From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 5128D384AB6B; Sun, 2 Jun 2024 12:44:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5128D384AB6B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1717332255; bh=Eo0FCoSmZ1XAUT6xelJqi5aULSRRUcWOlKT1o5XfyF4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=NOPL3TK5bzZ36kzdeuiqBwuZ99kxgTKQ5dQGYIVhiGuj82P56ZcupoVm/vOPfl4Ka M7aHOIM4JPe9FOk1n4A8/rns3qZ3lfiLwNorRFhk0Kg7F2MBXI+2UjAyU3r2Bz+s1L QiZi3GF4WYPg3A3Tt0yM69g70FZ4GS/bFL17eQpo= From: "admin@tho-otto.de" To: gcc-bugs@gcc.gnu.org Subject: [Bug target/113357] [14/15 regression] m68k-linux bootstrap failure in stage2 due to segfault compiling unwind-dw2.c since r14-4664-g04c9cf5c786b94 Date: Sun, 02 Jun 2024 12:44:14 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: target X-Bugzilla-Version: 14.0 X-Bugzilla-Keywords: build, ice-on-valid-code, wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: admin@tho-otto.de X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P4 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 14.2 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D113357 Thorsten Otto changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |admin@tho-otto.de --- Comment #7 from Thorsten Otto --- I ran into a similar problem. The symptom was that code in tree-switch-conversion was miscompiled: if (k =3D=3D count) { gcc_checking_assert (count < m_max_case_bit_tests); test[k].mask =3D wi::zero (prec); test[k].target_bb =3D n->m_case_bb; test[k].label =3D n->m_case_label_expr; test[k].bits =3D 0; test[k].prob =3D profile_probability::never (); count++; } --- good.s 2024-06-02 13:20:13.453987931 +0200 +++ bad.s 2024-06-02 13:50:03.452881214 +0200 @@ -26976,11 +26976,10 @@ move.l %d1,-330(%a0) | prephitmp_336, MEM [(struct wide_int_storage *)&test][count_1036].mask.D.16112.len | gcc/tree-switch-conversion.cc:1639: test[k].target_bb =3D n->m_case_bb; move.l 4(%a3),%d1 | MEM [(void *)n_1= 051 + 4B], vect__12.3140 - lea (-322,%fp),%a4 |,, - lea (%a4,%d0.l),%a1 |, vectp.3143 + lea (%fp,%d0.l),%a1 | tmp12, tmp638, vectp.3143 | gcc/tree-switch-conversion.cc:1639: test[k].target_bb =3D n->m_case_bb; move.l 8(%a3),(%a1) | MEM [(void *)n_1= 051 + 8B], MEM [(void *)vectp.3143_425] - move.l %d1,4(%a1) | vect__12.3140, MEM [(void *)vectp.3143_425 + 4B] + move.l %d1,-318(%a1) | vect__12.3140, MEM [(void *)vectp.3143_425 + 4B] | gcc/tree-switch-conversion.cc:1641: test[k].bits =3D 0; clr.l -314(%a0) | test[count_1036].bits | gcc/tree-switch-conversion.cc:1642: test[k].prob =3D profile_probability::never (); Apparently the offset to the local test array was optimized away for the fi= rst store, causing the outer loop to not find the previous m_case_bb pointer, a= nd then either crash or fail with an assertion because the array overflowed. Seems like this is not the first regression caused by this "optimization". Maybe it should be disabled for targets other than riscv, atleast until more tests have been written. A crash with such a buggy compiler can be produced with eg. int date_is_valid(int mon) { switch (mon) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: break; default: return 0x2400; } return 0; }=