public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/53053] New: code-gen (missing loop-termination test) bug introduced between April 18 and April 19th
@ 2012-04-20 9:18 jim at meyering dot net
2012-04-20 9:26 ` [Bug c/53053] " rguenth at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: jim at meyering dot net @ 2012-04-20 9:18 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53053
Bug #: 53053
Summary: code-gen (missing loop-termination test) bug
introduced between April 18 and April 19th
Classification: Unclassified
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: jim@meyering.net
Background, gcc-compiled emacs (bzr trunk) began to segfault
differently when compiled with yesterday's gcc-trunk.
Given this function from emacs' dispnew.c,
(LAST_AREA is an enum with value 3)
static __attribute__((noinline)) void
swap_glyph_pointers (struct glyph_row *a, struct glyph_row *b)
{
unsigned int i;
unsigned hash_tem = a->hash;
for (i = 0; i < LAST_AREA + 1; ++i)
{
struct glyph *temp = a->glyphs[i];
short used_tem = a->used[i];
a->glyphs[i] = b->glyphs[i];
b->glyphs[i] = temp;
a->used[i] = b->used[i];
b->used[i] = used_tem;
}
a->hash = b->hash;
b->hash = hash_tem;
}
*** FAILURE: using yesterday's gcc
Compiling dispnew with -O1 or less there is no problem.
Compiling just dispnew.c with -O2 (all the rest is compiled with -ggdb3)
via make CFLAGS='-O2 -ggdb3' CC=/p/p/gcc-2012-04-19.16h18/bin/gcc
* currently-generated code, "i" increases until segfault:
0000000000000120 <swap_glyph_pointers>:
120: 31 c0 xor %eax,%eax
122: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
128: 48 8b 0c 87 mov (%rdi,%rax,4),%rcx
12c: 4c 8b 04 86 mov (%rsi,%rax,4),%r8
130: 0f b7 54 07 20 movzwl 0x20(%rdi,%rax,1),%edx
135: 4c 89 04 87 mov %r8,(%rdi,%rax,4)
139: 48 89 0c 86 mov %rcx,(%rsi,%rax,4)
13d: 0f b7 4c 06 20 movzwl 0x20(%rsi,%rax,1),%ecx
142: 66 89 4c 07 20 mov %cx,0x20(%rdi,%rax,1)
147: 66 89 54 06 20 mov %dx,0x20(%rsi,%rax,1)
14c: 48 83 c0 02 add $0x2,%rax
150: eb d6 jmp 128 <swap_glyph_pointers+0x8>
152: 66 66 66 66 66 2e 0f data32 data32 data32 data32 nopw
%cs:0x0(%rax,%rax,1)
159: 1f 84 00 00 00 00 00
*** SUCCESS: using gcc from Wed April 18
Compiling the same file with gcc built from a snapshot a day earlier,
make CFLAGS='-O2 -ggdb3' CC=/p/p/gcc-2012-04-18.15h00/bin/gcc
* code generated by svn/trunk of gcc-2012-04-18.15h00 (UTC),
This loop terminates normally.
0000000000000120 <swap_glyph_pointers>:
120: 44 8b 4f 4c mov 0x4c(%rdi),%r9d
124: 31 c0 xor %eax,%eax
126: 48 8b 0c 87 mov (%rdi,%rax,4),%rcx
12a: 4c 8b 04 86 mov (%rsi,%rax,4),%r8
12e: 0f b7 54 07 20 movzwl 0x20(%rdi,%rax,1),%edx
133: 4c 89 04 87 mov %r8,(%rdi,%rax,4)
137: 48 89 0c 86 mov %rcx,(%rsi,%rax,4)
13b: 0f b7 4c 06 20 movzwl 0x20(%rsi,%rax,1),%ecx
140: 66 89 4c 07 20 mov %cx,0x20(%rdi,%rax,1)
145: 66 89 54 06 20 mov %dx,0x20(%rsi,%rax,1)
14a: 48 83 c0 02 add $0x2,%rax
14e: 48 83 f8 08 cmp $0x8,%rax
152: 75 d2 jne 126 <swap_glyph_pointers+0x6>
154: 8b 46 4c mov 0x4c(%rsi),%eax
157: 89 47 4c mov %eax,0x4c(%rdi)
15a: 44 89 4e 4c mov %r9d,0x4c(%rsi)
15e: c3 retq
15f: 90 nop
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/53053] code-gen (missing loop-termination test) bug introduced between April 18 and April 19th
2012-04-20 9:18 [Bug c/53053] New: code-gen (missing loop-termination test) bug introduced between April 18 and April 19th jim at meyering dot net
@ 2012-04-20 9:26 ` rguenth at gcc dot gnu.org
2012-04-20 10:28 ` jim at meyering dot net
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2012-04-20 9:26 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53053
Richard Guenther <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |WAITING
Last reconfirmed| |2012-04-20
Ever Confirmed|0 |1
--- Comment #1 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-04-20 09:25:46 UTC ---
Seems to be similar to other existing cases. You very likely have an
out-of-bound array access in your loop.
