public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot
@ 2009-01-20 3:50 hp at gcc dot gnu dot org
2009-01-20 3:57 ` [Bug rtl-optimization/38921] " hp at gcc dot gnu dot org
` (13 more replies)
0 siblings, 14 replies; 15+ messages in thread
From: hp at gcc dot gnu dot org @ 2009-01-20 3:50 UTC (permalink / raw)
To: gcc-bugs
With 4.3 branch at revision 143494 (probably also at least 135713, but that has
local patches I don't care to revert to verify) the attached code puts the
p->next load in the delay-slot of the NULL-check branch, yielding a NULL
access.
I'm guessing a reorg.c bug...
(It doesn't seem to happen at HEAD/4.4 at 143507 which instead has some weird
and suboptimal cross-jumping behavior.)
--
Summary: [4.3 Regression] NULL access in delay-slot
Product: gcc
Version: 4.3.3
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: rtl-optimization
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: hp at gcc dot gnu dot org
GCC host triplet: x86_64-unknown-linux-gnu, i686-unknown-linux-gnu
GCC target triplet: cris-*-* and crisv32-*-*
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
@ 2009-01-20 3:57 ` hp at gcc dot gnu dot org
2009-01-20 9:05 ` rguenth at gcc dot gnu dot org
` (12 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: hp at gcc dot gnu dot org @ 2009-01-20 3:57 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from hp at gcc dot gnu dot org 2009-01-20 03:57 -------
Created an attachment (id=17150)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17150&action=view)
testcase
Compile at -O2. Run in simulator (note the linker option) or compile with -O2
-S and observe:
move.d _alarmlist,$r9
move.d [$r9],$r9
.L19:
test.d $r9
bne .L19
move.d [$r9],$r9
Or compile Linux and observe oopses all over...
--
hp at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |hp at gcc dot gnu dot org
|dot org |
Status|UNCONFIRMED |ASSIGNED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
2009-01-20 3:57 ` [Bug rtl-optimization/38921] " hp at gcc dot gnu dot org
@ 2009-01-20 9:05 ` rguenth at gcc dot gnu dot org
2009-01-20 10:38 ` hp at gcc dot gnu dot org
` (11 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2009-01-20 9:05 UTC (permalink / raw)
To: gcc-bugs
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P4
Target Milestone|--- |4.3.3
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
2009-01-20 3:57 ` [Bug rtl-optimization/38921] " hp at gcc dot gnu dot org
2009-01-20 9:05 ` rguenth at gcc dot gnu dot org
@ 2009-01-20 10:38 ` hp at gcc dot gnu dot org
2009-01-21 3:46 ` hp at gcc dot gnu dot org
` (10 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: hp at gcc dot gnu dot org @ 2009-01-20 10:38 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from hp at gcc dot gnu dot org 2009-01-20 10:38 -------
To fit in gcc.dg/torture, the test needs a
/* { dg-do run } */
at the top.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (2 preceding siblings ...)
2009-01-20 10:38 ` hp at gcc dot gnu dot org
@ 2009-01-21 3:46 ` hp at gcc dot gnu dot org
2009-01-21 3:48 ` hp at gcc dot gnu dot org
` (9 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: hp at gcc dot gnu dot org @ 2009-01-21 3:46 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from hp at gcc dot gnu dot org 2009-01-21 03:46 -------
Created an attachment (id=17156)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17156&action=view)
Fix.
Looks like reorg.c wasn't to blame after all. Changes were made to
may_trap_or_fault_p that made them stop considering (general, non-stack,
non-const no special marks) MEMs as potentially trapping; instead putting that
semantics into the new may_trap_after_code_motion_p but apparently without
updating all callers. For may_trap_or_fault_p, the current only callers are
resource.c (reorg.c's old friend) and ifcvt.c and both places assume the
semantics in the patch.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (3 preceding siblings ...)
2009-01-21 3:46 ` hp at gcc dot gnu dot org
@ 2009-01-21 3:48 ` hp at gcc dot gnu dot org
2009-01-21 4:18 ` hp at gcc dot gnu dot org
` (8 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: hp at gcc dot gnu dot org @ 2009-01-21 3:48 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from hp at gcc dot gnu dot org 2009-01-21 03:48 -------
Zdenek, could you please comment on comment #3?
--
hp at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rakdver at gcc dot gnu dot
| |org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (4 preceding siblings ...)
2009-01-21 3:48 ` hp at gcc dot gnu dot org
@ 2009-01-21 4:18 ` hp at gcc dot gnu dot org
2009-01-21 16:41 ` rakdver at gcc dot gnu dot org
` (7 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: hp at gcc dot gnu dot org @ 2009-01-21 4:18 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from hp at gcc dot gnu dot org 2009-01-21 04:17 -------
(In reply to comment #3)
> For may_trap_or_fault_p, the current only callers are
> resource.c (reorg.c's old friend) ...
Typo/thinko; it's actually reorg.c itself, resource.c isn't involved.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (5 preceding siblings ...)
