[Bug tree-optimization/58759] New: wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[Bug tree-optimization/58759] New: wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[su at cs dot ucdavis.edu]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58759

            Bug ID: 58759
           Summary: wrong code (segfaults) at -O2 on x86_64-linux-gnu in
                    32-bit mode
           Product: gcc
           Version: 4.9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: su at cs dot ucdavis.edu

The current gcc trunk miscompiles the following code on x86_64-linux at -O2 in
32-bit mode. 

This is a regression from 4.8.x. 


$ gcc-trunk -v
Using built-in specs.
COLLECT_GCC=gcc-trunk
COLLECT_LTO_WRAPPER=/usr/local/gcc-trunk/libexec/gcc/x86_64-unknown-linux-gnu/4.9.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ../gcc-trunk/configure
--enable-languages=c,c++,objc,obj-c++,fortran,lto --disable-werror
--enable-checking=release --with-gmp=/usr/local/gcc-trunk
--with-mpfr=/usr/local/gcc-trunk --with-mpc=/usr/local/gcc-trunk
--with-cloog=/usr/local/gcc-trunk --prefix=/usr/local/gcc-trunk
Thread model: posix
gcc version 4.9.0 20131016 (experimental) [trunk revision 203716] (GCC) 
$ 
$ gcc-trunk -m32 -Os small.c; a.out
$ gcc-trunk -m32 -O3 small.c; a.out
$ gcc-trunk -m64 -O2 small.c; a.out
$ 
$ gcc-trunk -m32 -O2 small.c; a.out
Segmentation fault (core dumped)
$ 
$ gcc-4.8 -m32 -O2 small.c; a.out
$ 


-------------------------------------------


int a, b, c, d, e, f, h, l, m, n, k, o;
long long g;

struct S
{
  int f1;
  int f2;
  int f3;
  int f4;
};

static struct S i = {0,0,0,0}, j;

void
foo ()
{
  m = 1 & d;
  n = b + c;
  o = k >> 1;
  f = 0 == e;
}

int
main ()
{
  for (; h < 1; h++)
    {
      g = 1 | (0 > 1 - a ? 0 : a);
      foo ();
      for (l = 0; l < 3; l++)
    j = i;
    }
  return 0;
}

[Bug tree-optimization/58759] [4.9 Regression] wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[mpolacek at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58759

Marek Polacek <mpolacek at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2013-10-17
                 CC|                            |mpolacek at gcc dot gnu.org
   Target Milestone|---                         |4.9.0
            Summary|wrong code (segfaults) at   |[4.9 Regression] wrong code
                   |-O2 on x86_64-linux-gnu in  |(segfaults) at -O2 on
                   |32-bit mode                 |x86_64-linux-gnu in 32-bit
                   |                            |mode
     Ever confirmed|0                           |1

--- Comment #1 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Confirmed.

[Bug rtl-optimization/58759] [4.9 Regression] wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[mpolacek at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58759

--- Comment #2 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Seem to be RTL cprop, more specifically, local_cprop_pass.

[Bug rtl-optimization/58759] [4.9 Regression] wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[mikpelinux at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58759

Mikael Pettersson <mikpelinux at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |law at gcc dot gnu.org

--- Comment #3 from Mikael Pettersson <mikpelinux at gmail dot com> ---
Started with trunk @ r202933, still occurs with trunk @ r203877.  Author CC:d.

[Bug rtl-optimization/58759] [4.9 Regression] wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[law at redhat dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58759

Jeffrey A. Law <law at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |law at redhat dot com

--- Comment #4 from Jeffrey A. Law <law at redhat dot com> ---
I don't offhand see how this can be a jump threading problem.

./xgcc -B./ -O2 -fdbg-cnt=registered_jump_thread:0 j.c -m32 -g
-fdump-tree-all-blocks-vops-details -dap -S
[law@lugnut gcc]$ ./xgcc -B./ -O2 -fdbg-cnt=registered_jump_thread:0 j.c -m32 
dbg_cnt 'registered_jump_thread' set to 0
[law@lugnut gcc]$ ./a.out
Segmentation fault (core dumped)


Note carefully the -fdbg-cnt flag.  That turns off jump threading.

Using gdb and the raw assembly code we have the following faulting instruction
(shortly after the call to foo():

        movl    %edx, i+12

Hmm, that's strange since "i" is in readonly memory:

        .section        .rodata
        .align 4
        .type   i, @object
        .size   i, 16
i:

If we look at the faulting instruction in the .reload dump we have:

(insn 100 105 47 6 (set (mem/u/c:SI (const:SI (plus:SI (symbol_ref:SI ("i")
[flags 0x2]  <var_decl 0x7f5ee20427b8 i>)
                    (const_int 12 [0xc]))) [4 i+12 S4 A32])
        (reg:SI 1 dx [127])) j.c:30 86 {*movsi_internal}
     (nil))

Yup, that's a write to readonly memory.

[Bug rtl-optimization/58759] [4.9 Regression] wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[vmakarov at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58759

Vladimir Makarov <vmakarov at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vmakarov at gcc dot gnu.org

--- Comment #6 from Vladimir Makarov <vmakarov at gcc dot gnu.org> ---
(In reply to Jeffrey A. Law from comment #5)
>
> We've had numerous problems with reload in the past trying to store into
> readonly memory due to reloading values with known equivalent memory
> locations (as is the case here).  I wouldn't be surprised to see some of the
> same problems showing up in IRA.
> 
> Vlad, can you take a look?

I've just started to work on it.  I guess this is the 2nd PR on the same
problem (another one is

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58826

).

Most probably the fix will be ready at the beginning of next week.

[Bug rtl-optimization/58759] [4.9 Regression] wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[vmakarov at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58759

--- Comment #7 from Vladimir Makarov <vmakarov at gcc dot gnu.org> ---
Author: vmakarov
Date: Fri Oct 25 21:34:26 2013
New Revision: 204080

URL: http://gcc.gnu.org/viewcvs?rev=204080&root=gcc&view=rev
Log:
2013-10-25  Vladimir Makarov  <vmakarov@redhat.com>

    PR rtl-optimization/58759
    * lra-constraints.c (lra_constraints): Remove wrong condition to
    remove insn setting up an equivalent pseudo.

2013-10-25  Vladimir Makarov  <vmakarov@redhat.com>

    PR rtl-optimization/58759
    * gcc.target/i386/pr58759.c: New.


Added:
    trunk/gcc/testsuite/gcc.target/i386/pr58759.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/lra-constraints.c
    trunk/gcc/testsuite/ChangeLog

[Bug rtl-optimization/58759] [4.9 Regression] wrong code (segfaults) at -O2 on x86_64-linux-gnu in 32-bit mode

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58759

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #8 from Richard Biener <rguenth at gcc dot gnu.org> ---
Assuming fixed.