[Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089
@ 2023-01-30 20:06 gscfq@t-online.de
  2023-01-30 20:28 ` [Bug ipa/108605] " pinskia at gcc dot gnu.org
                   ` (7 more replies)
  0 siblings, 8 replies; 9+ messages in thread
From: gscfq@t-online.de @ 2023-01-30 20:06 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

            Bug ID: 108605
           Summary: [13 Regression] ICE in ipa_push_agg_values_from_jfunc,
                    at ipa-cp.cc:2089
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: gscfq@t-online.de
  Target Milestone: ---

Started between 20221016 and 20221023, at -O2+ :


$ cat z1.cc
typedef enum {A} E;
struct S {
  E __attribute__ ((mode (__byte__))) a;
  E __attribute__ ((mode (__byte__))) b;
  E __attribute__ ((mode (__byte__))) c;
  int d[2147483647];
  E e;
};
void foo (S *s)
{
  if (s->b && s->c != A)
    __builtin_abort ();
}
void bar ()
{
  struct S s[2];
  s[0].a = A;
  s[0].e = A;
  foo (s);
}


$ g++-13-20230129 -c z1.cc -O2
during IPA pass: inline
z1.cc:20:1: internal compiler error: in ipa_push_agg_values_from_jfunc, at
ipa-cp.cc:2089
   20 | }
      | ^
0x1b03d95 ipa_push_agg_values_from_jfunc(ipa_node_params*, cgraph_node*,
ipa_agg_jump_function*, unsigned int, vec<ipa_argagg_value, va_heap, vl_ptr>*)
        ../../gcc/ipa-cp.cc:2088
0xc6f68d evaluate_properties_for_edge(cgraph_edge*, bool, unsigned int*,
unsigned int*, ipa_auto_call_arg_values*, bool)
        ../../gcc/ipa-fnsummary.cc:668
0xc83842 do_estimate_edge_size(cgraph_edge*)
        ../../gcc/ipa-inline-analysis.cc:335
0xc851ba estimate_edge_size
        ../../gcc/ipa-inline.h:79
0xc851ba estimate_edge_growth
        ../../gcc/ipa-inline.h:100
0xc851ba do_estimate_growth_1
        ../../gcc/ipa-inline-analysis.cc:434
0xc85835 cgraph_node::call_for_symbol_and_aliases(bool (*)(cgraph_node*,
void*), void*, bool)
        ../../gcc/cgraph.h:3416
0xc85835 estimate_growth(cgraph_node*)
        ../../gcc/ipa-inline-analysis.cc:472
0x1b237a8 inline_small_functions
        ../../gcc/ipa-inline.cc:1986
0x1b24151 ipa_inline
        ../../gcc/ipa-inline.cc:2754
0x1b24151 execute
        ../../gcc/ipa-inline.cc:3153

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089
  2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
@ 2023-01-30 20:28 ` pinskia at gcc dot gnu.org
  2023-01-30 20:34 ` [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX pinskia at gcc dot gnu.org
                   ` (6 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-01-30 20:28 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Slightly more reduced:
```
struct S {
  char  a;
  char  b;
  char  c;
  int d[0x7fffffffu];
  int e;
};
void foo (S *s)
{
  if (s->b && s->c != 0)
    __builtin_abort ();
}
void bar ()
{
  struct S s[2];
  s[0].a = 0;
  s[0].e = 0;
  foo (s);
}
```

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX
  2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
  2023-01-30 20:28 ` [Bug ipa/108605] " pinskia at gcc dot gnu.org
@ 2023-01-30 20:34 ` pinskia at gcc dot gnu.org
  2023-01-30 20:36 ` pinskia at gcc dot gnu.org
                   ` (5 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-01-30 20:34 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jamborm at gcc dot gnu.org
             Status|UNCONFIRMED                 |NEW
            Summary|[13 Regression] ICE in      |[13 Regression] ICE in
                   |ipa_push_agg_values_from_jf |ipa_push_agg_values_from_jf
                   |unc, at ipa-cp.cc:2089      |unc with offsets >= INT_MAX
     Ever confirmed|0                           |1
   Target Milestone|---                         |13.0
   Last reconfirmed|                            |2023-01-30

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
  unsigned prev_unit_offset = 0;

That is obvious wrong, it should have been unsigned HOST_WIDE_INT ... 

Introduced by r13-3359-g656b2338c8f248

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX
  2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
  2023-01-30 20:28 ` [Bug ipa/108605] " pinskia at gcc dot gnu.org
  2023-01-30 20:34 ` [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX pinskia at gcc dot gnu.org
@ 2023-01-30 20:36 ` pinskia at gcc dot gnu.org
  2023-01-31  8:51 ` rguenth at gcc dot gnu.org
                   ` (4 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-01-30 20:36 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Slightly modified testcase so it comes with both C and C++ front-ends:
```
struct S {
  char  a;
  char  b;
  char  c;
  int d[0x7fffffffu];
  int e;
};
void foo (struct S *s)
{
  if (s->b && s->c != 0)
    __builtin_abort ();
}
void bar ()
{
  struct S s[2];
  s[0].a = 0;
  s[0].e = 0;
  foo (s);
}
```

