* [Bug middle-end/59037] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
@ 2013-11-07 12:31 ` matthew.leach at arm dot com
2013-11-07 12:32 ` jgreenhalgh at gcc dot gnu.org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: matthew.leach at arm dot com @ 2013-11-07 12:31 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
--- Comment #1 from Matthew Leach <matthew.leach at arm dot com> ---
Having a quick dig around the code, I think fold-const.c:16718 looks
suspicious:
if (offset/part_widthi <= TYPE_VECTOR_SUBPARTS (op00type))
Likewise in cp/semantics.c:9122 and gimple-fold.c:3407.
Should this "<=" be a "<"?
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
2013-11-07 12:31 ` [Bug middle-end/59037] " matthew.leach at arm dot com
@ 2013-11-07 12:32 ` jgreenhalgh at gcc dot gnu.org
2013-11-07 14:55 ` [Bug middle-end/59037] [4.8/4.9 Regression] " rguenth at gcc dot gnu.org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jgreenhalgh at gcc dot gnu.org @ 2013-11-07 12:32 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
jgreenhalgh at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2013-11-07
CC| |jgreenhalgh at gcc dot gnu.org
Ever confirmed|0 |1
--- Comment #2 from jgreenhalgh at gcc dot gnu.org ---
Reproduced on aarch64-none-elf and arm-none-eabi.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] [4.8/4.9 Regression] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
2013-11-07 12:31 ` [Bug middle-end/59037] " matthew.leach at arm dot com
2013-11-07 12:32 ` jgreenhalgh at gcc dot gnu.org
@ 2013-11-07 14:55 ` rguenth at gcc dot gnu.org
2013-11-07 20:08 ` glisse at gcc dot gnu.org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2013-11-07 14:55 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
Known to work| |4.7.3
Target Milestone|--- |4.8.3
Summary|ICE when accessing invalid |[4.8/4.9 Regression] ICE
|element (nelts + 1) of |when accessing invalid
|vector |element (nelts + 1) of
| |vector
Known to fail| |4.8.0, 4.8.2, 4.9.0
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] [4.8/4.9 Regression] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
` (2 preceding siblings ...)
2013-11-07 14:55 ` [Bug middle-end/59037] [4.8/4.9 Regression] " rguenth at gcc dot gnu.org
@ 2013-11-07 20:08 ` glisse at gcc dot gnu.org
2013-11-10 7:35 ` vries at gcc dot gnu.org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: glisse at gcc dot gnu.org @ 2013-11-07 20:08 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
--- Comment #3 from Marc Glisse <glisse at gcc dot gnu.org> ---
(In reply to Matthew Leach from comment #1)
> Having a quick dig around the code, I think fold-const.c:16718 looks
> suspicious:
>
> if (offset/part_widthi <= TYPE_VECTOR_SUBPARTS (op00type))
>
> Likewise in cp/semantics.c:9122 and gimple-fold.c:3407.
>
> Should this "<=" be a "<"?
Looks similar to something I had found suspicious in PR 53101 (comment 5),
though apparently that was in gimplify.c.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] [4.8/4.9 Regression] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
` (3 preceding siblings ...)
2013-11-07 20:08 ` glisse at gcc dot gnu.org
@ 2013-11-10 7:35 ` vries at gcc dot gnu.org
2013-11-10 8:34 ` glisse at gcc dot gnu.org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: vries at gcc dot gnu.org @ 2013-11-10 7:35 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
vries at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |glisse at gcc dot gnu.org,
| |vries at gcc dot gnu.org
--- Comment #4 from vries at gcc dot gnu.org ---
Tentative patch:
...
diff --git a/gcc/tree-ssa-forwprop.c b/gcc/tree-ssa-forwprop.c
index 93b8970..6f2b4fb 100644
--- a/gcc/tree-ssa-forwprop.c
+++ b/gcc/tree-ssa-forwprop.c
@@ -3046,6 +3046,8 @@ simplify_bitfield_ref (gimple_stmt_iterator *gsi)
if (TREE_CODE (m) != VECTOR_CST)
return false;
nelts = VECTOR_CST_NELTS (m);
+ if (idx >= nelts)
+ return false;
idx = TREE_INT_CST_LOW (VECTOR_CST_ELT (m, idx));
idx %= 2 * nelts;
if (idx < nelts)
...