No testcase.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/53053] code-gen (missing loop-termination test) bug introduced between April 18 and April 19th
2012-04-20 9:18 [Bug c/53053] New: code-gen (missing loop-termination test) bug introduced between April 18 and April 19th jim at meyering dot net
2012-04-20 9:26 ` [Bug c/53053] " rguenth at gcc dot gnu.org
@ 2012-04-20 10:28 ` jim at meyering dot net
2012-04-20 10:43 ` jim at meyering dot net
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: jim at meyering dot net @ 2012-04-20 10:28 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53053
--- Comment #2 from jim at meyering dot net 2012-04-20 10:28:35 UTC ---
when I add printf ("%u\n", i); before the end of the loop, it prints values up
to about 128K before segfaulting.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/53053] code-gen (missing loop-termination test) bug introduced between April 18 and April 19th
2012-04-20 9:18 [Bug c/53053] New: code-gen (missing loop-termination test) bug introduced between April 18 and April 19th jim at meyering dot net
2012-04-20 9:26 ` [Bug c/53053] " rguenth at gcc dot gnu.org
2012-04-20 10:28 ` jim at meyering dot net
@ 2012-04-20 10:43 ` jim at meyering dot net
2012-04-20 11:08 ` jakub at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: jim at meyering dot net @ 2012-04-20 10:43 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53053
--- Comment #3 from jim at meyering dot net 2012-04-20 10:43:28 UTC ---
Created attachment 27201
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=27201
preprocessed source
PS, gcc was built via this:
CC=/usr/bin/gcc ./configure --prefix=$prefix --disable-multilib \
--disable-libmudflap --disable-nls --enable-languages=c && make bootstrap
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/53053] code-gen (missing loop-termination test) bug introduced between April 18 and April 19th
2012-04-20 9:18 [Bug c/53053] New: code-gen (missing loop-termination test) bug introduced between April 18 and April 19th jim at meyering dot net
` (2 preceding siblings ...)
2012-04-20 10:43 ` jim at meyering dot net
@ 2012-04-20 11:08 ` jakub at gcc dot gnu.org
2012-04-20 11:24 ` jim at meyering dot net
2012-04-20 12:01 ` rguenth at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: jakub at gcc dot gnu.org @ 2012-04-20 11:08 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53053
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> 2012-04-20 11:07:43 UTC ---
So what Richard says is true.
short used[LAST_AREA];
...
for (i = 0; i < LAST_AREA + 1; ++i)
...
short used_tem = a->used[i];
This reads (and stores) used[LAST_AREA].
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/53053] code-gen (missing loop-termination test) bug introduced between April 18 and April 19th
2012-04-20 9:18 [Bug c/53053] New: code-gen (missing loop-termination test) bug introduced between April 18 and April 19th jim at meyering dot net
` (3 preceding siblings ...)
2012-04-20 11:08 ` jakub at gcc dot gnu.org
@ 2012-04-20 11:24 ` jim at meyering dot net
2012-04-20 12:01 ` rguenth at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: jim at meyering dot net @ 2012-04-20 11:24 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53053
--- Comment #5 from jim at meyering dot net 2012-04-20 11:23:21 UTC ---
Oh! I'm not used to seeing this sort of transformation (invalid code ->
effectively-skipped loop-termination test), but it certainly makes sense,
given an invalid input.
Thank you both.
definitely NOTABUG.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/53053] code-gen (missing loop-termination test) bug introduced between April 18 and April 19th
2012-04-20 9:18 [Bug c/53053] New: code-gen (missing loop-termination test) bug introduced between April 18 and April 19th jim at meyering dot net
` (4 preceding siblings ...)
2012-04-20 11:24 ` jim at meyering dot net
@ 2012-04-20 12:01 ` rguenth at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2012-04-20 12:01 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53053
Richard Guenther <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |RESOLVED
Resolution| |INVALID
--- Comment #6 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-04-20 12:00:55 UTC ---
Thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-04-20 12:01 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-20 9:18 [Bug c/53053] New: code-gen (missing loop-termination test) bug introduced between April 18 and April 19th jim at meyering dot net
2012-04-20 9:26 ` [Bug c/53053] " rguenth at gcc dot gnu.org
2012-04-20 10:28 ` jim at meyering dot net
2012-04-20 10:43 ` jim at meyering dot net
2012-04-20 11:08 ` jakub at gcc dot gnu.org
2012-04-20 11:24 ` jim at meyering dot net
2012-04-20 12:01 ` rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).