From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 9466D3858C54; Thu, 11 May 2023 18:56:34 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9466D3858C54
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1683831394;
	bh=4c27jNvLG1BkmSZM8ykZLMyPZAUS/S7rMN4u8WnuW7k=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=sooPKwQv6EM51a80G/3L+JeSfiyf813DXFPdJkTPjM04yROgxskE0jWS67gPYl9mK
	 UD9jEb/bP5ytCBkyih05TDeBmZDMLJeF0iu6WAwNzDBraYg8tMFnXDLUyod2e3yGOP
	 demFBB765E6Uj7wM/pYMpiLfWti0mGSGrpNK/L4k=
From: "pinskia at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/109806] [13/14 Regression] 13.1.0 cc1plus
 stack smashing crash with C array of complex structs
Date: Thu, 11 May 2023 18:56:34 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 13.1.0
X-Bugzilla-Keywords: ice-on-valid-code, memory-hog
X-Bugzilla-Severity: critical
X-Bugzilla-Who: pinskia at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 13.2
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: target_milestone everconfirmed short_desc
 bug_status cf_reconfirmed_on bug_severity keywords
Message-ID: <bug-109806-4-K6j7UQoFl8@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-109806-4@http.gcc.gnu.org/bugzilla/>
References: <bug-109806-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109806

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |13.2
     Ever confirmed|0                           |1
            Summary|13.1.0 cc1plus stack        |[13/14 Regression] 13.1.0
                   |smashing crash with C array |cc1plus stack smashing
                   |of complex structs          |crash with C array of
                   |                            |complex structs
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2023-05-11
           Severity|normal                      |critical
           Keywords|                            |memory-hog

--- Comment #7 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Simple testcase:
```
struct basic_string {
  ~basic_string() { }
};
const basic_string data[] =3D { {} };
```

This fails with `ulimit -s 1024` which is not unreasonable limit even. The
default on Linux is 8MB, I just reduced it down to 1MB.

Backtrace:
#0  0x0000000001f7c9dc in gori_compute::compute_operand1_range (this=3D0x32=
aea00,
r=3D..., handler=3D..., lhs=3D..., name=3D0x7ffff79c3318, src=3D..., rel=3D=
0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:1081
#1  0x0000000001f7ad71 in gori_compute::compute_operand_range (this=3D0x32a=
ea00,
r=3D..., stmt=3D0x7ffff79cf0a0, lhs=3D..., name=3D0x7ffff79c3318, src=3D...=
, rel=3D0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:711
#2  0x0000000001f7eeed in gori_compute::compute_operand_range (rel=3D0x0,
src=3D..., name=3D0x7ffff79c3318, lhs=3D..., stmt=3D0x7ffff79cf0a0, r=3D...,
this=3D0x32aea00) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:611
#3  gori_compute::outgoing_edge_range_p (this=3Dthis@entry=3D0x32aea00, r=
=3D...,
e=3De@entry=3D0x7ffff79c1f00, name=3Dname@entry=3D0x7ffff79c3318, q=3D...) =
at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-gori.cc:1422
#4  0x0000000001f6f65f in ranger_cache::range_from_dom (this=3D<optimized o=
ut>,
r=3D..., name=3D0x7ffff79c3318, start_bb=3D<optimized out>,
mode=3Dranger_cache::RFD_FILL) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1629
#5  0x0000000001f7140a in ranger_cache::range_from_dom
(mode=3Dranger_cache::RFD_FILL, start_bb=3D0x7ffff79b5ae0, name=3D0x7ffff79=
c3318,
r=3D..., this=3D0x32ae9f0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1526
#6  ranger_cache::fill_block_cache (this=3D0x32ae9f0, name=3D0x7ffff79c3318,
bb=3D0x7ffff79b5ae0, def_bb=3D0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1317
#7  0x0000000001f72082 in ranger_cache::block_range (this=3D0x32ae9f0, r=3D=
...,
bb=3D0x7ffff79b5ae0, name=3D0x7ffff79c3318, calc=3Dtrue) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-cache.cc:1144
#8  0x0000000001f68dda in gimple_ranger::range_on_entry (this=3D0x32ae9d0, =
r=3D...,
bb=3D0x7ffff79b5ae0, name=3D0x7ffff79c3318) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:156
#9  0x0000000001f6be2a in gimple_ranger::range_of_expr (this=3D0x32ae9d0, r=
=3D...,
expr=3D0x7ffff79c3318, stmt=3D<optimized out>) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:130
#10 0x0000000001f762bf in fold_using_range::range_of_range_op (this=3D<opti=
mized
out>, r=3D..., handler=3D..., src=3D...) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/value-range.h:611
#11 0x0000000001f77db3 in fold_using_range::fold_stmt (this=3D0x7ffffffd556=
0,
r=3D..., s=3D0x7ffff79d0108, src=3D..., name=3D0x7ffff79c3438) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range-fold.cc:490
#12 0x0000000001f6999a in gimple_ranger::fold_range_internal
(name=3D0x7ffff79c3438, s=3D0x7ffff79d0108, r=3D..., this=3D0x32ae9d0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:257
#13 gimple_ranger::prefill_stmt_dependencies (this=3D0x32ae9d0,
ssa=3D0x7ffff79c3318) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:392
#14 0x0000000001f6a45b in gimple_ranger::range_of_stmt (this=3D0x32ae9d0, r=
=3D...,
s=3D0x7ffff79caf00, name=3D<optimized out>) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:314
#15 0x0000000001f6a629 in gimple_ranger::register_inferred_ranges
(this=3D0x32ae9d0, s=3Ds@entry=3D0x7ffff79caf00) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/gimple-range.cc:474
#16 0x000000000154d2b1 in rvrp_folder::pre_fold_bb (this=3D0x7fffffffd940,
bb=3D0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-vrp.cc:944
#17 0x000000000144a976 in substitute_and_fold_dom_walker::before_dom_childr=
en
(this=3D0x7fffffffd890, bb=3D0x7ffff79b5a80) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-ssa-propagate.cc:734
#18 0x0000000001f38f3f in dom_walker::walk (this=3D0x7fffffffd890,
bb=3D0x7ffff79b5a80) at /home/apinski/src/upstream-gcc-git/gcc/gcc/domwalk.=
cc:311
#19 0x0000000001449816 in substitute_and_fold_engine::substitute_and_fold
(this=3Dthis@entry=3D0x7fffffffd940, block=3Dblock@entry=3D0x0) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-ssa-propagate.cc:971
#20 0x000000000154b6ca in execute_ranger_vrp (fun=3D0x7ffff79c52e0,
warn_array_bounds_p=3Dfalse, final_p=3Dfalse) at
/home/apinski/src/upstream-gcc-git/gcc/gcc/tree-vrp.cc:997


compute_operand1_range has a stack size of `120k` which seems large in itse=
lf
really.=