[Bug tree-optimization/64590] New: Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[Bug tree-optimization/64590] New: Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[fragabr at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

            Bug ID: 64590
           Summary: Firefox 34 triggers GCC AVX bug (segfault:
                    XPCCallContext::GetJSContext
                    (this=0xfffc7fffe3e23980))
           Product: gcc
           Version: 4.9.2
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: fragabr at gmail dot com

I reported this bug at Firefox bugzilla:

https://bugzilla.mozilla.org/show_bug.cgi?id=1117023

and the developers told me this is a GCC bug: "This very much sounds like a bug
in gcc's vectorization using avx".

So could you take a look? I compiled with:

-march=native -O3 -pipe -floop-interchange -floop-strip-mine -floop-block

The workaround is to compile with -march=nehalem (to avoid AVX optimization for
Sandybridge).

Thanks.

[Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2015-01-13
     Ever confirmed|0                           |1

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Do you have a simplified testcase?  Also what instruction is the segfault
located on?

[Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Also can you try without "-floop-interchange -floop-strip-mine -floop-block" 
Since those are part of Graphite which might be the cause of the bug rather
than the vectorizer.

[Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[fragabr at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #3 from Dâniel Fraga <fragabr at gmail dot com> ---
(In reply to Andrew Pinski from comment #2)
> Also can you try without "-floop-interchange -floop-strip-mine -floop-block"
> Since those are part of Graphite which might be the cause of the bug rather
> than the vectorizer.

Hi Andrew, unfortunately I don't have a simplified testcase, since I don't know
exactly what's causing this.

I compiled without "-floop-interchange -floop-strip-mine -floop-block" and it
also segfaulted:

Assertion failure: !rt->isHeapBusy(), at
/home/fraga/src/mozilla/js/src/jsapi.cpp:176

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4538d0c in js::AssertHeapIsIdle (rt=<optimized out>) at
/home/fraga/src/mozilla/js/src/jsapi.cpp:176
176         JS_ASSERT(!rt->isHeapBusy());
(gdb) bt
#0  0x00007ffff4538d0c in js::AssertHeapIsIdle (rt=<optimized out>) at
/home/fraga/src/mozilla/js/src/jsapi.cpp:176
#1  0x00007ffff454da1d in AssertHeapIsIdle (rt=<optimized out>) at
../../dist/include/js/Value.h:1694
#2  AssertHeapIsIdle (cx=0x7fffffff7720) at
/home/fraga/src/mozilla/js/src/jsapi.cpp:182
#3  JS_ValueToObject (cx=cx@entry=0x7fffffff7720, value=$jsval((JSObject *)
0x7fffdee21780 [object Proxy]), objp=..., objp@entry=0x0) at
/home/fraga/src/mozilla/js/src/jsapi.cpp:385
#4  0x00007ffff27e244b in nsXPCComponents_Utils::EvalInSandbox (this=<optimized
out>, source=..., sandboxVal=$jsval((JSObject *) 0x7fffdee21780 [object
Proxy]), version=..., 
    filenameArg=..., lineNumber=0, cx=0x7fffffff7720, optionalArgc=64 '@',
retval=$jsval(6.9533335314284608e-310)) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCComponents.cpp:2635
#5  0x00007ffff22fb49e in NS_InvokeByIndex (that=<optimized out>,
methodIndex=<optimized out>, paramCount=<optimized out>, params=<optimized
out>)
    at
/home/fraga/src/mozilla/xpcom/reflect/xptcall/md/unix/xptcinvoke_x86_64_unix.cpp:164
#6  0x00007ffff2826040 in Invoke (this=0x7fffffff7850) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:2370
#7  CallMethodHelper::Call (this=0x7fffffff7850) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:1731
#8  0x00007ffff2823809 in XPCWrappedNative::CallMethod (ccx=...,
mode=mode@entry=XPCWrappedNative::CALL_METHOD) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:1698
#9  0x00007ffff282b783 in XPC_WN_CallMethod (cx=0x7fffe66148c0, argc=<optimized
out>, vp=0x7fffffff7b50) at
/home/fraga/src/mozilla/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1288
#10 0x00007fffe67482e0 in ?? ()
#11 0x0000000000000000 in ?? ()

********************************************

I knew it wouldn't be related to Graphite since it will not crash if I compile
with Graphite and -march=nehalem.

