public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary
@ 2015-03-26 12:49 burnus at gcc dot gnu.org
2015-03-26 13:03 ` [Bug sanitizer/65583] " mpolacek at gcc dot gnu.org
` (12 more replies)
0 siblings, 13 replies; 14+ messages in thread
From: burnus at gcc dot gnu.org @ 2015-03-26 12:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
Bug ID: 65583
Summary: [5 Regression][UBSAN] ICE segfault in
inline_edge_summary
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: burnus at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Created attachment 35146
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=35146&action=edit
input.ii - compile with g++ -std=c++11 -O2 -fsanitize=undefined
This must be caused by a fairly recent commit as I tend to compile both GCC and
the code daily - albeit not always with the same options / compiler. Still, I
think it must be a commit in the last 36h.
$ g++ -std=c++11 -O2 -fsanitize=undefined input31.ii
input31.ii: In member function ‘void std::__cxx11::basic_string<_CharT,
_Traits, _Alloc>::_M_dispose() [with _CharT = char; _Traits =
std::char_traits<char>; _Alloc = std::allocator<char>]’:
input31.ii:136:1: internal compiler error: Segmentation fault
}
^
0xce0aef crash_signal
../../gcc/toplev.c:383
0xb3bc11 inline_edge_summary
../../gcc/ipa-inline.h:275
0xb3bc11 estimate_function_body_sizes
../../gcc/ipa-inline-analysis.c:2657
0xb3e653 compute_inline_parameters(cgraph_node*, bool)
../../gcc/ipa-inline-analysis.c:2951
0xdb9cd8 convert_callers_for_node
../../gcc/tree-sra.c:4936
0xdbf29d cgraph_node::call_for_symbol_and_aliases(bool (*)(cgraph_node*,
void*), void*, bool)
../../gcc/cgraph.h:3024
>From gcc-bugs-return-481809-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Thu Mar 26 12:41:03 2015
Return-Path: <gcc-bugs-return-481809-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 91368 invoked by alias); 26 Mar 2015 12:41:03 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 91305 invoked by uid 48); 26 Mar 2015 12:41:00 -0000
From: "law at redhat dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug rtl-optimization/64317] [5 Regression] Ineffective allocation of PIC base register
Date: Thu, 26 Mar 2015 12:52:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: rtl-optimization
X-Bugzilla-Version: 5.0
X-Bugzilla-Keywords: missed-optimization, ra
X-Bugzilla-Severity: normal
X-Bugzilla-Who: law at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: law at redhat dot com
X-Bugzilla-Target-Milestone: 5.0
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_status resolution
Message-ID: <bug-64317-4-GHdZJ09VOH@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-64317-4@http.gcc.gnu.org/bugzilla/>
References: <bug-64317-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-03/txt/msg02953.txt.bz2
Content-length: 460
https://gcc.gnu.org/bugzilla/show_bug.cgi?idd317
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #26 from Jeffrey A. Law <law at redhat dot com> ---
Forgot to change BZ state after committing fix.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
@ 2015-03-26 13:03 ` mpolacek at gcc dot gnu.org
2015-03-26 13:08 ` mpolacek at gcc dot gnu.org
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 13:03 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2015-03-26
CC| |mpolacek at gcc dot gnu.org
Target Milestone|--- |5.0
Ever confirmed|0 |1
--- Comment #1 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Confirmed, bisecting...
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
2015-03-26 13:03 ` [Bug sanitizer/65583] " mpolacek at gcc dot gnu.org
@ 2015-03-26 13:08 ` mpolacek at gcc dot gnu.org
2015-03-26 13:19 ` rguenth at gcc dot gnu.org
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 13:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #2 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Started with r221660, the following seems to fix it:
--- a/gcc/passes.c
+++ b/gcc/passes.c
@@ -425,7 +425,7 @@ public:
virtual bool gate (function *)
{
/* Don't bother doing anything if the program has errors. */
- return (flag_check_pointer_bounds
+ return ((flag_check_pointer_bounds || flag_sanitize)
&& !seen_error () && !in_lto_p);
}
But whether that makes any sense, I don't know yet.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
2015-03-26 13:03 ` [Bug sanitizer/65583] " mpolacek at gcc dot gnu.org
2015-03-26 13:08 ` mpolacek at gcc dot gnu.org
@ 2015-03-26 13:19 ` rguenth at gcc dot gnu.org
2015-03-26 13:20 ` jakub at gcc dot gnu.org
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-03-26 13:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
Doesn't make sense to me.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (2 preceding siblings ...)
2015-03-26 13:19 ` rguenth at gcc dot gnu.org
@ 2015-03-26 13:20 ` jakub at gcc dot gnu.org
2015-03-26 13:21 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-03-26 13:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Well, running the chkp pass queue for the sanitization doesn't make any sense.
So, most likely the problem is that ubsan pass? doesn't update cgraph edges or
something similar and with the removal of the chkp passes nothing rebuilds
that?
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (3 preceding siblings ...)
2015-03-26 13:20 ` jakub at gcc dot gnu.org
@ 2015-03-26 13:21 ` rguenth at gcc dot gnu.org
2015-03-26 13:27 ` rguenth at gcc dot gnu.org
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-03-26 13:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
Does Honzas patch "Discover nothorow functions before into_ssa" fix it?
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (4 preceding siblings ...)