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX
  2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
                   ` (2 preceding siblings ...)
  2023-01-30 20:36 ` pinskia at gcc dot gnu.org
@ 2023-01-31  8:51 ` rguenth at gcc dot gnu.org
  2023-02-10 17:39 ` [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX since r13-3359-g656b2338c8f248 jakub at gcc dot gnu.org
                   ` (3 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-01-31  8:51 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P1

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX since r13-3359-g656b2338c8f248
  2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
                   ` (3 preceding siblings ...)
  2023-01-31  8:51 ` rguenth at gcc dot gnu.org
@ 2023-02-10 17:39 ` jakub at gcc dot gnu.org
  2023-02-10 18:26 ` jakub at gcc dot gnu.org
                   ` (2 subsequent siblings)
  7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-02-10 17:39 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The use of unsigned for offsets is all around IPA:
ipa-param-manipulation.h:  unsigned unit_offset;
ipa-param-manipulation.h:  unsigned unit_offset;
ipa-param-manipulation.h:  void register_replacement (tree base, unsigned
unit_offset, tree replacement);
ipa-param-manipulation.h:  tree lookup_replacement (tree base, unsigned
unit_offset);
ipa-param-manipulation.h:                                                  
unsigned unit_offset);
ipa-prop.h:  unsigned unit_offset;
ipa-prop.h:  tree get_value (int index, unsigned unit_offset, bool by_ref)
const;
ipa-prop.h:  tree get_value (int index, unsigned unit_offset) const;
ipa-prop.h:  const ipa_argagg_value *get_elt (int index, unsigned unit_offset)
const;
ipa-cp.cc:ipa_argagg_value_list::get_elt (int index, unsigned unit_offset)
const
ipa-cp.cc:  unsigned prev_unit_offset = 0;
ipa-cp.cc:ipa_argagg_value_list::get_value (int index, unsigned unit_offset)
const
ipa-cp.cc:ipa_argagg_value_list::get_value (int index, unsigned unit_offset,
ipa-cp.cc:      unsigned other_offset = other.m_elts[i].unit_offset;
ipa-cp.cc:  unsigned prev_unit_offset = 0;
ipa-cp.cc:  unsigned prev_unit_offset = 0;
ipa-cp.cc:      unsigned this_offset = elts[i].unit_offset;
ipa-cp.cc:  unsigned prev_unit_offset = 0;
ipa-cp.cc:        unsigned unit_offset = aglat->offset / BITS_PER_UNIT;
ipa-cp.cc:  unsigned prev_unit_offset = 0;
ipa-param-manipulation.cc:  unsigned unit_offset;
ipa-param-manipulation.cc:isra_get_ref_base_and_offset (tree expr, tree
*base_p, unsigned *unit_offset_p)
ipa-param-manipulation.cc:                                               
unsigned unit_offset,
ipa-param-manipulation.cc:                                               
unsigned unit_offset)
ipa-param-manipulation.cc:ipa_param_body_adjustments::lookup_replacement (tree
base, unsigned unit_offset)
ipa-param-manipulation.cc:  unsigned unit_offset;
ipa-prop.cc:      unsigned unit_offset = bit_offset / BITS_PER_UNIT;
ipa-sra.cc:  unsigned unit_offset;
ipa-sra.cc:  unsigned unit_offset;
ipa-sra.cc:                          unsigned unit_offset, unsigned unit_size)
ipa-sra.cc:      unsigned offset = argacc->unit_offset + delta_offset;

From the above, only aglat->offset is actually HOST_WIDE_INT.
Now, I think it is just fine to use unsigned rather than say unsigned
HOST_WIDE_INT here, as long as we punt
on trying to optimize stuff which is above those offsets.  E.g.
isra_get_ref_base_and_offset has
  if (offset < 0 || (offset / BITS_PER_UNIT) > UINT_MAX)
    return false;

  *base_p = base;
  *unit_offset_p = offset / BITS_PER_UNIT;
  return true;
and so looks just fine to me.  So, one possibility is just to fix wherever we
haven't done
similar check.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX since r13-3359-g656b2338c8f248
  2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
                   ` (4 preceding siblings ...)
  2023-02-10 17:39 ` [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX since r13-3359-g656b2338c8f248 jakub at gcc dot gnu.org
@ 2023-02-10 18:26 ` jakub at gcc dot gnu.org
  2023-02-11 14:58 ` cvs-commit at gcc dot gnu.org
  2023-02-11 14:59 ` jakub at gcc dot gnu.org
  7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-02-10 18:26 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |jakub at gcc dot gnu.org

--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 54451
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54451&action=edit
gcc13-pr108605.patch

Untested fix.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX since r13-3359-g656b2338c8f248
  2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
                   ` (5 preceding siblings ...)
  2023-02-10 18:26 ` jakub at gcc dot gnu.org
@ 2023-02-11 14:58 ` cvs-commit at gcc dot gnu.org
  2023-02-11 14:59 ` jakub at gcc dot gnu.org
  7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-02-11 14:58 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:

https://gcc.gnu.org/g:00a49047b504b27a8dd19d819c7bc48d54078767

commit r13-5818-g00a49047b504b27a8dd19d819c7bc48d54078767
Author: Jakub Jelinek <jakub@redhat.com>
Date:   Sat Feb 11 15:57:54 2023 +0100

    ipa-cp: Punt for too large offsets [PR108605]

