public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
@ 2024-04-11 3:47 iamanonymous.cs at gmail dot com
2024-04-11 5:59 ` [Bug sanitizer/114687] [13/14 Regression] " pinskia at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: iamanonymous.cs at gmail dot com @ 2024-04-11 3:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
Bug ID: 114687
Summary: ICE: in edge_before_returns_twice_call, at
gimple-iterator.cc:981
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: iamanonymous.cs at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Compiler Explorer: https://godbolt.org/z/vPM1Gshzx
*******************************************************************************
OS and Platform:
$ uname -a:
Linux ubuntu 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023
x86_64 x86_64 x86_64 GNU/Linux
*******************************************************************************
gcc version:
$ gcc -v
Using built-in specs.
COLLECT_GCC=/root/gcc_set/202404101100/bin/gcc
COLLECT_LTO_WRAPPER=/root/gcc_set/202404101100/libexec/gcc/x86_64-pc-linux-gnu/14.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../gcc/configure --prefix=/root/gcc_set/202404101100
--with-gmp=/root/build_essential --with-mpfr=/root/build_essential
--with-mpc=/root/build_essential --enable-languages=c,c++ --disable-multilib
--with-sanitizer=address,undefined,thread,leak
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 14.0.1 20240410 (experimental) (GCC)
git version: 0774240b4df9a9bc48ce33a9625788e402498f5a
*******************************************************************************
Program:
$ cat mutant.c
int a;
int b(int);
__attribute__((pure, returns_twice)) int c() {
a = 1;
while (a)
a = 2;
return a;
}
int e(void) {
int d = c();
b(d);
}
*******************************************************************************
Command Lines:
$ gcc -fsanitize=address -O1 -c mutant.c
during GIMPLE pass: asan
mutant.c: In function ‘e’:
mutant.c:9:5: internal compiler error: in edge_before_returns_twice_call, at
gimple-iterator.cc:981
9 | int e(void) {
| ^
0x792bf8 edge_before_returns_twice_call
../../gcc/gcc/gimple-iterator.cc:981
0xcb169e gsi_safe_insert_before(gimple_stmt_iterator*, gimple*)
../../gcc/gcc/gimple-iterator.cc:1054
0x1060c36 maybe_instrument_call
../../gcc/gcc/asan.cc:3032
0x1060c36 transform_statements
../../gcc/gcc/asan.cc:3118
0x1060fe7 asan_instrument
../../gcc/gcc/asan.cc:4262
0x1060fe7 execute
../../gcc/gcc/asan.cc:4303
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114687] [13/14 Regression] ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
@ 2024-04-11 5:59 ` pinskia at gcc dot gnu.org
2024-04-11 6:50 ` rguenth at gcc dot gnu.org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-04-11 5:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Target Milestone|--- |13.3
Last reconfirmed| |2024-04-11
Known to fail| |14.0
Summary|ICE: in |[13/14 Regression] ICE: in
|edge_before_returns_twice_c |edge_before_returns_twice_c
|all, at |all, at
|gimple-iterator.cc:981 |gimple-iterator.cc:981
Status|UNCONFIRMED |NEW
Known to work| |13.2.0
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Confirmed. I suspect the patches which fixed PR 112709 caused this one which so
this is also a regression on the GCC 13 branch too.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114687] [13/14 Regression] ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
2024-04-11 5:59 ` [Bug sanitizer/114687] [13/14 Regression] " pinskia at gcc dot gnu.org
@ 2024-04-11 6:50 ` rguenth at gcc dot gnu.org
2024-04-11 12:47 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-04-11 6:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P1
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114687] [13/14 Regression] ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
2024-04-11 5:59 ` [Bug sanitizer/114687] [13/14 Regression] " pinskia at gcc dot gnu.org
2024-04-11 6:50 ` rguenth at gcc dot gnu.org
@ 2024-04-11 12:47 ` jakub at gcc dot gnu.org
2024-04-11 15:13 ` jakub at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-04-11 12:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Saying a function is valid code in this case is difficult, claiming that a
noreturn function is pure or returns_twice is wrong, it isn't pure, nor
returns_twice, as it never returns.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114687] [13/14 Regression] ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
` (2 preceding siblings ...)
2024-04-11 12:47 ` jakub at gcc dot gnu.org
@ 2024-04-11 15:13 ` jakub at gcc dot gnu.org
2024-04-12 9:00 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-04-11 15:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |jakub at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 57929
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57929&action=edit
gcc14-pr114687.patch
Untested fix. The tree-cfg.cc verification that ECF_RETURNS_TWICE call is
the first in bb appart from labels/debug stmts is keyed on it appearing in a bb
which has abnormal predecessor, this patch guards the code that attempts to
maintain that invariant on the same condition.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114687] [13/14 Regression] ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
` (3 preceding siblings ...)
