public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/114293] New: [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2
@ 2024-03-10 8:17 zsojka at seznam dot cz
2024-03-10 19:20 ` [Bug tree-optimization/114293] " pinskia at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: zsojka at seznam dot cz @ 2024-03-10 8:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114293
Bug ID: 114293
Summary: [14 Regression] ICE: in verify_range, at
value-range.cc:1132 at -O2
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Created attachment 57659
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57659&action=edit
reduced testcase
Compiler output:
$ x86_64-pc-linux-gnu-gcc -O2 testcase.c
testcase.c: In function 'bar':
testcase.c:4:3: warning: '__builtin_memset' specified bound
18374966859414961920 exceeds maximum object size 9223372036854775807
[-Wstringop-overflow=]
4 | __builtin_memset (&b, a, 0xFF00FF00FF00FF00);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
during GIMPLE pass: strlen
testcase.c: In function 'foo':
testcase.c:9:1: internal compiler error: in verify_range, at
value-range.cc:1132
9 | foo (void)
| ^~~
0x8a195e irange::verify_range()
/repo/gcc-trunk/gcc/value-range.cc:1132
0x1853427 irange::set(tree_node*, generic_wide_int<wide_int_storage> const&,
generic_wide_int<wide_int_storage> const&, value_range_kind)
/repo/gcc-trunk/gcc/value-range.cc:1076
0x17394e8 int_range<2u, false>::int_range(tree_node*,
generic_wide_int<wide_int_storage> const&, generic_wide_int<wide_int_storage>
const&, value_range_kind)
/repo/gcc-trunk/gcc/value-range.h:1047
0x17394e8 set_strlen_range(tree_node*, generic_wide_int<wide_int_storage>,
generic_wide_int<wide_int_storage>, tree_node*)
/repo/gcc-trunk/gcc/tree-ssa-strlen.cc:1942
0x17455f8 strlen_pass::handle_builtin_strlen()
/repo/gcc-trunk/gcc/tree-ssa-strlen.cc:2344
0x1745ab5 strlen_pass::check_and_optimize_call(bool*)
/repo/gcc-trunk/gcc/tree-ssa-strlen.cc:5412
0x1746499 strlen_pass::check_and_optimize_stmt(bool*)
/repo/gcc-trunk/gcc/tree-ssa-strlen.cc:5670
0x17468d6 strlen_pass::before_dom_children(basic_block_def*)
/repo/gcc-trunk/gcc/tree-ssa-strlen.cc:5854
0x2615eae dom_walker::walk(basic_block_def*)
/repo/gcc-trunk/gcc/domwalk.cc:311
0x1746dd7 printf_strlen_execute
/repo/gcc-trunk/gcc/tree-ssa-strlen.cc:5913
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest-amd64/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r14-9409-20240309093707-ge9753f4b633-checking-yes-rtl-df-extra-nobootstrap-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/14.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--disable-bootstrap --with-cloog --with-ppl --with-isl
--build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu
--target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --enable-libsanitizer
--disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r14-9409-20240309093707-ge9753f4b633-checking-yes-rtl-df-extra-nobootstrap-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 14.0.1 20240309 (experimental) (GCC)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/114293] [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2
2024-03-10 8:17 [Bug tree-optimization/114293] New: [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2 zsojka at seznam dot cz
@ 2024-03-10 19:20 ` pinskia at gcc dot gnu.org
2024-03-10 19:28 ` pinskia at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-03-10 19:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114293
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |14.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/114293] [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2
2024-03-10 8:17 [Bug tree-optimization/114293] New: [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2 zsojka at seznam dot cz
2024-03-10 19:20 ` [Bug tree-optimization/114293] " pinskia at gcc dot gnu.org
@ 2024-03-10 19:28 ` pinskia at gcc dot gnu.org
2024-03-11 9:48 ` jakub at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-03-10 19:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114293
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2024-03-10
Status|UNCONFIRMED |NEW
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Better reduced testcase:
```
__SIZE_TYPE__ bar (int b)
{
__builtin_memset (&b, 5, -1);
return __builtin_strlen ((char *) &b);
}
```
Confirmed.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/114293] [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2
2024-03-10 8:17 [Bug tree-optimization/114293] New: [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2 zsojka at seznam dot cz
2024-03-10 19:20 ` [Bug tree-optimization/114293] " pinskia at gcc dot gnu.org
2024-03-10 19:28 ` pinskia at gcc dot gnu.org
@ 2024-03-11 9:48 ` jakub at gcc dot gnu.org
2024-03-12 9:24 ` cvs-commit at gcc dot gnu.org
2024-03-12 9:25 ` jakub at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-03-11 9:48 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114293
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |jakub at gcc dot gnu.org
CC| |jakub at gcc dot gnu.org
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 57665
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57665&action=edit
gcc14-pr114293.patch
Untested fix. Like in PR110603, there is UB and we need to pick at most one of
the bounds, not both of them as they are in conflict.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/114293] [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2
2024-03-10 8:17 [Bug tree-optimization/114293] New: [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2 zsojka at seznam dot cz
` (2 preceding siblings ...)
2024-03-11 9:48 ` jakub at gcc dot gnu.org
@ 2024-03-12 9:24 ` cvs-commit at gcc dot gnu.org
2024-03-12 9:25 ` jakub at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-03-12 9:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114293
--- Comment #3 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:39737cdf002637c7a652e9c3e36f369cfce581e5
commit r14-9437-g39737cdf002637c7a652e9c3e36f369cfce581e5
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Mar 12 10:23:19 2024 +0100
strlen: Fix another spot that can create invalid ranges [PR114293]
This PR is similar to PR110603 fixed with r14-8487, except in a different
spot. From the memset with -1 size of non-zero value we determine minimum
of (size_t) -1 and the code uses PTRDIFF_MAX - 2 (not really sure I
understand why it is - 2 and not - 1, e.g. heap allocated array
with PTRDIFF_MAX char elements which contain '\0' in the last element
should be fine, no? One can still represent arr[PTRDIFF_MAX] - arr[0]
and arr[0] - arr[PTRDIFF_MAX] in ptrdiff_t and
strlen (arr) == PTRDIFF_MAX - 1) as the maximum, so again invalid range.
As in the other case, it is just UB that can lead to that, and we have
choice to only keep the min and use +inf for max, or only keep max
and use 0 for min, or not set the range at all, or use [min, min] or
[max, max] etc. The following patch uses [min, +inf].
2024-03-12 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/114293
* tree-ssa-strlen.cc (strlen_pass::handle_builtin_strlen): If
max is smaller than min, set max to ~(size_t)0.
* gcc.dg/pr114293.c: New test.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug tree-optimization/114293] [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2
2024-03-10 8:17 [Bug tree-optimization/114293] New: [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2 zsojka at seznam dot cz
` (3 preceding siblings ...)
2024-03-12 9:24 ` cvs-commit at gcc dot gnu.org
@ 2024-03-12 9:25 ` jakub at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-03-12 9:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114293
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-03-12 9:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-10 8:17 [Bug tree-optimization/114293] New: [14 Regression] ICE: in verify_range, at value-range.cc:1132 at -O2 zsojka at seznam dot cz
2024-03-10 19:20 ` [Bug tree-optimization/114293] " pinskia at gcc dot gnu.org
2024-03-10 19:28 ` pinskia at gcc dot gnu.org
2024-03-11 9:48 ` jakub at gcc dot gnu.org
2024-03-12 9:24 ` cvs-commit at gcc dot gnu.org
2024-03-12 9:25 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).