[Bug middle-end/53147] New: [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[Bug middle-end/53147] New: [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

             Bug #: 53147
           Summary: [4.7/4.8 Regression] gcc apparently miscompiles
                    clang-3.1(or trunk)
    Classification: Unclassified
           Product: gcc
           Version: 4.8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: markus@trippelsdorf.de


When one builds an optimized clang-3.1(or trunk) with gcc-4.7/4.8, clang
crashes regularly (when -Wall is enabled).

For example:
 $ clang++ -Wall -c test.ii
0  clang           0x00000000018c6d1f
1  clang           0x00000000018c7070
2  libpthread.so.0 0x00007ffee4b61180
3  clang           0x0000000000d3c402
4  clang           0x0000000000d3d689
5  clang           0x0000000000d3f14c
clang::runUninitializedVariablesAnalysis(clang::DeclContext const&, clang::CFG
const&, clang::AnalysisDeclContext&, clang::UninitVariablesHandler&,
clang::UninitVariablesAnalysisStats&) + 1292
6  clang           0x0000000000b70ef7
clang::sema::AnalysisBasedWarnings::IssueWarnings(clang::sema::AnalysisBasedWarnings::Policy,
clang::sema::FunctionScopeInfo*, clang::Decl const*, clang::BlockExpr const*) +
1207
7  clang           0x00000000008df850
clang::Sema::PopFunctionScopeInfo(clang::sema::AnalysisBasedWarnings::Policy
const*, clang::Decl const*, clang::BlockExpr const*) + 304
8  clang           0x000000000096e9ec
clang::Sema::ActOnFinishFunctionBody(clang::Decl*, clang::Stmt*, bool) + 332
9  clang           0x00000000008c037f
clang::Parser::ParseFunctionStatementBody(clang::Decl*,
clang::Parser::ParseScope&) + 159
10 clang           0x0000000000869d40
clang::Parser::ParseFunctionDefinition(clang::Parser::ParsingDeclarator&,
clang::Parser::ParsedTemplateInfo const&,
llvm::SmallVector<clang::Parser::LateParsedAttribute*, 2u>*) + 960
11 clang           0x0000000000874149
clang::Parser::ParseDeclGroup(clang::Parser::ParsingDeclSpec&, unsigned int,
bool, clang::SourceLocation*, clang::Parser::ForRangeInit*) + 809
12 clang           0x0000000000865307
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsingDeclSpec&,
clang::AccessSpecifier) + 135
13 clang           0x0000000000865965
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&,
clang::AccessSpecifier) + 773
14 clang           0x0000000000869415
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::Parser::ParsingDeclSpec*) + 3253
15 clang           0x0000000000869727
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&) + 199
16 clang           0x0000000000860d15 clang::ParseAST(clang::Sema&, bool, bool)
+ 277
17 clang           0x00000000005f6587
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 263
18 clang           0x00000000005df87f
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1023
19 clang           0x00000000005d67e5 cc1_main(char const**, char const**, char
const*, void*) + 9029
20 clang           0x00000000005de7ec main + 7660
21 libc.so.6       0x00007ffee426c675 __libc_start_main + 245
22 clang           0x00000000005d3a89
Stack dump:
0.      Program arguments: /var/tmp/llvm/build/Release/bin/clang -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj -mrelax-all -disable-free
-disable-llvm-verifier -main-file-name RenameVar.ii -mrelocation-model static
-mdisable-fp-elim -masm-verbose -mconstructor-aliases -munwind-tables
-target-cpu x86-64 -target-linker-version 2.22.52.20120422
-momit-leaf-frame-pointer -coverage-file RenameVar.o -resource-dir
/var/tmp/llvm/build/Release/bin/../lib/clang/3.1 -Wall -fdeprecated-macro
-fdebug-compilation-dir /var/tmp/llvm/build -ferror-limit 19 -fmessage-length
149 -mstackrealign -fgnu-runtime -fobjc-runtime-has-arc -fobjc-runtime-has-weak
-fobjc-fragile-abi -fcxx-exceptions -fexceptions -fdiagnostics-show-option
-fcolor-diagnostics -o RenameVar.o -x c++-cpp-output
/var/tmp/creduce/clang_delta/RenameVar.ii 
1.      RenameVar.cpp:119:1: current parser token 'bool'
2.      RenameVar.cpp:107:1: parsing function body 'Initialize'
clang: error: unable to execute command: Segmentation fault

Building clang with gcc-4.6.3 fixes the crashes.

I've narrowed it down to one function in
clang/lib/Analysis/UninitializedValues.cpp :

/// This function pattern matches for a '&&' or '||' that appears at
/// the beginning of a CFGBlock that also (1) has a terminator and 
/// (2) has no other elements.  If such an expression is found, it is returned.
__attribute__((optimize ("-Os")))
static const BinaryOperator *getLogicalOperatorInChain(const CFGBlock *block) {
  if (block->empty())
    return 0;

  const CFGStmt *cstmt = block->front().getAs<CFGStmt>();
  if (!cstmt)
    return 0;

  const BinaryOperator *b = dyn_cast_or_null<BinaryOperator>(cstmt->getStmt());

  if (!b || !b->isLogicalOp())
    return 0;

  if (block->pred_size() == 2) {
    if (block->getTerminatorCondition() == b) {
      if (block->succ_size() == 2)
      return b;
    }
    else if (block->size() == 1)
      return b;
  }

  return 0;
}



Without "__attribute__((optimize ("-Os")))"  or __attribute__((optimize
("-fno-inline"))) clang crashes.