    Seems most of IPA uses unsigned type for byte offsets
    ipa-param-manipulation.h:  unsigned unit_offset;
    ipa-param-manipulation.h:  unsigned unit_offset;
    ipa-param-manipulation.h:  void register_replacement (tree base, unsigned
unit_offset, tree replacement);
    ipa-param-manipulation.h:  tree lookup_replacement (tree base, unsigned
unit_offset);
    ipa-param-manipulation.h:                                                  
unsigned unit_offset);
    ipa-prop.h:  unsigned unit_offset;
    ipa-prop.h:  tree get_value (int index, unsigned unit_offset, bool by_ref)
const;
    ipa-prop.h:  tree get_value (int index, unsigned unit_offset) const;
    ipa-prop.h:  const ipa_argagg_value *get_elt (int index, unsigned
unit_offset) const;
    ipa-cp.cc:ipa_argagg_value_list::get_elt (int index, unsigned unit_offset)
const
    ipa-cp.cc:  unsigned prev_unit_offset = 0;
    ipa-cp.cc:ipa_argagg_value_list::get_value (int index, unsigned
unit_offset) const
    ipa-cp.cc:ipa_argagg_value_list::get_value (int index, unsigned
unit_offset,
    ipa-cp.cc:      unsigned other_offset = other.m_elts[i].unit_offset;
    ipa-cp.cc:  unsigned prev_unit_offset = 0;
    ipa-cp.cc:  unsigned prev_unit_offset = 0;
    ipa-cp.cc:      unsigned this_offset = elts[i].unit_offset;
    ipa-cp.cc:  unsigned prev_unit_offset = 0;
    ipa-cp.cc:        unsigned unit_offset = aglat->offset / BITS_PER_UNIT;
    ipa-cp.cc:  unsigned prev_unit_offset = 0;
    ipa-param-manipulation.cc:  unsigned unit_offset;
    ipa-param-manipulation.cc:isra_get_ref_base_and_offset (tree expr, tree
*base_p, unsigned *unit_offset_p)
    ipa-param-manipulation.cc:                                               
unsigned unit_offset,
    ipa-param-manipulation.cc:                                               
unsigned unit_offset)
    ipa-param-manipulation.cc:ipa_param_body_adjustments::lookup_replacement
(tree base, unsigned unit_offset)
    ipa-param-manipulation.cc:  unsigned unit_offset;
    ipa-prop.cc:      unsigned unit_offset = bit_offset / BITS_PER_UNIT;
    ipa-sra.cc:  unsigned unit_offset;
    ipa-sra.cc:  unsigned unit_offset;
    ipa-sra.cc:                          unsigned unit_offset, unsigned
unit_size)
    ipa-sra.cc:      unsigned offset = argacc->unit_offset + delta_offset;
    so before converting a HOST_WIDE_INT bit offset to unsigned byte offset
    we need to punt for too large offsets.  Some places do that, e.g.
    isra_get_ref_base_and_offset has
      if (offset < 0 || (offset / BITS_PER_UNIT) > UINT_MAX)
        return false;
    but ipa_agg_value_from_jfunc doesn't.

    The following patch fixes that.

    2023-02-11  Jakub Jelinek  <jakub@redhat.com>

            PR ipa/108605
            * ipa-cp.cc (ipa_agg_value_from_jfunc): Return NULL_TREE also if
            item->offset bit position is too large to be representable as
            unsigned int byte position.

            * c-c++-common/pr108605.c: New test.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX since r13-3359-g656b2338c8f248
  2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
                   ` (6 preceding siblings ...)
  2023-02-11 14:58 ` cvs-commit at gcc dot gnu.org
@ 2023-02-11 14:59 ` jakub at gcc dot gnu.org
  7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2023-02-11 14:59 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108605

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Should be fixed now.

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2023-02-11 14:59 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-30 20:06 [Bug c++/108605] New: [13 Regression] ICE in ipa_push_agg_values_from_jfunc, at ipa-cp.cc:2089 gscfq@t-online.de
2023-01-30 20:28 ` [Bug ipa/108605] " pinskia at gcc dot gnu.org
2023-01-30 20:34 ` [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX pinskia at gcc dot gnu.org
2023-01-30 20:36 ` pinskia at gcc dot gnu.org
2023-01-31  8:51 ` rguenth at gcc dot gnu.org
2023-02-10 17:39 ` [Bug ipa/108605] [13 Regression] ICE in ipa_push_agg_values_from_jfunc with offsets >= INT_MAX since r13-3359-g656b2338c8f248 jakub at gcc dot gnu.org
2023-02-10 18:26 ` jakub at gcc dot gnu.org
2023-02-11 14:58 ` cvs-commit at gcc dot gnu.org
2023-02-11 14:59 ` jakub at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).