcc dot gnu.org
2022-08-15 17:45 ` mpolacek at gcc dot gnu.org
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-08-15 17:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |13.0
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
2022-08-15 17:33 ` [Bug tree-optimization/106630] " pinskia at gcc dot gnu.org
@ 2022-08-15 17:45 ` mpolacek at gcc dot gnu.org
2022-08-15 19:27 ` [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50 aldyh at gcc dot gnu.org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2022-08-15 17:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-08-15
CC| |aldyh at gcc dot gnu.org,
| |mpolacek at gcc dot gnu.org
Priority|P3 |P1
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
--- Comment #1 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Started with r13-1268-g8c99e307b20c50.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
2022-08-15 17:33 ` [Bug tree-optimization/106630] " pinskia at gcc dot gnu.org
2022-08-15 17:45 ` mpolacek at gcc dot gnu.org
@ 2022-08-15 19:27 ` aldyh at gcc dot gnu.org
2022-08-15 21:34 ` aldyh at gcc dot gnu.org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: aldyh at gcc dot gnu.org @ 2022-08-15 19:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
--- Comment #2 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
Works with -fno-thread-jumps or with -fdisable-tree-dom3.
I haven't investigated whether the threading done in DOM2 is generating invalid
IL, but it looks like this match.pd pattern is going around in circles:
/* (A * C) +- (B * C) -> (A+-B) * C and (A * C) +- A -> A * (C+-1).
Modeled after fold_plusminus_mult_expr. */
(if (!TYPE_SATURATING (type)
&& (!FLOAT_TYPE_P (type) || flag_associative_math))
(for plusminus (plus minus)
...
...
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
` (2 preceding siblings ...)
2022-08-15 19:27 ` [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50 aldyh at gcc dot gnu.org
@ 2022-08-15 21:34 ` aldyh at gcc dot gnu.org
2022-08-15 21:39 ` pinskia at gcc dot gnu.org
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: aldyh at gcc dot gnu.org @ 2022-08-15 21:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
Aldy Hernandez <aldyh at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rguenth at gcc dot gnu.org
--- Comment #3 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
It looks like DOM2, as a side-effect of using the ranger to do cprop, is
exporting a global range for a_9 that is causing a match.pd pattern to go into
an endless loop.
I don't understand match.pd patterns very well. Could someone see if there is
something obvious going on in the pattern?
This is .ivopts:
Applying pattern match.pd:3164, generic-match.cc:22877
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:3164, generic-match.cc:22877
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:3164, generic-match.cc:22877
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:3164, generic-match.cc:22877
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:3164, generic-match.cc:22877
Matching expression match.pd:1894, generic-match.cc:676
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:1921, generic-match.cc:27593
Matching expression match.pd:146, generic-match.cc:23
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:3164, generic-match.cc:22877
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:3164, generic-match.cc:22877
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:3164, generic-match.cc:22877
Matching expression match.pd:1894, generic-match.cc:676
Matching expression match.pd:1894, generic-match.cc:676
Applying pattern match.pd:1921, generic-match.cc:27593
etc
etc
etc
generic_simplify() is being called with:
(gdb) p code
$20 = POINTER_PLUS_EXPR
(gdb) p debug(_p0)
(vector(8) short int *) &g + a_9 * 48
$21 = void
(gdb) p debug(_p1)
48
$22 = void
(gdb)
Where a_9 has a global range of [0,0].
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
` (3 preceding siblings ...)
2022-08-15 21:34 ` aldyh at gcc dot gnu.org
@ 2022-08-15 21:39 ` pinskia at gcc dot gnu.org
2022-08-15 22:09 ` aldyh at gcc dot gnu.org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-08-15 21:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
> It looks like DOM2, as a side-effect of using the ranger to do cprop, is
> exporting a global range for a_9
> Where a_9 has a global range of [0,0].
Why didn't DOM do a constant prop here since the only value for a_9 is 0 ...
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
` (4 preceding siblings ...)
2022-08-15 21:39 ` pinskia at gcc dot gnu.org
@ 2022-08-15 22:09 ` aldyh at gcc dot gnu.org
2022-08-16 7:41 ` rguenth at gcc dot gnu.org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: aldyh at gcc dot gnu.org @ 2022-08-15 22:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
--- Comment #5 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #4)
> > It looks like DOM2, as a side-effect of using the ranger to do cprop, is
> > exporting a global range for a_9
> > Where a_9 has a global range of [0,0].
>
> Why didn't DOM do a constant prop here since the only value for a_9 is 0 ...
The only uses of a_9 are in PHIs:
<bb 5> [local count: 4724464]:
# a_9 = PHI <a_13(4), 0(3)>
goto <bb 8>; [100.00%]
...
...
<bb 8> [local count: 42949672]:
# a_23 = PHI <a_14(7), a_9(5)>
goto <bb 6>; [100.00%]
Perhaps DOM doesn't cprop into PHIs?
....actually:
static void
cprop_into_successor_phis (basic_block bb,
class const_and_copies *const_and_copies)
But that only works with DOM's internal const_and_copies tables, not with
ranger (or originally with the evrp engine).
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
` (5 preceding siblings ...)
2022-08-15 22:09 ` aldyh at gcc dot gnu.org
@ 2022-08-16 7:41 ` rguenth at gcc dot gnu.org
2022-08-16 7:47 ` aldyh at gcc dot gnu.org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-08-16 7:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |rguenth at gcc dot gnu.org
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
We are folding a POINTER_PLUS_EXPR of
(vector(8) short int *) &g + a_9 * 48
and
48
which first gets to (vector(8) short int *) &g + (a_9 * 48 + 48)
which gets
/* (A * C) +- (B * C) -> (A+-B) * C and (A * C) +- A -> A * (C+-1).