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] [4.8/4.9 Regression] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
` (4 preceding siblings ...)
2013-11-10 7:35 ` vries at gcc dot gnu.org
@ 2013-11-10 8:34 ` glisse at gcc dot gnu.org
2013-11-24 18:50 ` vries at gcc dot gnu.org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: glisse at gcc dot gnu.org @ 2013-11-10 8:34 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
--- Comment #5 from Marc Glisse <glisse at gcc dot gnu.org> ---
(In reply to vries from comment #4)
> Tentative patch:
> ...
> diff --git a/gcc/tree-ssa-forwprop.c b/gcc/tree-ssa-forwprop.c
> index 93b8970..6f2b4fb 100644
> --- a/gcc/tree-ssa-forwprop.c
> +++ b/gcc/tree-ssa-forwprop.c
> @@ -3046,6 +3046,8 @@ simplify_bitfield_ref (gimple_stmt_iterator *gsi)
> if (TREE_CODE (m) != VECTOR_CST)
> return false;
> nelts = VECTOR_CST_NELTS (m);
Add a comment here explaining why this isn't an assert?
> + if (idx >= nelts)
> + return false;
> idx = TREE_INT_CST_LOW (VECTOR_CST_ELT (m, idx));
> idx %= 2 * nelts;
> if (idx < nelts)
I think it would be even better to fix whatever created that BIT_FIELD_REF, if
you are motivated (though your patch isn't wrong).
>From gcc-bugs-return-434137-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Sun Nov 10 08:46:54 2013
Return-Path: <gcc-bugs-return-434137-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 15970 invoked by alias); 10 Nov 2013 08:46:53 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 15925 invoked by uid 48); 10 Nov 2013 08:46:48 -0000
From: "a.radke at arcor dot de" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug middle-end/57436] Linux kernel gives file system corruption when built with gcc 4.8.0
Date: Sun, 10 Nov 2013 08:46:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: middle-end
X-Bugzilla-Version: 4.8.0
X-Bugzilla-Keywords: wrong-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: a.radke at arcor dot de
X-Bugzilla-Status: WAITING
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-57436-4-UoW16sd1Vz@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-57436-4@http.gcc.gnu.org/bugzilla/>
References: <bug-57436-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2013-11/txt/msg00914.txt.bz2
Content-length: 470
http://gcc.gnu.org/bugzilla/show_bug.cgi?idW436
--- Comment #3 from Andreas Radke <a.radke at arcor dot de> ---
I moved away from XFS file system and so can't reproduce it anymore. The bug
should be in XFS code probably triggering a change in gcc behavior. Feel free
to close this one.
note: we had a similar issue in libdrm. maybe it's related or not. this one is
now fixed:
http://cgit.freedesktop.org/mesa/drm/commit/?idH2abbfafb56cbceaf5355c026434e638cddd0f1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] [4.8/4.9 Regression] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
` (5 preceding siblings ...)
2013-11-10 8:34 ` glisse at gcc dot gnu.org
@ 2013-11-24 18:50 ` vries at gcc dot gnu.org
2013-11-27 10:00 ` vries at gcc dot gnu.org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: vries at gcc dot gnu.org @ 2013-11-24 18:50 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
--- Comment #6 from vries at gcc dot gnu.org ---
Created attachment 31286
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=31286&action=edit
tentative patch
> I think it would be even better to fix whatever created that
> BIT_FIELD_REF, if you are motivated (though your patch isn't wrong)
This patch fixes the locations indicated by Matthew in comment 1.
For both c and c++, the testcase is fixed by the change in gimple-fold.c. The
other locations look like they need fixing too though, so I've included those
as well.
> Add a comment here explaining why this isn't an assert?
I've changed it into an assert.