Any hints?
>From gcc-bugs-return-473109-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Jan 14 02:58:50 2015
Return-Path: <gcc-bugs-return-473109-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 7261 invoked by alias); 14 Jan 2015 02:58:50 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 7218 invoked by uid 48); 14 Jan 2015 02:58:42 -0000
From: "pinskia at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))
Date: Wed, 14 Jan 2015 02:58:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.9.2
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: pinskia at gcc dot gnu.org
X-Bugzilla-Status: WAITING
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-64590-4-RFJbE7f7io@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
References: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-01/txt/msg01103.txt.bz2
Content-length: 610

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Dâniel Fraga from comment #3)
> (In reply to Andrew Pinski from comment #2)
> > Also can you try without "-floop-interchange -floop-strip-mine -floop-block"
> > Since those are part of Graphite which might be the cause of the bug rather
> > than the vectorizer.
> 
> Hi Andrew, unfortunately I don't have a simplified testcase, since I don't
> know exactly what's causing this.

You did not answer my question: "Also what instruction is the segfault located
on"?
>From gcc-bugs-return-473110-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Jan 14 03:04:45 2015
Return-Path: <gcc-bugs-return-473110-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 10057 invoked by alias); 14 Jan 2015 03:04:44 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 9750 invoked by uid 48); 14 Jan 2015 03:04:37 -0000
From: "fragabr at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))
Date: Wed, 14 Jan 2015 03:04:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.9.2
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fragabr at gmail dot com
X-Bugzilla-Status: WAITING
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-64590-4-6L7M4E0pcV@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
References: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-01/txt/msg01104.txt.bz2
Content-length: 690

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #5 from Dâniel Fraga <fragabr at gmail dot com> ---
(In reply to Andrew Pinski from comment #4)

> You did not answer my question: "Also what instruction is the segfault
> located on"?

Sorry. I read too fast. Do you mean AVX instruction? I put AVX at the title
because the segfault won't happen when compiling for Nehalem (or with
-mno-avx). I don't know what specific instruction is causing this (what I know
is that the segfault will only happen when AVX optimization is enabled).

If you tell me a way to discover what instruction or how to better debug this,
jusk ask and I can test here for you.

Thanks you.
>From gcc-bugs-return-473111-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Jan 14 03:06:29 2015
Return-Path: <gcc-bugs-return-473111-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 11166 invoked by alias); 14 Jan 2015 03:06:29 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 11148 invoked by uid 48); 14 Jan 2015 03:06:25 -0000
From: "pinskia at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))
Date: Wed, 14 Jan 2015 03:06:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.9.2
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: pinskia at gcc dot gnu.org
X-Bugzilla-Status: WAITING
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-64590-4-zhLKUMA9f9@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
References: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-01/txt/msg01105.txt.bz2
Content-length: 316

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Dâniel Fraga from comment #5)
> If you tell me a way to discover what instruction or how to better debug
> this, jusk ask and I can test here for you.

Try:
disassemble $pc,$pc
>From gcc-bugs-return-473112-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Jan 14 03:20:47 2015
Return-Path: <gcc-bugs-return-473112-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 15212 invoked by alias); 14 Jan 2015 03:20:45 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 15181 invoked by uid 48); 14 Jan 2015 03:20:38 -0000
From: "fragabr at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))
Date: Wed, 14 Jan 2015 03:20:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.9.2
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fragabr at gmail dot com
X-Bugzilla-Status: WAITING
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-64590-4-EpHNlC4rpF@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
References: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-01/txt/msg01106.txt.bz2
Content-length: 376

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #7 from Dâniel Fraga <fragabr at gmail dot com> ---
(In reply to Andrew Pinski from comment #6)
> Try:
> disassemble $pc,$pc

(gdb) disassemble $pc,$pc
Dump of assembler code from 0x7ffff4538d0c to 0x7ffff4538d0c:
End of assembler dump.

***********

Empty dump? Is this correct or I did something wrong?
>From gcc-bugs-return-473113-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Jan 14 03:28:12 2015
Return-Path: <gcc-bugs-return-473113-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 18482 invoked by alias); 14 Jan 2015 03:28:10 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 18446 invoked by uid 48); 14 Jan 2015 03:28:04 -0000
From: "pinskia at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))
Date: Wed, 14 Jan 2015 03:28:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.9.2
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: pinskia at gcc dot gnu.org
X-Bugzilla-Status: WAITING
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-64590-4-RHyUagqIEF@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
References: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-01/txt/msg01107.txt.bz2
Content-length: 486

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #8 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Dâniel Fraga from comment #7)
> (In reply to Andrew Pinski from comment #6)
> > Try:
> > disassemble $pc,$pc
> 
> (gdb) disassemble $pc,$pc
> Dump of assembler code from 0x7ffff4538d0c to 0x7ffff4538d0c:
> End of assembler dump.
> 
> ***********
> 
> Empty dump? Is this correct or I did something wrong?

