[Bug tree-optimization/54031] New: [4.8 Regression] Revision 189607 miscompiles Linux kernel

[Bug tree-optimization/54031] New: [4.8 Regression] Revision 189607 miscompiles Linux kernel

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

             Bug #: 54031
           Summary: [4.8 Regression] Revision 189607 miscompiles Linux
                    kernel
    Classification: Unclassified
           Product: gcc
           Version: 4.8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: markus@trippelsdorf.de


Starting with revision 189607 the Linux kernel (latest git) just hangs early
during boot:

...
Kernel command line: root=PARTUUID=1E3384D0-CAE6-41BB-8CD6-4F640164EFD7
init=/sbin/minit rootflags=logbsize=256k drm_kms_helper.poll=0
PID hash table entries: 4096 (order: 3, 32768 bytes)
Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes)
Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes)
__ex_table already sorted, skipping sort
Memory: 8167084k/8912896k available (4984k kernel code, 526212k absent, 219600k
reserved, 3597k data, 440k init)
SLUB: Genslabs=15, HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
Hierarchical RCU implementation.
NR_IRQS:4352 nr_irqs:712 16
Extended CMOS year: 2000
Console: colour VGA+ 80x25
console [tty0] enabled
(hang)

3482bf1319f9e65a4783bbe9d5b59c11312888db is the first bad commit
commit 3482bf1319f9e65a4783bbe9d5b59c11312888db
Author: rguenth <rguenth@138bc75d-0d04-0410-961f-82ee72b054a4>
Date:   Wed Jul 18 08:49:55 2012 +0000

    2012-07-18  Richard Guenther  <rguenther@suse.de>

        * tree.h (get_object_or_type_alignment): Remove.
        * builtins.c (get_object_alignment_2): New function copied from
        get_object_alignment_1.  Take extra argument to indicate whether
        we take the address of EXP.  Rework to use type alignment information
        if not, and return whether the result is an approximation or not.
        (get_object_alignment_1): Wrap around get_object_alignment_2.
        (get_pointer_alignment_1): Call get_object_alignment_2 indicating
        we take the address.
        (get_object_or_type_alignment): Remove.
        * expr.c (expand_assignment): Call get_object_alignment.
        (expand_expr_real_1): Likewise.

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2012-07-19
                 CC|                            |rguenth at gcc dot gnu.org
   Target Milestone|---                         |4.8.0
     Ever Confirmed|0                           |1

--- Comment #1 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-07-19 13:17:13 UTC ---
Please narrow down the issue, like check where it hangs and attach preprocessed
source of the compilation unit involved.

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

--- Comment #2 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-07-19 13:36:34 UTC ---
I have spotted an error in the patch, can you try

Index: gcc/builtins.c
===================================================================
--- gcc/builtins.c      (revision 189656)
+++ gcc/builtins.c      (working copy)
@@ -346,12 +346,10 @@ get_object_alignment_2 (tree exp, unsign

       known_alignment
        = get_pointer_alignment_1 (addr, &ptr_align, &ptr_bitpos);
-      bitpos += ptr_bitpos;
       align = MAX (ptr_align, align);

-      if (TREE_CODE (exp) == MEM_REF
-         || TREE_CODE (exp) == TARGET_MEM_REF)
-       bitpos += mem_ref_offset (exp).low * BITS_PER_UNIT;
+      /* The alignment of the pointer operand in a TARGET_MEM_REF
+        has to take the variable offset parts into account.  */
       if (TREE_CODE (exp) == TARGET_MEM_REF)
        {
          if (TMR_INDEX (exp))
@@ -369,9 +367,19 @@ get_object_alignment_2 (tree exp, unsign
       /* When EXP is an actual memory reference then we can use
         TYPE_ALIGN of a pointer indirection to derive alignment.
         Do so only if get_pointer_alignment_1 did not reveal absolute
-        alignment knowledge.  */
-      if (!addr_p && !known_alignment)
-       align = MAX (TYPE_ALIGN (TREE_TYPE (exp)), align);
+        alignment knowledge and if using that alignment would
+        improve the situation.  */
+      if (!addr_p && !known_alignment
+         && TYPE_ALIGN (TREE_TYPE (exp)) > align)
+       align = TYPE_ALIGN (TREE_TYPE (exp));
+      else
+       {
+         /* Else adjust bitpos accordingly.  */
+         bitpos += ptr_bitpos;
+         if (TREE_CODE (exp) == MEM_REF
+             || TREE_CODE (exp) == TARGET_MEM_REF)
+           bitpos += mem_ref_offset (exp).low * BITS_PER_UNIT;
+       }
     }
   else if (TREE_CODE (exp) == STRING_CST)
     {

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

--- Comment #3 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-07-19 14:06:14 UTC ---
(In reply to comment #2)
> I have spotted an error in the patch, can you try

Unfortunately it doesn't fix the issue. I will try to narrow it down tomorrow.

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

--- Comment #4 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-07-19 17:28:26 UTC ---
Created attachment 27835
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=27835
preprocessed source of the compilation unit involved

I've narrowed it down to a single compilation unit kernel/time/clocksource.c.
The function __clocksource_register_scale causes the hang.
(When I compile clocksource.c with an older compiler and copy the object file
into the kernel tree compiled with the latest gcc-4.8 then the kernel works
fine.)


