public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug other/55430] New: [4.8 Regression
@ 2012-11-21 17:07 jakub at gcc dot gnu.org
2012-11-21 17:16 ` [Bug middle-end/55430] " jakub at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2012-11-21 17:07 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55430
Bug #: 55430
Summary: [4.8 Regression
Classification: Unclassified
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: jakub@gcc.gnu.org
CC: hjl.tools@gmail.com, hp@gcc.gnu.org,
markus@trippelsdorf.de
Depends on: 55358
+++ This bug was initially created as a clone of Bug #55358 +++
With revision 193546, valgrind reports:
==26359== Invalid read of size 4
==26359== at 0xB58AEE: rest_of_handle_ree() (ree.c:617)
==26359== by 0x74ADA3: execute_one_pass(opt_pass*) (passes.c:2339)
==26359== by 0x74B174: execute_pass_list(opt_pass*) (passes.c:2400)
==26359== by 0x74B186: execute_pass_list(opt_pass*) (passes.c:2401)
==26359== by 0x74B186: execute_pass_list(opt_pass*) (passes.c:2401)
==26359== by 0x5AB16D: expand_function(cgraph_node*) (cgraphunit.c:1643)
==26359== by 0x5AC786: compile() (cgraphunit.c:1747)
==26359== by 0x5ACBA9: finalize_compilation_unit() (cgraphunit.c:2122)
==26359== by 0x4E47DF: c_write_global_declarations() (c-decl.c:10128)
==26359== by 0x7D7F4C: compile_file() (toplev.c:559)
==26359== by 0x7D9AA7: toplev_main(int, char**) (toplev.c:1881)
==26359== by 0x38F3A21674: (below main) (in /usr/lib64/libc-2.15.so)
==26359== Address 0x4e10d51 is 2,785 bytes inside a block of size 2,788
alloc'd
==26359== at 0x4A06B0F: calloc (vg_replace_malloc.c:593)
==26359== by 0xC0F708: xcalloc (xmalloc.c:162)
==26359== by 0xB59070: rest_of_handle_ree() (ree.c:886)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/55430] [4.8 Regression
2012-11-21 17:07 [Bug other/55430] New: [4.8 Regression jakub at gcc dot gnu.org
@ 2012-11-21 17:16 ` jakub at gcc dot gnu.org
2012-11-23 1:29 ` [Bug middle-end/55430] [4.8 Regression] LRA miscompilation of ree.c vmakarov at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2012-11-21 17:16 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55430
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target| |x86_64-linux
Priority|P3 |P1
Status|UNCONFIRMED |NEW
Last reconfirmed| |2012-11-21
Component|other |middle-end
CC| |vmakarov at redhat dot com
Ever Confirmed|0 |1
Target Milestone|--- |4.8.0
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> 2012-11-21 17:16:00 UTC ---
This ree.c:61X failure is a LRA caused miscompilation of ree.c apparently.
Reduced self-contained testcase:
struct S
{
unsigned int s1 : 8;
unsigned int s2 : 2;
};
int
foo (int x, int y, struct S *z, unsigned int w)
{
if (z[y].s2 == x && z[y].s1 == w)
return 1;
return 0;
}
#ifdef FULL
#include <unistd.h>
#include <sys/mman.h>
int foo (int, int, struct S *, unsigned int) __attribute__((noinline,
noclone));
int
main ()
{
unsigned long ps = sysconf (_SC_PAGE_SIZE);
char *p = mmap (NULL, 8 * ps, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (p == MAP_FAILED)
return 0;
if (mprotect (p + 4 * ps, 4 * ps, PROT_NONE))
return 0;
if ((4 * ps / sizeof (struct S)) * sizeof (struct S) != 4 * ps)
return 0;
struct S *s = (struct S *) (p + 4 * ps);
return foo (0, 0, s - 1, 0) != 1;
}
#endif
compile with -O2 on x86_64-linux, and you can see (or when compiled with -O2
-DFULL watch at runtime) that before LRA merge, code like:
movzbl 1(%rdx), %eax
andl $3, %eax
has been generated to read the s2 bitfield, while with LRA it is
movl 1(%rdx), %esi
andl $3, %esi
instead (note movl instead of movzbl). But the structure (in ree.c s2 is kind
and struct S is struct ext_modified) is 4 bytes long, thus reading 4 bytes from
the start of the structure + 1 byte is potentially going to trap if the
structure is at the end of some page (as -DFULL shows).
