* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
@ 2015-03-26 13:03 ` mpolacek at gcc dot gnu.org
2015-03-26 13:08 ` mpolacek at gcc dot gnu.org
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 13:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2015-03-26
CC| |mpolacek at gcc dot gnu.org
Target Milestone|--- |5.0
Ever confirmed|0 |1
--- Comment #1 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Confirmed, bisecting...
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
2015-03-26 13:03 ` [Bug sanitizer/65583] " mpolacek at gcc dot gnu.org
@ 2015-03-26 13:08 ` mpolacek at gcc dot gnu.org
2015-03-26 13:19 ` rguenth at gcc dot gnu.org
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 13:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #2 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Started with r221660, the following seems to fix it:
--- a/gcc/passes.c
+++ b/gcc/passes.c
@@ -425,7 +425,7 @@ public:
virtual bool gate (function *)
{
/* Don't bother doing anything if the program has errors. */
- return (flag_check_pointer_bounds
+ return ((flag_check_pointer_bounds || flag_sanitize)
&& !seen_error () && !in_lto_p);
}
But whether that makes any sense, I don't know yet.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
2015-03-26 13:03 ` [Bug sanitizer/65583] " mpolacek at gcc dot gnu.org
2015-03-26 13:08 ` mpolacek at gcc dot gnu.org
@ 2015-03-26 13:19 ` rguenth at gcc dot gnu.org
2015-03-26 13:20 ` jakub at gcc dot gnu.org
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-03-26 13:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
Doesn't make sense to me.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (2 preceding siblings ...)
2015-03-26 13:19 ` rguenth at gcc dot gnu.org
@ 2015-03-26 13:20 ` jakub at gcc dot gnu.org
2015-03-26 13:21 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-03-26 13:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Well, running the chkp pass queue for the sanitization doesn't make any sense.
So, most likely the problem is that ubsan pass? doesn't update cgraph edges or
something similar and with the removal of the chkp passes nothing rebuilds
that?
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (3 preceding siblings ...)
2015-03-26 13:20 ` jakub at gcc dot gnu.org
@ 2015-03-26 13:21 ` rguenth at gcc dot gnu.org
2015-03-26 13:27 ` rguenth at gcc dot gnu.org
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-03-26 13:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
Does Honzas patch "Discover nothorow functions before into_ssa" fix it?
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (4 preceding siblings ...)
2015-03-26 13:21 ` rguenth at gcc dot gnu.org
@ 2015-03-26 13:27 ` rguenth at gcc dot gnu.org
2015-03-26 13:31 ` mpolacek at gcc dot gnu.org
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-03-26 13:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
Well, pass_local_optimization_passes immediately runs
NEXT_PASS (pass_fixup_cfg);
NEXT_PASS (pass_rebuild_cgraph_edges);
which should be the only effect of pass_chkp_instrumentation_passes for UBSAN
as well.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (5 preceding siblings ...)
2015-03-26 13:27 ` rguenth at gcc dot gnu.org
@ 2015-03-26 13:31 ` mpolacek at gcc dot gnu.org
2015-03-26 13:31 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 13:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #7 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
OK, that was clearly bogus. The "Discover nothorow functions before into_ssa"
doesn't fix it.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (6 preceding siblings ...)
2015-03-26 13:31 ` mpolacek at gcc dot gnu.org
@ 2015-03-26 13:31 ` jakub at gcc dot gnu.org
2015-03-26 13:38 ` mpolacek at gcc dot gnu.org
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-03-26 13:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
So, can you try to schedule another
NEXT_PASS (pass_rebuild_cgraph_edges);
right after ubsan pass if that fixes it?
And then move that right before ubsan and see if it is broken again?
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (7 preceding siblings ...)
2015-03-26 13:31 ` jakub at gcc dot gnu.org
@ 2015-03-26 13:38 ` mpolacek at gcc dot gnu.org
2015-03-26 13:56 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 13:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #9 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #8)
> So, can you try to schedule another
> NEXT_PASS (pass_rebuild_cgraph_edges);
> right after ubsan pass if that fixes it?
> And then move that right before ubsan and see if it is broken again?
Yup: scheduling the pass after ubsan fixes it, scheduling is before ICEs as
well. So either simply that, or something like
--- a/gcc/passes.def
+++ b/gcc/passes.def
@@ -57,6 +57,9 @@ along with GCC; see the file COPYING3. If not see
NEXT_PASS (pass_init_datastructures);
NEXT_PASS (pass_build_ssa);
NEXT_PASS (pass_ubsan);
+ PUSH_INSERT_PASSES_WITHIN (pass_ubsan)
+ NEXT_PASS (pass_rebuild_cgraph_edges);
+ POP_INSERT_PASSES ()
NEXT_PASS (pass_early_warn_uninitialized);
POP_INSERT_PASSES ()
(Maybe that PUSH_INSERT_PASSES_WITHIN makes it cheaper for non-ubsan
compilation?)
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (8 preceding siblings ...)
2015-03-26 13:38 ` mpolacek at gcc dot gnu.org
@ 2015-03-26 13:56 ` jakub at gcc dot gnu.org
2015-03-26 14:44 ` mpolacek at gcc dot gnu.org
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-03-26 13:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Or just teach ubsan pass to add cgraph edges for the calls it adds (I believe
it doesn't remove any calls, just adds them). Guess that should be cheaper
than scheduling another rebuild_cgraph_edges pass.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (9 preceding siblings ...)
2015-03-26 13:56 ` jakub at gcc dot gnu.org
@ 2015-03-26 14:44 ` mpolacek at gcc dot gnu.org
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 14:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |mpolacek at gcc dot gnu.org
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (10 preceding siblings ...)
2015-03-26 14:44 ` mpolacek at gcc dot gnu.org
@ 2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-27 9:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #12 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (11 preceding siblings ...)
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
@ 2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-27 9:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #11 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Author: mpolacek
Date: Fri Mar 27 09:33:20 2015
New Revision: 221723
URL: https://gcc.gnu.org/viewcvs?rev=221723&root=gcc&view=rev
Log:
PR sanitizer/65583
* ubsan.c (ubsan_create_edge): New function.
(instrument_bool_enum_load): Call it.
(instrument_nonnull_arg): Likewise.
(instrument_nonnull_return): Likewise.
(instrument_object_size): Likewise.
* g++.dg/ubsan/pr65583.C: New test.
Added:
trunk/gcc/testsuite/g++.dg/ubsan/pr65583.C
Modified:
trunk/gcc/ChangeLog
trunk/gcc/testsuite/ChangeLog
trunk/gcc/ubsan.c
^ permalink raw reply [flat|nested] 14+ messages in thread