Try this:
disassemble $pc,$pc+0x10
>From gcc-bugs-return-473114-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Jan 14 03:30:57 2015
Return-Path: <gcc-bugs-return-473114-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 19764 invoked by alias); 14 Jan 2015 03:30:56 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 19727 invoked by uid 48); 14 Jan 2015 03:30:49 -0000
From: "fragabr at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))
Date: Wed, 14 Jan 2015 03:30:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.9.2
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fragabr at gmail dot com
X-Bugzilla-Status: WAITING
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-64590-4-GaAXwdkSvf@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
References: <bug-64590-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-01/txt/msg01108.txt.bz2
Content-length: 565

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #9 from Dâniel Fraga <fragabr at gmail dot com> ---
(In reply to Andrew Pinski from comment #8)
> Try this:
> disassemble $pc,$pc+0x10

(gdb) disassemble $pc,$pc+0x10
Dump of assembler code from 0x7ffff4538d0c to 0x7ffff4538d1c:
=> 0x00007ffff4538d0c <js::AssertHeapIsIdle(JSRuntime*)+28>:    movl   $0x0,0x0
   0x00007ffff4538d17 <js::AssertHeapIsIdle(JSRuntime*)+39>:    ud2    
   0x00007ffff4538d19:  nop
   0x00007ffff4538d1a:  nopw   0x0(%rax,%rax,1)
End of assembler dump.
>From gcc-bugs-return-473115-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Jan 14 03:47:30 2015
Return-Path: <gcc-bugs-return-473115-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 27405 invoked by alias); 14 Jan 2015 03:47:28 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 27097 invoked by uid 48); 14 Jan 2015 03:47:18 -0000
From: "tbsaunde at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/64521] [4.9/5 Regression] ICE with -frepo
Date: Wed, 14 Jan 2015 03:47:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c++
X-Bugzilla-Version: 5.0
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: tbsaunde at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 4.9.3
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-64521-4-m4pByotYCx@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-64521-4@http.gcc.gnu.org/bugzilla/>
References: <bug-64521-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-01/txt/msg01109.txt.bz2
Content-length: 593

https://gcc.gnu.org/bugzilla/show_bug.cgi?idd521

tbsaunde at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tbsaunde at gcc dot gnu.org

--- Comment #2 from tbsaunde at gcc dot gnu.org ---
(In reply to Jonathan Wakely from comment #1)
> I have a doc patch somewhere advising against using -frepo ... it's not
> necessary on modern systems and seems to have bit-rotted.

should we just remove it? or is there a reason to keep it?

[Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
That most likely means a failed assertion implemented on the mozilla side as
store to NULL pointer followed to __builtin_trap () just in case.
Anyway, that doesn't look like a reason for the -march=nehalem vs.
-march=sandybridge differences.  If that really turns a working binary into
non-working, perhaps try to bisect between -march=nehalem -O3 and
-march=sandybridge -O3 (forget about -floop-interchange -floop-strip-mine
-floop-block everywhere) built *.o files, until you find the problematic one. 
Then using __attribute__((target ("march=sandybridge"))) in -march=nehalem
compiled object (or vice versa) you could try to bisect between different
routines to find out where the problem is.

[Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[fragabr at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

Dâniel Fraga <fragabr at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |RESOLVED
         Resolution|---                         |INVALID

