public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/63839] New: ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable
@ 2014-11-12 19:01 zsojka at seznam dot cz
2014-11-12 23:18 ` [Bug sanitizer/63839] " hjl.tools at gmail dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: zsojka at seznam dot cz @ 2014-11-12 19:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63839
Bug ID: 63839
Summary: ICE: tree check: expected ssa_name, have var_decl in
simplify_builtin_call, at tree-ssa-forwprop.c:1441
with -fsanitize=unreachable
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Created attachment 33951
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33951&action=edit
reduced testcase
Compiler output:
$ gcc -O -fsanitize=unreachable testcase.C
testcase.C: In function 'void bar()':
testcase.C:4:1: warning: 'noreturn' function does return
}
^
testcase.C: In function 'void foo()':
testcase.C:8:1: internal compiler error: tree check: expected ssa_name, have
var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441
foo ()
^
0x1005d74 tree_check_failed(tree_node const*, char const*, int, char const*,
...)
/mnt/svn/gcc-trunk/gcc/tree.c:9193
0xece266 tree_check(tree_node*, char const*, int, char const*, tree_code)
/mnt/svn/gcc-trunk/gcc/tree.h:2751
0xece266 simplify_builtin_call
/mnt/svn/gcc-trunk/gcc/tree-ssa-forwprop.c:1441
0xed1b11 execute
/mnt/svn/gcc-trunk/gcc/tree-ssa-forwprop.c:2489
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <http://gcc.gnu.org/bugs.html> for instructions.
Tested revisions:
r217404 - ICE
4_9 r216937 - OK
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/63839] ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable
2014-11-12 19:01 [Bug sanitizer/63839] New: ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable zsojka at seznam dot cz
@ 2014-11-12 23:18 ` hjl.tools at gmail dot com
2014-11-13 9:44 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: hjl.tools at gmail dot com @ 2014-11-12 23:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63839
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2014-11-12
CC| |rguenther at suse dot de
Target Milestone|--- |5.0
Ever confirmed|0 |1
--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
It was caused by r217213.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/63839] ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable
2014-11-12 19:01 [Bug sanitizer/63839] New: ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable zsojka at seznam dot cz
2014-11-12 23:18 ` [Bug sanitizer/63839] " hjl.tools at gmail dot com
@ 2014-11-13 9:44 ` rguenth at gcc dot gnu.org
2014-11-13 9:51 ` mpolacek at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-11-13 9:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63839
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
Ok, so inlining introduces __builtin_unreachable () during inlining of a
noreturn call. Then at some point somebody folds that statement (forwprop) and
ubsan
instrumentation triggers via fold_builtin_0.
Now - BUILT_IN_UBSAN_HANDLE_BUILTIN_UNREACHABLE requires virtual operands
but BUILT_IN_UNREACHABLE is const. Thus this folding breaks virtual
SSA form - which folding may not do.
And kaboom, simplify_builtin_call doesn't expect broken virtual SSA form.
It seems that this "randomly" instrumenting late introduced
__builtin_unreachable()s is broken. Instrumenting via folding is anyway IMHO.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/63839] ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable
2014-11-12 19:01 [Bug sanitizer/63839] New: ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable zsojka at seznam dot cz
2014-11-12 23:18 ` [Bug sanitizer/63839] " hjl.tools at gmail dot com
2014-11-13 9:44 ` rguenth at gcc dot gnu.org
@ 2014-11-13 9:51 ` mpolacek at gcc dot gnu.org
2014-11-14 11:22 ` mpolacek at gcc dot gnu.org
2014-11-14 11:23 ` mpolacek at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-11-13 9:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63839
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mpolacek at gcc dot gnu.org
Assignee|rguenth at gcc dot gnu.org |mpolacek at gcc dot gnu.org
--- Comment #4 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Thus mine.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/63839] ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable
2014-11-12 19:01 [Bug sanitizer/63839] New: ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable zsojka at seznam dot cz
` (2 preceding siblings ...)
2014-11-13 9:51 ` mpolacek at gcc dot gnu.org
@ 2014-11-14 11:22 ` mpolacek at gcc dot gnu.org
2014-11-14 11:23 ` mpolacek at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-11-14 11:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63839
--- Comment #5 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Author: mpolacek
Date: Fri Nov 14 11:22:12 2014
New Revision: 217553
URL: https://gcc.gnu.org/viewcvs?rev=217553&root=gcc&view=rev
Log:
PR sanitizer/63839
* asan.c (ATTR_CONST_NORETURN_NOTHROW_LEAF_LIST,
ATTR_COLD_CONST_NORETURN_NOTHROW_LEAF_LIST): Define.
* builtin-attrs.def (ATTR_COLD_CONST_NORETURN_NOTHROW_LEAF_LIST):
Define.
* builtins.c (fold_builtin_0): Don't include ubsan.h. Don't
instrument BUILT_IN_UNREACHABLE here.
* sanitizer.def (BUILT_IN_UBSAN_HANDLE_BUILTIN_UNREACHABLE): Make
const.
* sanopt.c (pass_sanopt::execute): Instrument BUILT_IN_UNREACHABLE.
* tree-ssa-ccp.c (optimize_unreachable): Bail out if
SANITIZE_UNREACHABLE.
* ubsan.c (ubsan_instrument_unreachable): Rewrite for GIMPLE.
* ubsan.h (ubsan_instrument_unreachable): Adjust declaration.
testsuite/
* c-c++-common/ubsan/pr63839.c: New test.
* c-c++-common/ubsan/unreachable-2.c: New test.
Added:
trunk/gcc/testsuite/c-c++-common/ubsan/pr63839.c
trunk/gcc/testsuite/c-c++-common/ubsan/unreachable-2.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/asan.c
trunk/gcc/builtin-attrs.def
trunk/gcc/builtins.c
trunk/gcc/sanitizer.def
trunk/gcc/sanopt.c
trunk/gcc/testsuite/ChangeLog
trunk/gcc/tree-ssa-ccp.c
trunk/gcc/ubsan.c
trunk/gcc/ubsan.h
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug sanitizer/63839] ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable
2014-11-12 19:01 [Bug sanitizer/63839] New: ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable zsojka at seznam dot cz
` (3 preceding siblings ...)
2014-11-14 11:22 ` mpolacek at gcc dot gnu.org
@ 2014-11-14 11:23 ` mpolacek at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-11-14 11:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63839
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #6 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-11-14 11:23 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-11-12 19:01 [Bug sanitizer/63839] New: ICE: tree check: expected ssa_name, have var_decl in simplify_builtin_call, at tree-ssa-forwprop.c:1441 with -fsanitize=unreachable zsojka at seznam dot cz
2014-11-12 23:18 ` [Bug sanitizer/63839] " hjl.tools at gmail dot com
2014-11-13 9:44 ` rguenth at gcc dot gnu.org
2014-11-13 9:51 ` mpolacek at gcc dot gnu.org
2014-11-14 11:22 ` mpolacek at gcc dot gnu.org
2014-11-14 11:23 ` mpolacek at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).