[Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[Bug tree-optimization/64121] New: [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[zsojka at seznam dot cz]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

            Bug ID: 64121
           Summary: [5 Regression] ICE: SSA corruption with -O
                    -fsanitize=undefined
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: zsojka at seznam dot cz

Created attachment 34145
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34145&action=edit
reduced testcase

Compiler output:
$ gcc -O -fsanitize=undefined testcase.c         

Unable to coalesce ssa_names 1 and 6 which are marked as MUST COALESCE.
xp_1(ab) and  xp_6(ab)
testcase.c: In function 'execute':
testcase.c:4:1: internal compiler error: SSA corruption
 execute (int *ip, int x)
 ^
0xd2c828 fail_abnormal_edge_coalesce
        /mnt/svn/gcc-trunk/gcc/tree-ssa-coalesce.c:921
0xd2c828 coalesce_partitions
        /mnt/svn/gcc-trunk/gcc/tree-ssa-coalesce.c:1219
0xd2c828 coalesce_ssa_name()
        /mnt/svn/gcc-trunk/gcc/tree-ssa-coalesce.c:1364
0xcc27cf remove_ssa_form
        /mnt/svn/gcc-trunk/gcc/tree-outof-ssa.c:999
0xcc27cf rewrite_out_of_ssa(ssaexpand*)
        /mnt/svn/gcc-trunk/gcc/tree-outof-ssa.c:1233
0x7d3c37 execute
        /mnt/svn/gcc-trunk/gcc/cfgexpand.c:5703
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <http://gcc.gnu.org/bugs.html> for instructions.

Tested revisions:
r218181 - ICE
4_9 r218177 - OK

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

Marek Polacek <mpolacek at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2014-11-30
                 CC|                            |mpolacek at gcc dot gnu.org
   Target Milestone|---                         |5.0
     Ever confirmed|0                           |1

--- Comment #1 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Confirmed, -O -fsanitize=object-size is enough.

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P1

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
  # xp_1(ab) = PHI <xp_3(2), xp_7(ab)(4)>
base:
  if (x_5(D) != 0)
    goto <bb 5>;
  else
    goto <bb 4>;

  <bb 4>:
  xp.0_6 = xp_1(ab);
  xp_7(ab) = xp.0_6 + 4;
  _15 = __builtin_object_size (ip_8(D), 0);
  _16 = ip_8(D);
  UBSAN_OBJECT_SIZE (_16, 4, _15, 0);
  _9 = *ip_8(D);
  _17 = __builtin_object_size (xp_1(ab), 0);
...
 _13 = &base + _12;
  gotovar.1_14 = _13;
  goto gotovar.1_14;


xp_1 and xp_7 are life at the same time - the above is from 017t.ubsan.

You may not refer to xp_1(ab) but should use xp.0_6 here.

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

Marek Polacek <mpolacek at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |mpolacek at gcc dot gnu.org

--- Comment #3 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Thanks.  Let me dig into this.

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Maybe you should just add to the instrument_object_size while (TREE_CODE (base)
== SSA_NAME) loop
  if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (base))
    break;
?

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

--- Comment #5 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Unfortunately, that doesn't seem to help.

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Ah, indeed.  So perhaps better replace the:
1565        base = gimple_assign_rhs1 (def_stmt);
line in the loop with
{
  tree rhs1 = gimple_assign_rhs1 (def_stmt);
  if (TREE_CODE (rhs1) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
    break;
  else
    base = rhs1;
}
or so?

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

--- Comment #7 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Yup, that works.  Testing in progress.  Thanks.

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

--- Comment #8 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Author: mpolacek
Date: Mon Dec  1 15:37:55 2014
New Revision: 218222

URL: https://gcc.gnu.org/viewcvs?rev=218222&root=gcc&view=rev
Log:
    PR sanitizer/64121
    * ubsan.c (instrument_object_size): Stop searching if the base
    occurs in abnormal phi.

    * c-c++-common/ubsan/pr64121.c: New test.

Added:
    trunk/gcc/testsuite/c-c++-common/ubsan/pr64121.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/ubsan.c

[Bug tree-optimization/64121] [5 Regression] ICE: SSA corruption with -O -fsanitize=undefined

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64121

Marek Polacek <mpolacek at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #9 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Fixed.