2024-04-11 15:13 ` jakub at gcc dot gnu.org
@ 2024-04-12 9:00 ` cvs-commit at gcc dot gnu.org
2024-04-12 9:01 ` [Bug sanitizer/114687] [13 " jakub at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-12 9:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
--- Comment #4 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:c9e94ae448ba309dba74de3ee1974a3ed9248889
commit r14-9933-gc9e94ae448ba309dba74de3ee1974a3ed9248889
Author: Jakub Jelinek <jakub@redhat.com>
Date: Fri Apr 12 10:59:54 2024 +0200
Limit special asan/ubsan/bitint returns_twice handling to calls in bbs with
abnormal pred [PR114687]
The tree-cfg.cc verifier only diagnoses returns_twice calls preceded
by non-label/debug stmts if it is in a bb with abnormal predecessor.
The following testcase shows that if a user lies in the attributes
(a function which never returns can't be pure, and can't return
twice when it doesn't ever return at all), when we figure it out,
we can remove the abnormal edges to the "returns_twice" call and perhaps
whole .ABNORMAL_DISPATCHER etc.
edge_before_returns_twice_call then ICEs because it can't find such
an edge.
The following patch limits the special handling to calls in bbs where
the verifier requires that.
2024-04-12 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/114687
* gimple-iterator.cc (gsi_safe_insert_before): Only use
edge_before_returns_twice_call if bb_has_abnormal_pred.
(gsi_safe_insert_seq_before): Likewise.
* gimple-lower-bitint.cc (bitint_large_huge::lower_call): Only
push to m_returns_twice_calls if bb_has_abnormal_pred.
* gcc.dg/asan/pr114687.c: New test.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114687] [13 Regression] ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
` (4 preceding siblings ...)
2024-04-12 9:00 ` cvs-commit at gcc dot gnu.org
@ 2024-04-12 9:01 ` jakub at gcc dot gnu.org
2024-04-21 4:09 ` cvs-commit at gcc dot gnu.org
2024-04-23 6:44 ` jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-04-12 9:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[13/14 Regression] ICE: in |[13 Regression] ICE: in
|edge_before_returns_twice_c |edge_before_returns_twice_c
|all, at |all, at
|gimple-iterator.cc:981 |gimple-iterator.cc:981
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed on the trunk so far.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114687] [13 Regression] ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
` (5 preceding siblings ...)
2024-04-12 9:01 ` [Bug sanitizer/114687] [13 " jakub at gcc dot gnu.org
@ 2024-04-21 4:09 ` cvs-commit at gcc dot gnu.org
2024-04-23 6:44 ` jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-04-21 4:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
--- Comment #6 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-13 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:7a1a52934a2ab9ac9205a3a4d5b82a672fefba7e
commit r13-8631-g7a1a52934a2ab9ac9205a3a4d5b82a672fefba7e
Author: Jakub Jelinek <jakub@redhat.com>
Date: Fri Apr 12 10:59:54 2024 +0200
Limit special asan/ubsan/bitint returns_twice handling to calls in bbs with
abnormal pred [PR114687]
The tree-cfg.cc verifier only diagnoses returns_twice calls preceded
by non-label/debug stmts if it is in a bb with abnormal predecessor.
The following testcase shows that if a user lies in the attributes
(a function which never returns can't be pure, and can't return
twice when it doesn't ever return at all), when we figure it out,
we can remove the abnormal edges to the "returns_twice" call and perhaps
whole .ABNORMAL_DISPATCHER etc.
edge_before_returns_twice_call then ICEs because it can't find such
an edge.
The following patch limits the special handling to calls in bbs where
the verifier requires that.
2024-04-12 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/114687
* gimple-iterator.cc (gsi_safe_insert_before): Only use
edge_before_returns_twice_call if bb_has_abnormal_pred.
(gsi_safe_insert_seq_before): Likewise.
* gcc.dg/asan/pr114687.c: New test.
(cherry picked from commit c9e94ae448ba309dba74de3ee1974a3ed9248889)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug sanitizer/114687] [13 Regression] ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
` (6 preceding siblings ...)
2024-04-21 4:09 ` cvs-commit at gcc dot gnu.org
@ 2024-04-23 6:44 ` jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-04-23 6:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114687
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed for 13.3 too.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-04-23 6:44 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-11 3:47 [Bug sanitizer/114687] New: ICE: in edge_before_returns_twice_call, at gimple-iterator.cc:981 iamanonymous.cs at gmail dot com
2024-04-11 5:59 ` [Bug sanitizer/114687] [13/14 Regression] " pinskia at gcc dot gnu.org
2024-04-11 6:50 ` rguenth at gcc dot gnu.org
2024-04-11 12:47 ` jakub at gcc dot gnu.org
2024-04-11 15:13 ` jakub at gcc dot gnu.org
2024-04-12 9:00 ` cvs-commit at gcc dot gnu.org
2024-04-12 9:01 ` [Bug sanitizer/114687] [13 " jakub at gcc dot gnu.org
2024-04-21 4:09 ` cvs-commit at gcc dot gnu.org
2024-04-23 6:44 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).