2015-03-26 13:21 ` rguenth at gcc dot gnu.org
@ 2015-03-26 13:27 ` rguenth at gcc dot gnu.org
2015-03-26 13:31 ` jakub at gcc dot gnu.org
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-03-26 13:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
Well, pass_local_optimization_passes immediately runs
NEXT_PASS (pass_fixup_cfg);
NEXT_PASS (pass_rebuild_cgraph_edges);
which should be the only effect of pass_chkp_instrumentation_passes for UBSAN
as well.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (6 preceding siblings ...)
2015-03-26 13:31 ` jakub at gcc dot gnu.org
@ 2015-03-26 13:31 ` mpolacek at gcc dot gnu.org
2015-03-26 13:38 ` mpolacek at gcc dot gnu.org
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 13:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #7 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
OK, that was clearly bogus. The "Discover nothorow functions before into_ssa"
doesn't fix it.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (5 preceding siblings ...)
2015-03-26 13:27 ` rguenth at gcc dot gnu.org
@ 2015-03-26 13:31 ` jakub at gcc dot gnu.org
2015-03-26 13:31 ` mpolacek at gcc dot gnu.org
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-03-26 13:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
So, can you try to schedule another
NEXT_PASS (pass_rebuild_cgraph_edges);
right after ubsan pass if that fixes it?
And then move that right before ubsan and see if it is broken again?
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (7 preceding siblings ...)
2015-03-26 13:31 ` mpolacek at gcc dot gnu.org
@ 2015-03-26 13:38 ` mpolacek at gcc dot gnu.org
2015-03-26 13:56 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 13:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #9 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #8)
> So, can you try to schedule another
> NEXT_PASS (pass_rebuild_cgraph_edges);
> right after ubsan pass if that fixes it?
> And then move that right before ubsan and see if it is broken again?
Yup: scheduling the pass after ubsan fixes it, scheduling is before ICEs as
well. So either simply that, or something like
--- a/gcc/passes.def
+++ b/gcc/passes.def
@@ -57,6 +57,9 @@ along with GCC; see the file COPYING3. If not see
NEXT_PASS (pass_init_datastructures);
NEXT_PASS (pass_build_ssa);
NEXT_PASS (pass_ubsan);
+ PUSH_INSERT_PASSES_WITHIN (pass_ubsan)
+ NEXT_PASS (pass_rebuild_cgraph_edges);
+ POP_INSERT_PASSES ()
NEXT_PASS (pass_early_warn_uninitialized);
POP_INSERT_PASSES ()
(Maybe that PUSH_INSERT_PASSES_WITHIN makes it cheaper for non-ubsan
compilation?)
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (8 preceding siblings ...)
2015-03-26 13:38 ` mpolacek at gcc dot gnu.org
@ 2015-03-26 13:56 ` jakub at gcc dot gnu.org
2015-03-26 14:44 ` mpolacek at gcc dot gnu.org
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-03-26 13:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #10 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Or just teach ubsan pass to add cgraph edges for the calls it adds (I believe
it doesn't remove any calls, just adds them). Guess that should be cheaper
than scheduling another rebuild_cgraph_edges pass.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (9 preceding siblings ...)
2015-03-26 13:56 ` jakub at gcc dot gnu.org
@ 2015-03-26 14:44 ` mpolacek at gcc dot gnu.org
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-26 14:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |mpolacek at gcc dot gnu.org
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (10 preceding siblings ...)
2015-03-26 14:44 ` mpolacek at gcc dot gnu.org
@ 2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-27 9:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
--- Comment #11 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Author: mpolacek
Date: Fri Mar 27 09:33:20 2015
New Revision: 221723
URL: https://gcc.gnu.org/viewcvs?rev=221723&root=gcc&view=rev
Log:
PR sanitizer/65583
* ubsan.c (ubsan_create_edge): New function.
(instrument_bool_enum_load): Call it.
(instrument_nonnull_arg): Likewise.
(instrument_nonnull_return): Likewise.
(instrument_object_size): Likewise.
* g++.dg/ubsan/pr65583.C: New test.
Added:
trunk/gcc/testsuite/g++.dg/ubsan/pr65583.C
Modified:
trunk/gcc/ChangeLog
trunk/gcc/testsuite/ChangeLog
trunk/gcc/ubsan.c
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug sanitizer/65583] [5 Regression][UBSAN] ICE segfault in inline_edge_summary
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
` (11 preceding siblings ...)
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
@ 2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2015-03-27 9:55 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65583
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #12 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2015-03-27 9:34 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-26 12:49 [Bug sanitizer/65583] New: [5 Regression][UBSAN] ICE segfault in inline_edge_summary burnus at gcc dot gnu.org
2015-03-26 13:03 ` [Bug sanitizer/65583] " mpolacek at gcc dot gnu.org
2015-03-26 13:08 ` mpolacek at gcc dot gnu.org
2015-03-26 13:19 ` rguenth at gcc dot gnu.org
2015-03-26 13:20 ` jakub at gcc dot gnu.org
2015-03-26 13:21 ` rguenth at gcc dot gnu.org
2015-03-26 13:27 ` rguenth at gcc dot gnu.org
2015-03-26 13:31 ` jakub at gcc dot gnu.org
2015-03-26 13:31 ` mpolacek at gcc dot gnu.org
2015-03-26 13:38 ` mpolacek at gcc dot gnu.org
2015-03-26 13:56 ` jakub at gcc dot gnu.org
2015-03-26 14:44 ` mpolacek at gcc dot gnu.org
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
2015-03-27 9:55 ` mpolacek at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).