2009-01-21 4:18 ` hp at gcc dot gnu dot org
@ 2009-01-21 16:41 ` rakdver at gcc dot gnu dot org
2009-01-21 22:01 ` hp at gcc dot gnu dot org
` (6 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: rakdver at gcc dot gnu dot org @ 2009-01-21 16:41 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from rakdver at gcc dot gnu dot org 2009-01-21 16:41 -------
(In reply to comment #4)
> Zdenek, could you please comment on comment #3?
>
Adding MTP_AFTER_MOVE seems like the right thing to do; after all, even the
comments for may_trap_or_fault_p specify that it should behave the same way as
may_trap_after_code_motion_p (except for also looking for misaligned memory
references).
However, I suspect that all the places that use may_trap_after_code_motion_p in
fact expect it to have MTP_AFTER_MOVE | MTP_UNALIGNED_MEMS semantics as well.
So I would propose to merge may_trap_or_fault_p and
may_trap_after_code_motion_p to one function (and replace the checks for
MTP_UNALIGNED_MEMS in may_trap_p_1 by MTP_AFTER_MOVE, as they IMHO handle
different instances of the same problem -- the code that does not fail at its
current location, but may fail elsewhere).
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (6 preceding siblings ...)
2009-01-21 16:41 ` rakdver at gcc dot gnu dot org
@ 2009-01-21 22:01 ` hp at gcc dot gnu dot org
2009-01-24 10:28 ` rguenth at gcc dot gnu dot org
` (5 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: hp at gcc dot gnu dot org @ 2009-01-21 22:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from hp at gcc dot gnu dot org 2009-01-21 22:00 -------
(In reply to comment #6)
> However, I suspect that all the places that use may_trap_after_code_motion_p in
> fact expect it to have MTP_AFTER_MOVE | MTP_UNALIGNED_MEMS semantics as well.
Me too.
> So I would propose to merge may_trap_or_fault_p and
> may_trap_after_code_motion_p to one function (and replace the checks for
> MTP_UNALIGNED_MEMS in may_trap_p_1 by MTP_AFTER_MOVE, as they IMHO handle
> different instances of the same problem -- the code that does not fail at its
> current location, but may fail elsewhere).
Yes: I'll prepare a patch to replace (change back) calls to
may_trap_after_code_motion_p with calls to may_trap_or_fault_p and fold
MTP_AFTER_MOVE into MTP_UNALIGNED_MEMS.
If the release managers deems that too invasive for 4.3 and 4.4, perhaps they
can still agree with the patch in commen #3.
Thanks for checking.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (7 preceding siblings ...)
2009-01-21 22:01 ` hp at gcc dot gnu dot org
@ 2009-01-24 10:28 ` rguenth at gcc dot gnu dot org
2009-02-03 17:46 ` hp at gcc dot gnu dot org
` (4 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2009-01-24 10:28 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from rguenth at gcc dot gnu dot org 2009-01-24 10:21 -------
GCC 4.3.3 is being released, adjusting target milestone.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|4.3.3 |4.3.4
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (8 preceding siblings ...)
2009-01-24 10:28 ` rguenth at gcc dot gnu dot org
@ 2009-02-03 17:46 ` hp at gcc dot gnu dot org
2009-02-04 20:55 ` bonzini at gcc dot gnu dot org
` (3 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: hp at gcc dot gnu dot org @ 2009-02-03 17:46 UTC (permalink / raw)
To: gcc-bugs
------- Comment #9 from hp at gcc dot gnu dot org 2009-02-03 17:46 -------
Created an attachment (id=17237)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17237&action=view)
Proposed fix
Also folds may_trap_after_code_motion_p into may_trap_or_fault_p, as being the
original semantics.
--
hp at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #17156|0 |1
is obsolete| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (9 preceding siblings ...)
2009-02-03 17:46 ` hp at gcc dot gnu dot org
@ 2009-02-04 20:55 ` bonzini at gcc dot gnu dot org
2009-02-06 9:06 ` bonzini at gnu dot org
` (2 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: bonzini at gcc dot gnu dot org @ 2009-02-04 20:55 UTC (permalink / raw)
To: gcc-bugs
------- Comment #10 from bonzini at gnu dot org 2009-02-04 20:54 -------
Subject: Bug 38921
Author: bonzini
Date: Wed Feb 4 20:54:36 2009
New Revision: 143939
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=143939
Log:
2009-02-04 Paolo Bonzini <bonzini@gnu.org>
Hans-Peter Nilsson <hp@axis.com>
PR rtl-optimization/37889
* rtlanal.c (rtx_addr_can_trap_p_1): Add offset and size arguments.
Move offset handling from PLUS to before the switch. Use new
arguments when considering SYMBOL_REFs too.
(rtx_addr_can_trap_p): Pass dummy offset and size.
(enum may_trap_p_flags): Remove.
(may_trap_p_1): Pass size from MEM_SIZE.
PR rtl-optimization/38921
* loop-invariant.c (find_invariant_insn): Use may_trap_or_fault_p.
