[Bug middle-end/60175] New: ICE on gcc.dg/asan/nosanitize-and-inline.c

[Bug middle-end/60175] New: ICE on gcc.dg/asan/nosanitize-and-inline.c

[bernd.edlinger at hotmail dot de]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

            Bug ID: 60175
           Summary: ICE on gcc.dg/asan/nosanitize-and-inline.c
           Product: gcc
           Version: 4.9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: bernd.edlinger at hotmail dot de

/home/ed/gnu/gcc-4.9-20140209/gcc/testsuite/gcc.dg/asan/nosanitize-and-inline.c:
In function 'main':^M
/home/ed/gnu/gcc-4.9-20140209/gcc/testsuite/gcc.dg/asan/nosanitize-and-inline.c:57:1:
internal compiler error: in check_probability, at basic-block.h:950^M
0xc561f check_probability^M
        ../../gcc-4.9-20140209/gcc/basic-block.h:950^M
0x23aaab check_probability^M
        ../../gcc-4.9-20140209/gcc/cfgloopmanip.c:1332^M
0x23aaab combine_probabilities^M
        ../../gcc-4.9-20140209/gcc/basic-block.h:959^M
0x23aaab duplicate_loop_to_header_edge(loop*, edge_def*, unsigned int,
simple_bitmap_def*, edge_def*, vec<edge_def*, va_heap, vl_ptr>*, int)^M
        ../../gcc-4.9-20140209/gcc/cfgloopmanip.c:1264^M
0x473d8f peel_loop_completely^M
        ../../gcc-4.9-20140209/gcc/loop-unroll.c:609^M
0x473d8f peel_loops_completely^M
        ../../gcc-4.9-20140209/gcc/loop-unroll.c:370^M
0x473d8f unroll_and_peel_loops(int)^M
        ../../gcc-4.9-20140209/gcc/loop-unroll.c:275^M
0x465e33 rtl_unroll_and_peel_loops^M
        ../../gcc-4.9-20140209/gcc/loop-init.c:598^M
0x465e33 execute^M
        ../../gcc-4.9-20140209/gcc/loop-init.c:629^M
Please submit a full bug report,^M
with preprocessed source if appropriate.^M
Please include the complete backtrace with any bug report.^M
See <http://gcc.gnu.org/bugs.html> for instructions.^M

cat LAST_UPDATED 
Obtained from SVN: trunk revision 207646

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[y.gribov at samsung dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

Yury Gribov <y.gribov at samsung dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |y.gribov at samsung dot com

--- Comment #1 from Yury Gribov <y.gribov at samsung dot com> ---
I can reproduce this with trunk version. Build options are `-O2 -funroll-loops
-fsanitize=address'.

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[y.gribov at samsung dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

--- Comment #2 from Yury Gribov <y.gribov at samsung dot com> ---
Created attachment 32132
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=32132&action=edit
Proposed patch

So it looks like we are using wrong function here. Frequency does not need to
have the same bounds as probability.

I'm attaching a draft patch (only checked it for code in question).

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[y.gribov at samsung dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

Yury Gribov <y.gribov at samsung dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hubicka at gcc dot gnu.org,
                   |                            |tejohnson at google dot com

--- Comment #3 from Yury Gribov <y.gribov at samsung dot com> ---
Adding Jan and Teresa (who worked on this piece of code) to comment on proposed
patch.

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[y.gribov at samsung dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

--- Comment #5 from Yury Gribov <y.gribov at samsung dot com> ---
Thanks, I'll run regtests on Monday and send patch for gcc-patches approve if
all goes well.

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[jakub at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The bug is far before loop unrolling, I see the problem already during
expansion, where the out of bound frequency 19992 is present.

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[jakub at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Even on x86_64 one can see the bogus frequencies like 20000 when or 1999N
when maximum is 10000, but only in the epilogue blocks.

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[jakub at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The incorrect frequencies can be seen even on say -O1 -fsanitize=address
-fdump-rtl-expand-all:
static void *stack_base;

void mark_memory (void **start, void **end);

int
main (void)
{
  void *dummy;
  stack_base = &dummy;
  void *end;
  mark_memory (stack_base, &end);
  return 0;
}

I don't see anything wrong before find_many_sub_blocks is called, there are
just 3 basic blocks at that point, bb3 as entry block successor with freq
10000, which has some asan related branches inside of it, but nothing outside,
then bb2
as the function body block with freq 10000, which ends in an unconditional jump
that jumps to return_label (in bb4 after note + 2 clobbers), and finally bb4 as
the exit block predecessor with freq 10000.  I guess the only weird thing is
that the clobbers are bypassed by the jump, maybe that in the end causes
find_many_sub_blocks to create weird frequencies.  And bb4 contains again some
conditional jumps and labels related to asan, but again only inside that block.
Without asan use-after-return, the exit block predecessor is just merged with
the preceeding basic block, maybe it has a wrong frequency after
find_many_sub_blocks too, but as it is merged with the body block, tha twrong
frequency never shows up anywhere.

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[jakub at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

--- Comment #9 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
--- gcc/function.c.jj    2014-01-06 22:32:17.000000000 +0100
+++ gcc/function.c    2014-02-14 19:05:27.233008179 +0100
@@ -5156,17 +5156,20 @@ expand_function_end (void)
       crtl->return_rtx = outgoing;
     }

-  /* Emit the actual code to clobber return register.  */
-  {
-    rtx seq;
+  /* Emit the actual code to clobber return register.  Don't emit
+     it if clobber_after is a barrier, then the previous basic block
+     certainly doesn't fall thru into the exit block.  */
+  if (!BARRIER_P (clobber_after))
+    {
+      rtx seq;

-    start_sequence ();
-    clobber_return_register ();
-    seq = get_insns ();
-    end_sequence ();
+      start_sequence ();
+      clobber_return_register ();
+      seq = get_insns ();
+      end_sequence ();

-    emit_insn_after (seq, clobber_after);
-  }
+      emit_insn_after (seq, clobber_after);
+    }

   /* Output the label for the naked return from the function.  */
   if (naked_return_label)

fixes this for the common case of not falling through into the exit block, if
clobber_after is BARRIER, the clobbers will surely be never reachable and
immediately removed anyway.

Now, even with this patch we generate incorrect frequencies say for -O2
-fsanitize=address on:
int
foo (int i)
{
  if (i)
    return 4;
  int j;
  bar (&j);
}

I think in that case we either need to stick the clobber stmts before the
return_label into the predecessor basic block, or create a new basic block to
hold just the clobbers and derive the frequency of the block containing the
clobbers from the frequency of the previous basic block.

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[jakub at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Author: jakub
Date: Mon Mar  3 07:25:50 2014
New Revision: 208267

URL: http://gcc.gnu.org/viewcvs?rev=208267&root=gcc&view=rev
Log:
    PR middle-end/60175
    * function.c (expand_function_end): Don't emit
    clobber_return_register sequence if clobber_after is a BARRIER.
    * cfgexpand.c (construct_exit_block): Append instructions before
    return_label to prev_bb.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/cfgexpand.c
    trunk/gcc/function.c

[Bug middle-end/60175] ICE on gcc.dg/asan/nosanitize-and-inline.c

[jakub at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60175

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |FIXED

--- Comment #11 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Should be fixed now.