* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
@ 2014-11-30 10:04 ` mpolacek at gcc dot gnu.org
2014-12-01 10:00 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-11-30 10:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2014-11-30
CC| |mpolacek at gcc dot gnu.org
Target Milestone|--- |5.0
Ever confirmed|0 |1
--- Comment #1 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Confirmed, -O -fsanitize=object-size is enough.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
2014-11-30 10:04 ` [Bug tree-optimization/64121] " mpolacek at gcc dot gnu.org
@ 2014-12-01 10:00 ` rguenth at gcc dot gnu.org
2014-12-01 10:00 ` rguenth at gcc dot gnu.org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-12-01 10:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
2014-11-30 10:04 ` [Bug tree-optimization/64121] " mpolacek at gcc dot gnu.org
2014-12-01 10:00 ` rguenth at gcc dot gnu.org
@ 2014-12-01 10:00 ` rguenth at gcc dot gnu.org
2014-12-01 10:13 ` mpolacek at gcc dot gnu.org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-12-01 10:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
# xp_1(ab) = PHI <xp_3(2), xp_7(ab)(4)>
base:
if (x_5(D) != 0)
goto <bb 5>;
else
goto <bb 4>;
<bb 4>:
xp.0_6 = xp_1(ab);
xp_7(ab) = xp.0_6 + 4;
_15 = __builtin_object_size (ip_8(D), 0);
_16 = ip_8(D);
UBSAN_OBJECT_SIZE (_16, 4, _15, 0);
_9 = *ip_8(D);
_17 = __builtin_object_size (xp_1(ab), 0);
...
_13 = &base + _12;
gotovar.1_14 = _13;
goto gotovar.1_14;
xp_1 and xp_7 are life at the same time - the above is from 017t.ubsan.
You may not refer to xp_1(ab) but should use xp.0_6 here.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
` (2 preceding siblings ...)
2014-12-01 10:00 ` rguenth at gcc dot gnu.org
@ 2014-12-01 10:13 ` mpolacek at gcc dot gnu.org
2014-12-01 12:45 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-12-01 10:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |mpolacek at gcc dot gnu.org
--- Comment #3 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Thanks. Let me dig into this.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
` (3 preceding siblings ...)
2014-12-01 10:13 ` mpolacek at gcc dot gnu.org
@ 2014-12-01 12:45 ` jakub at gcc dot gnu.org
2014-12-01 12:54 ` mpolacek at gcc dot gnu.org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2014-12-01 12:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Maybe you should just add to the instrument_object_size while (TREE_CODE (base)
== SSA_NAME) loop
if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (base))
break;
?
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
` (4 preceding siblings ...)
2014-12-01 12:45 ` jakub at gcc dot gnu.org
@ 2014-12-01 12:54 ` mpolacek at gcc dot gnu.org
2014-12-01 13:02 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-12-01 12:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
--- Comment #5 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Unfortunately, that doesn't seem to help.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
` (5 preceding siblings ...)
2014-12-01 12:54 ` mpolacek at gcc dot gnu.org
@ 2014-12-01 13:02 ` jakub at gcc dot gnu.org
2014-12-01 13:11 ` mpolacek at gcc dot gnu.org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jakub at gcc dot gnu.org @ 2014-12-01 13:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Ah, indeed. So perhaps better replace the:
1565 base = gimple_assign_rhs1 (def_stmt);
line in the loop with
{
tree rhs1 = gimple_assign_rhs1 (def_stmt);
if (TREE_CODE (rhs1) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
break;
else
base = rhs1;
}
or so?
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
` (6 preceding siblings ...)
2014-12-01 13:02 ` jakub at gcc dot gnu.org
@ 2014-12-01 13:11 ` mpolacek at gcc dot gnu.org
2014-12-01 15:38 ` mpolacek at gcc dot gnu.org
2014-12-01 15:44 ` mpolacek at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-12-01 13:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
--- Comment #7 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Yup, that works. Testing in progress. Thanks.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
` (7 preceding siblings ...)
2014-12-01 13:11 ` mpolacek at gcc dot gnu.org
@ 2014-12-01 15:38 ` mpolacek at gcc dot gnu.org
2014-12-01 15:44 ` mpolacek at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-12-01 15:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
--- Comment #8 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Author: mpolacek
Date: Mon Dec 1 15:37:55 2014
New Revision: 218222
URL: https://gcc.gnu.org/viewcvs?rev=218222&root=gcc&view=rev
Log:
PR sanitizer/64121
* ubsan.c (instrument_object_size): Stop searching if the base
occurs in abnormal phi.
* c-c++-common/ubsan/pr64121.c: New test.
Added:
trunk/gcc/testsuite/c-c++-common/ubsan/pr64121.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/testsuite/ChangeLog
trunk/gcc/ubsan.c
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined
2014-11-30 9:33 [Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined zsojka at seznam dot cz
` (8 preceding siblings ...)
2014-12-01 15:38 ` mpolacek at gcc dot gnu.org
@ 2014-12-01 15:44 ` mpolacek at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2014-12-01 15:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 11+ messages in thread