These are the options:
--save-temps -Wp,-MD,kernel/time/.clocksource.o.d  -nostdinc -isystem
/usr/lib/gcc/x86_64-pc-linux-gnu/4.8.0/include -I/usr/src/linux/arch/x86/includ
e -Iarch/x86/include/generated -Iinclude  -include
/usr/src/linux/include/linux/kconfig.h -D__KERNEL__ -Wall -Wundef
-Wstrict-prototypes -Wno-trigrap
hs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
-Wno-format-security -fno-delete-null-pointer-checks -O2 -m64 -march=native
 -mno-red-zone -mcmodel=kernel -funit-at-a-time -maccumulate-outgoing-args
-DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCO
NFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_AVX=1 -pipe
-Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2
-m
no-3dnow -mno-avx -Wframe-larger-than=1024 -fno-stack-protector
-Wno-unused-but-set-variable -fomit-frame-pointer -Wdeclaration-after-statement
-Wno-
pointer-sign -fno-strict-overflow -fconserve-stack -DCC_HAVE_ASM_GOTO   
-D"KBUILD_STR(s)=\#s" -D"KBUILD_BASENAME=KBUILD_STR(clocksource)"  -D"KBUILD
_MODNAME=KBUILD_STR(clocksource)" -c -o kernel/time/clocksource.o
kernel/time/clocksource.c

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[markus at trippelsdorf dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

--- Comment #5 from Markus Trippelsdorf <markus at trippelsdorf dot de> 2012-07-19 18:01:16 UTC ---
Function clocksource_enqueue is compiled to an endless loop:

static void clocksource_enqueue(struct clocksource *cs)
{
 struct list_head *entry = &clocksource_list;
 struct clocksource *tmp;

 for (tmp = ({ const typeof( ((typeof(*tmp) *)0)->list ) *__mptr =
((&clocksource_list)->next); (typeof(*tmp) *)( (char *)__mptr -
__builtin_offsetof(typeof(*tmp),list) );}); &tmp->list != (&clocksource_list);
tmp = ({ const typeof( ((typeof(*tmp) *)0)->list ) *__mptr = (tmp->list.next);
(typeof(*tmp) *)( (char *)__mptr - __builtin_offsetof(typeof(*tmp),list) );}))

  if (tmp->rating >= cs->rating)
   entry = &tmp->list;
 list_add(&cs->list, entry);
}

>From clocksource.s:

        .type   clocksource_enqueue.isra.3, @function
clocksource_enqueue.isra.3:
        .p2align 5,,24
        .p2align 3
.L35:
        jmp     .L35
        .size   clocksource_enqueue.isra.3, .-clocksource_enqueue.isra.3
        .section        .rodata.str1.8,"aMS",@progbits,1
        .align 8

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |NEW

--- Comment #6 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-07-20 09:00:26 UTC ---
Mine.

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

--- Comment #7 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-07-20 09:27:48 UTC ---
There are several issues in CCP exposed.  First, we compute

bit_value_binop_1 (NE_EXPR, ...,
      {low = 0x38, high = 0x0}, {low = 0xffffffffffffffc0, high = 0x0},
      {low = 0x0, high = 0x0}, {low = 0xfffffffffffffff0, high = 0x0})

as false because in

  D.16870_8 = &tmp_3->list;
  if (D.16870_8 != &clocksource_list)

we see that clocksource_list is aligned to 128 and &tmp_3->list refers
to the type clocksource via tmp_3 which has a user alignment of 512,
so the resulting pointer is misaligned by 448 bits (the offset of the
list member).  That makes the equality test never true unless the
types involved do not have their specified alignment.

Which makes this an invalid source.  I didn't investigate in detail
but certainly the code uses the aligned type for pointers that are
not suitably aligned.

Now, we didn't want to extract this elaborated alignment information
from addresses (only from actual accesses), which is the real bug fixed
as follows:

Index: gcc/tree-ssa-ccp.c
===================================================================
--- gcc/tree-ssa-ccp.c  (revision 189704)
+++ gcc/tree-ssa-ccp.c  (working copy)
@@ -510,7 +510,7 @@ get_value_from_alignment (tree expr)

   gcc_assert (TREE_CODE (expr) == ADDR_EXPR);

-  get_object_alignment_1 (TREE_OPERAND (expr, 0), &align, &bitpos);
+  get_pointer_alignment_1 (expr, &align, &bitpos);
   val.mask
     = double_int_and_not (POINTER_TYPE_P (type) || TYPE_UNSIGNED (type)
                          ? double_int_mask (TYPE_PRECISION (type))

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

--- Comment #8 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-07-20 11:25:01 UTC ---
Author: rguenth
Date: Fri Jul 20 11:24:55 2012
New Revision: 189715

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=189715
Log:
2012-07-20  Richard Guenther  <rguenther@suse.de>

    PR tree-optimization/54031
    * tree-ssa-ccp.c (get_value_from_alignment): Use
    get_pointer_alignment_1.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/tree-ssa-ccp.c

[Bug tree-optimization/54031] [4.8 Regression] Revision 189607 miscompiles Linux kernel

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54031

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #9 from Richard Guenther <rguenth at gcc dot gnu.org> 2012-07-20 11:26:00 UTC ---
Fixed.