I will try to extract a workable testcase from this, however any hint or help
would be appreciated.

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #1 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-04-27 21:17:11 UTC ---
BTW the original clang bug can be found here:
http://llvm.org/bugs/show_bug.cgi?id=11926

And this is a RedHat bug report of the same issue:  
https://bugzilla.redhat.com/show_bug.cgi?id=791365

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[pinskia at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-04-27 21:24:33 UTC ---
According to the redhat bug, it is a bug in clang with respect of
strict-aliasing.

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #3 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-04-27 21:27:57 UTC ---
(In reply to comment #2)
> According to the redhat bug, it is a bug in clang with respect of
> strict-aliasing.

No. That was a red herring. clang explicitly uses -fno-strict-aliasing
during the build.

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #4 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-04-28 07:04:13 UTC ---
Started with:

6458ce4faada4b1b64d3823d52cfdf8e6b9cb7f8 is the first bad commit
commit 6458ce4faada4b1b64d3823d52cfdf8e6b9cb7f8
Author: jason <jason@138bc75d-0d04-0410-961f-82ee72b054a4>
Date:   Sun Nov 13 00:44:39 2011 +0000

        PR c++/51060
        * gimplify.c (gimplify_target_expr): Add a clobber to the cleanup.
        (gimplify_modify_expr): Don't try to simplify it.
        * cp/cp-gimplify.c (cp_gimplify_expr): Leave clobbers alone.

    git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@181332
138bc75d-0d04-0410-961f-82ee72b054a4

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[pinskia at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-04-28 07:27:54 UTC ---
(In reply to comment #4)
> Started with:

This really sounds like a temp variable is escaping the scope.  Which means the
code in clang is undefined.

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[pinskia at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2012-04-28
     Ever Confirmed|0                           |1

--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-04-28 07:31:13 UTC ---
Can you attach the preprocessed source for the file which is considered to be
miscompiled?  Then maybe we can figure out for sure if it is a GCC issue or a
clang issue.

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #7 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-04-28 09:31:52 UTC ---
Created attachment 27258
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=27258
testcase

 $ g++ -w -O3 -fomit-frame-pointer -fno-exceptions -fno-rtti -fPIC
-march=native -c UninitializedValues.ii
»miscompiles»

 $ g++ -w -O3 -fno-tree-pre -fomit-frame-pointer -fno-exceptions -fno-rtti
-fPIC -march=native -c UninitializedValues.ii
is fine

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #8 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-04-28 09:38:04 UTC ---
Please add -fno-strict-aliasing to both invocations above to avoid 
misunderstandings.

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[pinskia at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #9 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-04-28 10:02:39 UTC ---
  [/var/tmp/llvm/llvm/llvm/tools/clang/lib/Analysis/UninitializedValues.cpp :
172:56] D.147621 ={v} {CLOBBER};
  [/var/tmp/llvm/llvm/llvm/include/llvm/ADT/PointerIntPair.h : 69:73]
D.176111_21 = MEM[(const struct PointerIntPair
*)[/var/tmp/llvm/llvm/llvm/tools/clang/lib/Analysis/UninitializedValues.cpp :
172] &D.147621].Value;

That is obviously broken.

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[pinskia at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

--- Comment #10 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-04-28 10:05:26 UTC ---
  [/var/tmp/llvm/llvm/llvm/tools/clang/lib/Analysis/UninitializedValues.cpp :
172:56] D.147621 = clang::CFGBlock::front (block);
  [/var/tmp/llvm/llvm/llvm/tools/clang/lib/Analysis/UninitializedValues.cpp :
172:56] try
    {
      [/var/tmp/llvm/llvm/llvm/tools/clang/lib/Analysis/UninitializedValues.cpp
: 172:56] cstmt = clang::CFGElement::getAs<clang::CFGStmt>
([/var/tmp/llvm/llvm/llvm/tools/clang/lib/Analysis/UninitializedValues.cpp :
172] &D.147621);

  const CFGStmt *cstmt = block->front().getAs<CFGStmt>();

That right there I think is the cause of the issue.  
block->front() returns a temp variable which ends its life after the statement
ends.

[Bug middle-end/53147] [4.7/4.8 Regression] gcc apparently miscompiles clang-3.1(or trunk)

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53147

Markus Trippelsdorf <markus at trippelsdorf dot de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |RESOLVED
         Resolution|                            |INVALID

--- Comment #11 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-04-28 10:41:29 UTC ---
OK. Many thanks Andrew. Sorry for the noise.