I'll test this patch.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] [4.8/4.9 Regression] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
` (6 preceding siblings ...)
2013-11-24 18:50 ` vries at gcc dot gnu.org
@ 2013-11-27 10:00 ` vries at gcc dot gnu.org
2013-12-02 8:37 ` vries at gcc dot gnu.org
2013-12-02 8:46 ` vries at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: vries at gcc dot gnu.org @ 2013-11-27 10:00 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
--- Comment #7 from vries at gcc dot gnu.org ---
Author: vries
Date: Wed Nov 27 10:00:30 2013
New Revision: 205438
URL: http://gcc.gnu.org/viewcvs?rev=205438&root=gcc&view=rev
Log:
Don't create out-of-bounds BIT_FIELD_REF.
2013-11-27 Tom de Vries <tom@codesourcery.com>
Marc Glisse <marc.glisse@inria.fr>
PR middle-end/59037
* semantics.c (cxx_fold_indirect_ref): Don't create out-of-bounds
BIT_FIELD_REF.
* fold-const.c (fold_indirect_ref_1): Don't create out-of-bounds
BIT_FIELD_REF.
* gimple-fold.c (gimple_fold_indirect_ref): Same.
* tree-cfg.c (verify_expr): Give error if BIT_FIELD_REF is
out-of-bounds.
* c-c++-common/pr59037.c: New testcase.
Added:
trunk/gcc/testsuite/c-c++-common/pr59037.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/cp/ChangeLog
trunk/gcc/cp/semantics.c
trunk/gcc/fold-const.c
trunk/gcc/gimple-fold.c
trunk/gcc/testsuite/ChangeLog
trunk/gcc/tree-cfg.c
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] [4.8/4.9 Regression] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
` (7 preceding siblings ...)
2013-11-27 10:00 ` vries at gcc dot gnu.org
@ 2013-12-02 8:37 ` vries at gcc dot gnu.org
2013-12-02 8:46 ` vries at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: vries at gcc dot gnu.org @ 2013-12-02 8:37 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
--- Comment #8 from vries at gcc dot gnu.org ---
Author: vries
Date: Mon Dec 2 08:37:09 2013
New Revision: 205583
URL: http://gcc.gnu.org/viewcvs?rev=205583&root=gcc&view=rev
Log:
Don't create out-of-bounds BIT_FIELD_REF.
2013-11-27 Tom de Vries <tom@codesourcery.com>
Marc Glisse <marc.glisse@inria.fr>
PR middle-end/59037
* semantics.c (cxx_fold_indirect_ref): Don't create out-of-bounds
BIT_FIELD_REF.
* fold-const.c (fold_indirect_ref_1): Don't create out-of-bounds
BIT_FIELD_REF.
* gimplify.c (gimple_fold_indirect_ref): Same.
* c-c++-common/pr59037.c: New testcase.
Added:
branches/gcc-4_8-branch/gcc/testsuite/c-c++-common/pr59037.c
Modified:
branches/gcc-4_8-branch/gcc/ChangeLog
branches/gcc-4_8-branch/gcc/cp/ChangeLog
branches/gcc-4_8-branch/gcc/cp/semantics.c
branches/gcc-4_8-branch/gcc/fold-const.c
branches/gcc-4_8-branch/gcc/gimplify.c
branches/gcc-4_8-branch/gcc/testsuite/ChangeLog
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug middle-end/59037] [4.8/4.9 Regression] ICE when accessing invalid element (nelts + 1) of vector
2013-11-07 12:29 [Bug middle-end/59037] New: ICE when accessing invalid element (nelts + 1) of vector matthew.leach at arm dot com
` (8 preceding siblings ...)
2013-12-02 8:37 ` vries at gcc dot gnu.org
@ 2013-12-02 8:46 ` vries at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: vries at gcc dot gnu.org @ 2013-12-02 8:46 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59037
vries at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from vries at gcc dot gnu.org ---
Fixed on trunk and 4.8 branch.
^ permalink raw reply [flat|nested] 11+ messages in thread