--- Comment #11 from Dâniel Fraga <fragabr at gmail dot com> ---
I'm marking this as INVALID, since the following patch fixes the problem in
Firefox:

https://hg.mozilla.org/integration/mozilla-inbound/rev/b266a69f1947

Thanks.
>From gcc-bugs-return-476615-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Tue Feb 10 09:41:35 2015
Return-Path: <gcc-bugs-return-476615-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 8506 invoked by alias); 10 Feb 2015 09:41:35 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 8418 invoked by uid 48); 10 Feb 2015 09:41:31 -0000
From: "rainer@emrich-ebersheim.de" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug gcov-profile/61889] [5 Regression] gcov-tool.c uses nftw, ftw.h
Date: Tue, 10 Feb 2015 09:41:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: gcov-profile
X-Bugzilla-Version: 5.0
X-Bugzilla-Keywords: build
X-Bugzilla-Severity: normal
X-Bugzilla-Who: rainer@emrich-ebersheim.de
X-Bugzilla-Status: REOPENED
X-Bugzilla-Priority: P1
X-Bugzilla-Assigned-To: xur at google dot com
X-Bugzilla-Target-Milestone: 5.0
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_status resolution
Message-ID: <bug-61889-4-uBT7nCx5J8@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-61889-4@http.gcc.gnu.org/bugzilla/>
References: <bug-61889-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-02/txt/msg00948.txt.bz2
Content-length: 665

https://gcc.gnu.org/bugzilla/show_bug.cgi?ida889

Rainer Emrich <rainer@emrich-ebersheim.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #25 from Rainer Emrich <rainer@emrich-ebersheim.de> ---
(In reply to Jeffrey A. Law from comment #24)
> Fixed by Trevor's patch to the trunk.  We have a configure check for ftw.h
> and if it's not found we disable things that are dependent on ftw.

The issue described in comment 8 isn't solved at all!

[Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[dbaron at dbaron dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

David Baron <dbaron at dbaron dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dbaron at dbaron dot org

--- Comment #12 from David Baron <dbaron at dbaron dot org> ---
The correct changeset that fixed the problem is:
https://hg.mozilla.org/integration/mozilla-inbound/rev/3023f9390942

[Bug tree-optimization/64590] Firefox 34 triggers GCC AVX bug (segfault: XPCCallContext::GetJSContext (this=0xfffc7fffe3e23980))

[fragabr at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64590

--- Comment #13 from Dâniel Fraga <fragabr at gmail dot com> ---
(In reply to David Baron from comment #12)
> The correct changeset that fixed the problem is:
> https://hg.mozilla.org/integration/mozilla-inbound/rev/3023f9390942

Yes, thanks! :)
>From gcc-bugs-return-476817-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Feb 11 11:12:52 2015
Return-Path: <gcc-bugs-return-476817-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 31300 invoked by alias); 11 Feb 2015 11:12:52 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 31143 invoked by uid 48); 11 Feb 2015 11:12:46 -0000
From: "marc at kdab dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/60621] std::vector::emplace_back generates massively more code than push_back
Date: Wed, 11 Feb 2015 11:12:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: libstdc++
X-Bugzilla-Version: 4.7.2
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: marc at kdab dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-60621-4-qPYVkBIh7I@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-60621-4@http.gcc.gnu.org/bugzilla/>
References: <bug-60621-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-02/txt/msg01150.txt.bz2
Content-length: 1524

https://gcc.gnu.org/bugzilla/show_bug.cgi?id`621

--- Comment #3 from marc at kdab dot com ---
Now, what is _really_ weird is that push_back(T&&) _calls_ emplace_back(). I
also tried the magic incantation

   g++ --param large-unit-insns\x100000000 \
       --param inline-unit-growth\x100000000 \
       --param max-inline-insns-single\x100000000 \
       --param large-function-growth\x100000000 \
       --param large-function-insns\x100000000 -O2

to no avail. I can get the two version to within 80 bytes of text of each other
by adding -fno-exceptions, so it's probably related to that. The (implicit)
move ctor of S cannot throw, but the std::string(const char*) ctor can. Ie. in
the rvalue-push_back case, emplace_back only dabbles in noexcept operations,
and in the 3xconst char* case, it needs to deal with three throwing ctors.

I can reduce the text size to within a few hundreds of bytes by marking both
emplace_back and _M_emplace_back_aux as __attribute__((always_inline)), so
something prevents gcc from inlining even when turning the inlining paramters
all the way up.

I can also reduce the text size by passing std::strings instead of conat
char*s:

   text    data     bss     dec     hex filename
   5628     672      40    6340    18c4 emplace-vs-push_back.eb
   4991     672      40    5703    1647 emplace-vs-push_back.nt
   4516     648      40    5204    1454 emplace-vs-push_back.pb

(where .nt is EMPLACE_BACK_NOTHROW). Still a large gap...

Have we accepted another auto_ptr into the standard? :)