In *.ira we have:
(insn 15 12 16 2 (set (reg:QI 80 [ *_6+1 ])
(mem:QI (plus:DI (reg/f:DI 62 [ D.1744 ])
(const_int 1 [0x1])) [2 *_6+1 S1 A8])) reetest.c:10 67
{*movqi_internal}
(expr_list:REG_EQUIV (mem:QI (plus:DI (reg/f:DI 62 [ D.1744 ])
(const_int 1 [0x1])) [2 *_6+1 S1 A8])
(nil)))
(note 16 15 17 2 NOTE_INSN_DELETED)
(insn 17 16 7 2 (parallel [
(set (reg:SI 81 [ D.1742 ])
(and:SI (subreg:SI (reg:QI 80 [ *_6+1 ]) 0)
(const_int 3 [0x3])))
(clobber (reg:CC 17 flags))
]) reetest.c:10 376 {*andsi_1}
(expr_list:REG_DEAD (reg:QI 80 [ *_6+1 ])
(expr_list:REG_UNUSED (reg:CC 17 flags)
(nil))))
which *.reload turns into:
(insn 43 16 17 2 (set (reg:SI 4 si [orig:81 D.1742 ] [81])
(mem:SI (plus:DI (reg/f:DI 1 dx [orig:62 D.1744 ] [62])
(const_int 1 [0x1])) [2 *_6+1 S4 A8])) reetest.c:10 65
{*movsi_internal}
(nil))
(insn 17 43 44 2 (parallel [
(set (reg:SI 4 si [orig:81 D.1742 ] [81])
(and:SI (reg:SI 4 si [orig:81 D.1742 ] [81])
(const_int 3 [0x3])))
(clobber (reg:CC 17 flags))
]) reetest.c:10 376 {*andsi_1}
(nil))
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/55430] [4.8 Regression] LRA miscompilation of ree.c
2012-11-21 17:07 [Bug other/55430] New: [4.8 Regression jakub at gcc dot gnu.org
2012-11-21 17:16 ` [Bug middle-end/55430] " jakub at gcc dot gnu.org
@ 2012-11-23 1:29 ` vmakarov at gcc dot gnu.org
2012-11-23 15:14 ` jakub at gcc dot gnu.org
2012-11-27 11:07 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: vmakarov at gcc dot gnu.org @ 2012-11-23 1:29 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55430
--- Comment #2 from Vladimir Makarov <vmakarov at gcc dot gnu.org> 2012-11-23 01:29:13 UTC ---
Author: vmakarov
Date: Fri Nov 23 01:29:07 2012
New Revision: 193742
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=193742
Log:
2012-11-22 Vladimir Makarov <vmakarov@redhat.com>
PR middle-end/55430
* lra.c: Move #include "hard-reg-set.h" before #include "rtl.h".
(new_insn_reg): Update biggest_mode.
(collect_non_operand_hard_regs): Check eliminable regs too.
(initialize_lra_reg_info_element): Initialize biggest_mode.
(add_regs_to_insn_regno_info): Ignore non-allocatable
non-eliminable hard regs.
(lra.c): Move setting lra_no_alloc_regs before
init_insn_recog_data.
* lra-constraints.c (simplify_operand_subreg): Add a comment.
(lra_constraints): Ignore equivalent memory of
regs occuring in paradoxical subregs.
* lra-lives.c (lra_create_live_ranges): Add a comment.
Modified:
trunk/gcc/ChangeLog
trunk/gcc/lra-constraints.c
trunk/gcc/lra-lives.c
trunk/gcc/lra.c
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/55430] [4.8 Regression] LRA miscompilation of ree.c
2012-11-21 17:07 [Bug other/55430] New: [4.8 Regression jakub at gcc dot gnu.org
2012-11-21 17:16 ` [Bug middle-end/55430] " jakub at gcc dot gnu.org
2012-11-23 1:29 ` [Bug middle-end/55430] [4.8 Regression] LRA miscompilation of ree.c vmakarov at gcc dot gnu.org
@ 2012-11-23 15:14 ` jakub at gcc dot gnu.org
2012-11-27 11:07 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2012-11-23 15:14 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55430
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> 2012-11-23 15:13:03 UTC ---
Author: jakub
Date: Fri Nov 23 15:12:58 2012
New Revision: 193757
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=193757
Log:
PR middle-end/55430
* gcc.dg/pr55430.c: New test.
Added:
trunk/gcc/testsuite/gcc.dg/pr55430.c
Modified:
trunk/gcc/testsuite/ChangeLog
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug middle-end/55430] [4.8 Regression] LRA miscompilation of ree.c
2012-11-21 17:07 [Bug other/55430] New: [4.8 Regression jakub at gcc dot gnu.org
` (2 preceding siblings ...)
2012-11-23 15:14 ` jakub at gcc dot gnu.org
@ 2012-11-27 11:07 ` jakub at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2012-11-27 11:07 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55430
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> 2012-11-27 11:06:49 UTC ---
Fixed, thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-11-27 11:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-21 17:07 [Bug other/55430] New: [4.8 Regression jakub at gcc dot gnu.org
2012-11-21 17:16 ` [Bug middle-end/55430] " jakub at gcc dot gnu.org
2012-11-23 1:29 ` [Bug middle-end/55430] [4.8 Regression] LRA miscompilation of ree.c vmakarov at gcc dot gnu.org
2012-11-23 15:14 ` jakub at gcc dot gnu.org
2012-11-27 11:07 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).