Modeled after fold_plusminus_mult_expr. */
applied producing (a_9 + 1) * 48
the fold code produces a (sizetype) cast around (unsigned long) which is
useless (but not in GENERIC) and then
/* Narrow integer multiplication by a zero_one_valued_p operand.
Multiplication by [0,1] is guaranteed not to overflow. */
(simplify
(convert (mult@0 zero_one_valued_p@1 INTEGER_CST@2))
(if (INTEGRAL_TYPE_P (type)
&& INTEGRAL_TYPE_P (TREE_TYPE (@0))
&& TYPE_PRECISION (type) <= TYPE_PRECISION (TREE_TYPE (@0)))
(mult (convert @1) (convert @2))))
triggers but folding this multiplication via fold-const.cc extract_muldiv
hoists the conversion again:
if (TREE_CODE (arg1) == INTEGER_CST
&& (tem = extract_muldiv (op0, arg1, code, NULL_TREE,
&strict_overflow_p)) != 0)
{
if (strict_overflow_p)
fold_overflow_warning (("assuming signed overflow does not "
"occur when simplifying "
"multiplication"),
WARN_STRICT_OVERFLOW_MISC);
return fold_convert_loc (loc, type, tem);
which triggers the endless loop. The fix might be to change the above
pattern guard to TYPE_PRECISION (type) < TYPE_PRECISION (TREE_TYPE (@0))
which would match what the comment says.
The comment about DOM + missing cprop remains of course.
I'm testing the above.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
` (6 preceding siblings ...)
2022-08-16 7:41 ` rguenth at gcc dot gnu.org
@ 2022-08-16 7:47 ` aldyh at gcc dot gnu.org
2022-08-16 7:54 ` rguenther at suse dot de
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: aldyh at gcc dot gnu.org @ 2022-08-16 7:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
--- Comment #7 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
(In reply to Richard Biener from comment #6)
> The comment about DOM + missing cprop remains of course.
This seems like a longstanding problem with DOM (cpropping into PHI args with
range information), as it's never been properly integrated with evrp (or ranger
nowadays). We could put this on a TODO list, I suppose, though I wonder how
much time we should be sinking into DOM since we've all agreed it's best to
ultimately replace it with a PRE instance.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
` (7 preceding siblings ...)
2022-08-16 7:47 ` aldyh at gcc dot gnu.org
@ 2022-08-16 7:54 ` rguenther at suse dot de
2022-08-16 9:20 ` cvs-commit at gcc dot gnu.org
2022-08-16 9:21 ` rguenth at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: rguenther at suse dot de @ 2022-08-16 7:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
--- Comment #8 from rguenther at suse dot de <rguenther at suse dot de> ---
On Tue, 16 Aug 2022, aldyh at gcc dot gnu.org wrote:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
>
> --- Comment #7 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
> (In reply to Richard Biener from comment #6)
>
> > The comment about DOM + missing cprop remains of course.
>
> This seems like a longstanding problem with DOM (cpropping into PHI args with
> range information), as it's never been properly integrated with evrp (or ranger
> nowadays). We could put this on a TODO list, I suppose, though I wonder how
> much time we should be sinking into DOM since we've all agreed it's best to
> ultimately replace it with a PRE instance.
Indeed, I wouldn't worry about this for now.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
` (8 preceding siblings ...)
2022-08-16 7:54 ` rguenther at suse dot de
@ 2022-08-16 9:20 ` cvs-commit at gcc dot gnu.org
2022-08-16 9:21 ` rguenth at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-08-16 9:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Richard Biener <rguenth@gcc.gnu.org>:
https://gcc.gnu.org/g:5e88fccf4be7e8ab22734d87f8e520b25d92d845
commit r13-2069-g5e88fccf4be7e8ab22734d87f8e520b25d92d845
Author: Richard Biener <rguenther@suse.de>
Date: Tue Aug 16 09:43:24 2022 +0200
middle-end/106630 - avoid ping-pong between extract_muldiv and match.pd
The following avoids ping-pong between the match.pd pattern changing
(sizetype) ((a_9 + 1) * 48) to (sizetype)(a_9 + 1) * 48 and
extract_muldiv performing the reverse transform by restricting the
match.pd pattern to narrowing conversions as the comment indicates.
PR middle-end/106630
* match.pd ((T)(x * CST) -> (T)x * CST): Restrict to
narrowing conversions.
* gcc.dg/torture/pr106630.c: New testcase.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
` (9 preceding siblings ...)
2022-08-16 9:20 ` cvs-commit at gcc dot gnu.org
@ 2022-08-16 9:21 ` rguenth at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-08-16 9:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106630
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #10 from Richard Biener <rguenth at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2022-08-16 9:21 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-15 17:28 [Bug tree-optimization/106630] New: [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 vsevolod.livinskiy at gmail dot com
2022-08-15 17:33 ` [Bug tree-optimization/106630] " pinskia at gcc dot gnu.org
2022-08-15 17:45 ` mpolacek at gcc dot gnu.org
2022-08-15 19:27 ` [Bug tree-optimization/106630] [13 Regression] ICE: Segmentation fault signal terminated program cc1plus with -O2 since r13-1268-g8c99e307b20c50 aldyh at gcc dot gnu.org
2022-08-15 21:34 ` aldyh at gcc dot gnu.org
2022-08-15 21:39 ` pinskia at gcc dot gnu.org
2022-08-15 22:09 ` aldyh at gcc dot gnu.org
2022-08-16 7:41 ` rguenth at gcc dot gnu.org
2022-08-16 7:47 ` aldyh at gcc dot gnu.org
2022-08-16 7:54 ` rguenther at suse dot de
2022-08-16 9:20 ` cvs-commit at gcc dot gnu.org
2022-08-16 9:21 ` rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).