From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10157 invoked by alias); 25 Jan 2012 10:26:49 -0000 Received: (qmail 10148 invoked by uid 22791); 25 Jan 2012 10:26:48 -0000 X-SWARE-Spam-Status: No, hits=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,SUBJ_OBFU_PUNCT_FEW X-Spam-Check-By: sourceware.org Received: from localhost (HELO gcc.gnu.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 25 Jan 2012 10:26:35 +0000 From: "ubizjak at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/51994] New: [4.6/4.7 Regression] git-1.7.8.3 miscompiled due to negative bitpos from get_inner_reference Date: Wed, 25 Jan 2012 10:30:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: ubizjak at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2012-01/txt/msg02876.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51994 Bug #: 51994 Summary: [4.6/4.7 Regression] git-1.7.8.3 miscompiled due to negative bitpos from get_inner_reference Classification: Unclassified Product: gcc Version: 4.6.3 Status: UNCONFIRMED Keywords: wrong-code Severity: normal Priority: P3 Component: tree-optimization AssignedTo: unassigned@gcc.gnu.org ReportedBy: ubizjak@gmail.com Target: alpha-linux-gnu Created attachment 26457 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=26457 preprocessed source git-1.7.8.3 is miscompiled [1] due to negative bit position returned from get_inner_reference. Start with following patch that ICEs for negative positions: --cut here-- Index: expr.c =================================================================== --- expr.c (revision 183510) +++ expr.c (working copy) @@ -6300,6 +6300,9 @@ get_inner_reference (tree exp, HOST_WIDE_INT *pbit *poffset = offset; } + /* Negative bit positions are not allowed. */ + gcc_assert (*pbitpos >= 0); + /* We can use BLKmode for a byte-aligned BLKmode bitfield. */ if (mode == VOIDmode && blkmode_bitfield --cut here-- Crosscompile attached config.i with -O2 for alpha-linux-gnu target: Breakpoint 1, fancy_abort (file=0x9b5378 "../../gcc-svn/branches/gcc-4_6-branch/gcc/expr.c", line=6304, function=0x9b6490 "get_inner_reference") at ../../gcc-svn/branches/gcc-4_6-branch/gcc/diagnostic.c:892 892 { (gdb) up #1 0x0000000000587234 in get_inner_reference (exp=0x2aaaaf2996e0, pbitsize=0x7fffffffc1b8, pbitpos=0x7fffffffc1b0, poffset=, pmode=, punsignedp=, pvolatilep=0x7fffffffc1c4, keep_aligning=1 '\001') at ../../gcc-svn/branches/gcc-4_6-branch/gcc/expr.c:6304 6304 gcc_assert (*pbitpos >= 0); (gdb) p *pbitpos $2 = -8 (gdb) Negative bit positions should not be allowed. This is what happens with negative positions: #17 0x000000000057147b in adjust_address_1 (memref=0x2aaaaf8fd570, mode=QImode, offset=2305843009213693951, validate=1, adjust=) at ../../gcc-svn/branches/gcc-4_6-branch/gcc/emit-rtl.c:2033 #18 0x000000000058156d in store_bit_field_1 (str_rtx=0x2aaaaf8fd570, bitsize=8, bitnum=18446744073709551608, fieldmode=, value=0x2aaaae770500, fallback_p=) at ../../gcc-svn/branches/gcc-4_6-branch/gcc/expmed.c:469 #19 0x00000000005817cf in store_bit_field (str_rtx=0x2aaaaf8f5fc0, bitsize=46912578215904, bitnum=46912559843392, fieldmode=370, value=0x7) at ../../gcc-svn/branches/gcc-4_6-branch/gcc/expmed.c:838 ---Type to continue, or q to quit--- #20 0x000000000059483b in store_field (target=0x2aaaaf8fd570, bitsize=8, bitpos=-8, mode=QImode, exp=0x2aaaaf29f3e8, type=, alias_set=0, nontemporal=0 '\000') at ../../gcc-svn/branches/gcc-4_6-branch/gcc/expr.c:6056 #21 0x000000000058921a in expand_assignment (to=0x2aaaaf8ac6c0, from=0x2aaaaf29f3e8, nontemporal=0 '\000') at ../../gcc-svn/branches/gcc-4_6-branch/gcc/expr.c:4465 Please see frame #19. Kind of funny bitsizes and bitnums. To trigger this problem on attached config.i, please put a breakpoint on gen_ashldi3 and skip a couple of triggers, so operand2 is (const_int 61): Breakpoint 1, gen_ashldi3 (operand0=0x2aaaaf8f5fc0, operand1=0x2aaaaf8f5fe0, operand2=0x2aaaae770840) at insn-emit.c:429 429 { (gdb) p debug_rtx (operand2) (const_int 61 [0x3d]) The compiler falls apart at: (gdb) up #20 0x000000000059483b in store_field (target=0x2aaaaf8fd570, bitsize=8, bitpos=-8, mode=QImode, exp=0x2aaaaf29f3e8, type=, alias_set=0, nontemporal=0 '\000') at ../../gcc-svn/branches/gcc-4_6-branch/gcc/expr.c:6056 6056 store_bit_field (target, bitsize, bitpos, mode, temp); (gdb) p bitpos $14 = -8 However, store_bit_field is declared as: void store_bit_field (rtx str_rtx, unsigned HOST_WIDE_INT bitsize, unsigned HOST_WIDE_INT bitnum, enum machine_mode fieldmode, rtx value) Compilation goes down the drain from here. The problematic code is located in git_config_rename_section (see also [1]): 19765 output += offset + i; 19766 if (strlen(output) > 0) { 19773 output -= 1; 19774 output[0] = '\t'; [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655518