* rtl.h (may_trap_after_code_motion_p): Delete prototype.
* rtlanal.c (may_trap_after_code_motion_p): Delete.
(may_trap_p, may_trap_or_fault_p): Pass 0/1 as flags.
Modified:
trunk/gcc/ChangeLog
trunk/gcc/loop-invariant.c
trunk/gcc/rtl.h
trunk/gcc/rtlanal.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (10 preceding siblings ...)
2009-02-04 20:55 ` bonzini at gcc dot gnu dot org
@ 2009-02-06 9:06 ` bonzini at gnu dot org
2009-07-14 9:34 ` rguenth at gcc dot gnu dot org
2009-07-14 9:34 ` rguenth at gcc dot gnu dot org
13 siblings, 0 replies; 15+ messages in thread
From: bonzini at gnu dot org @ 2009-02-06 9:06 UTC (permalink / raw)
To: gcc-bugs
------- Comment #11 from bonzini at gnu dot org 2009-02-06 09:06 -------
See 39110 for another patch that would need to be backported (thinko fix).
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (11 preceding siblings ...)
2009-02-06 9:06 ` bonzini at gnu dot org
@ 2009-07-14 9:34 ` rguenth at gcc dot gnu dot org
2009-07-14 9:34 ` rguenth at gcc dot gnu dot org
13 siblings, 0 replies; 15+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2009-07-14 9:34 UTC (permalink / raw)
To: gcc-bugs
------- Comment #12 from rguenth at gcc dot gnu dot org 2009-07-14 09:33 -------
Subject: Bug 38921
Author: rguenth
Date: Tue Jul 14 09:32:55 2009
New Revision: 149620
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=149620
Log:
2009-07-14 Richard Guenther <rguenther@suse.de>
Backport from mainline
2009-02-05 Paolo Bonzini <bonzini@gnu.org>
PR rtl-optimization/39110
* rtlanal.c (rtx_addr_can_trap_p_1): Shortcut unaligned
addresses, not aligned ones.
2009-02-04 Paolo Bonzini <bonzini@gnu.org>
Hans-Peter Nilsson <hp@axis.com>
PR rtl-optimization/37889
* rtlanal.c (rtx_addr_can_trap_p_1): Add offset and size arguments.
Move offset handling from PLUS to before the switch. Use new
arguments when considering SYMBOL_REFs too.
(rtx_addr_can_trap_p): Pass dummy offset and size.
(enum may_trap_p_flags): Remove.
(may_trap_p_1): Pass size from MEM_SIZE.
PR rtl-optimization/38921
* loop-invariant.c (find_invariant_insn): Use may_trap_or_fault_p.
* rtl.h (may_trap_after_code_motion_p): Delete prototype.
* rtlanal.c (may_trap_after_code_motion_p): Delete.
(may_trap_p, may_trap_or_fault_p): Pass 0/1 as flags.
Modified:
branches/gcc-4_3-branch/gcc/ChangeLog
branches/gcc-4_3-branch/gcc/loop-invariant.c
branches/gcc-4_3-branch/gcc/rtl.h
branches/gcc-4_3-branch/gcc/rtlanal.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Bug rtl-optimization/38921] [4.3 Regression] NULL access in delay-slot
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
` (12 preceding siblings ...)
2009-07-14 9:34 ` rguenth at gcc dot gnu dot org
@ 2009-07-14 9:34 ` rguenth at gcc dot gnu dot org
13 siblings, 0 replies; 15+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2009-07-14 9:34 UTC (permalink / raw)
To: gcc-bugs
------- Comment #13 from rguenth at gcc dot gnu dot org 2009-07-14 09:34 -------
Fixed.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Known to fail|4.3.4 |4.3.3
Known to work|4.4.0 |4.3.4 4.4.0
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38921
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2009-07-14 9:34 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-01-20 3:50 [Bug rtl-optimization/38921] New: [4.3 Regression] NULL access in delay-slot hp at gcc dot gnu dot org
2009-01-20 3:57 ` [Bug rtl-optimization/38921] " hp at gcc dot gnu dot org
2009-01-20 9:05 ` rguenth at gcc dot gnu dot org
2009-01-20 10:38 ` hp at gcc dot gnu dot org
2009-01-21 3:46 ` hp at gcc dot gnu dot org
2009-01-21 3:48 ` hp at gcc dot gnu dot org
2009-01-21 4:18 ` hp at gcc dot gnu dot org
2009-01-21 16:41 ` rakdver at gcc dot gnu dot org
2009-01-21 22:01 ` hp at gcc dot gnu dot org
2009-01-24 10:28 ` rguenth at gcc dot gnu dot org
2009-02-03 17:46 ` hp at gcc dot gnu dot org
2009-02-04 20:55 ` bonzini at gcc dot gnu dot org
2009-02-06 9:06 ` bonzini at gnu dot org
2009-07-14 9:34 ` rguenth at gcc dot gnu dot org
2009-07-14 9:34 ` rguenth at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).