[Bug tree-optimization/94717] New: [10 Regression] ICE: SIGSEGV in output_merged_store (gimple-ssa-store-merging.c:4307) with -O2 -fnon-call-exceptions -ftracer

[Bug tree-optimization/94717] New: [10 Regression] ICE: SIGSEGV in output_merged_store (gimple-ssa-store-merging.c:4307) with -O2 -fnon-call-exceptions -ftracer

[zsojka at seznam dot cz]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

            Bug ID: 94717
           Summary: [10 Regression] ICE: SIGSEGV in output_merged_store
                    (gimple-ssa-store-merging.c:4307) with -O2
                    -fnon-call-exceptions -ftracer
           Product: gcc
           Version: 10.0
            Status: UNCONFIRMED
          Keywords: ice-on-valid-code
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: zsojka at seznam dot cz
  Target Milestone: ---
              Host: x86_64-pc-linux-gnu

Created attachment 48355
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48355&action=edit
reduced testcase

Compiler output:
$ x86_64-pc-linux-gnu-g++ -O2 -fnon-call-exceptions -ftracer testcase.C
-wrapper valgrind,-q
==19787== Invalid read of size 4
==19787==    at 0x1C19FA2: (anonymous
namespace)::imm_store_chain_info::output_merged_store((anonymous
namespace)::merged_store_group*) (gimple-ssa-store-merging.c:4307)
==19787==    by 0x1C1C81A: output_merged_stores
(gimple-ssa-store-merging.c:4363)
==19787==    by 0x1C1C81A: terminate_and_process_chain
(gimple-ssa-store-merging.c:4407)
==19787==    by 0x1C1C81A: (anonymous
namespace)::pass_store_merging::terminate_and_process_chain((anonymous
namespace)::imm_store_chain_info*) (gimple-ssa-store-merging.c:2207)
==19787==    by 0x1C1DDEF: terminate_and_process_all_chains
(gimple-ssa-store-merging.c:2142)
==19787==    by 0x1C1DDEF: (anonymous
namespace)::pass_store_merging::execute(function*)
(gimple-ssa-store-merging.c:4953)
==19787==    by 0x1150047: execute_one_pass(opt_pass*) (passes.c:2502)
==19787==    by 0x11509BF: execute_pass_list_1(opt_pass*) (passes.c:2590)
==19787==    by 0x11509D1: execute_pass_list_1(opt_pass*) (passes.c:2591)
==19787==    by 0x11509F8: execute_pass_list(function*, opt_pass*)
(passes.c:2601)
==19787==    by 0xDB2AAB: cgraph_node::expand() (cgraphunit.c:2300)
==19787==    by 0xDB3CBF: expand_all_functions (cgraphunit.c:2471)
==19787==    by 0xDB3CBF: symbol_table::compile() [clone .part.0]
(cgraphunit.c:2822)
==19787==    by 0xDB602C: compile (cgraphunit.c:2735)
==19787==    by 0xDB602C: symbol_table::finalize_compilation_unit()
(cgraphunit.c:3002)
==19787==    by 0x123C10E: compile_file() (toplev.c:483)
==19787==    by 0xA81BF7: do_compile (toplev.c:2273)
==19787==    by 0xA81BF7: toplev::main(int, char**) (toplev.c:2412)
==19787==  Address 0x24 is not stack'd, malloc'd or (recently) free'd
==19787== 
during GIMPLE pass: store-merging
testcase.C: In function 'void foo(S*)':
testcase.C:18:1: internal compiler error: Segmentation fault
   18 | foo (S *x)
      | ^~~
Please submit a full bug report,
with preprocessed source if appropriate.
See <https://gcc.gnu.org/bugs/> for instructions.

$ x86_64-pc-linux-gnu-g++ -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest/bin/x86_64-pc-linux-gnu-g++
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r10-7870-20200422110559-g413232a55b9-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/10.0.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu
--with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r10-7870-20200422110559-g413232a55b9-checking-yes-rtl-df-extra-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 10.0.1 20200422 (experimental) (GCC)

[Bug tree-optimization/94717] [10 Regression] ICE: SIGSEGV in output_merged_store (gimple-ssa-store-merging.c:4307) with -O2 -fnon-call-exceptions -ftracer since r10-3575-g629387a6586a7531

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
            Summary|[10 Regression] ICE:        |[10 Regression] ICE:
                   |SIGSEGV in                  |SIGSEGV in
                   |output_merged_store         |output_merged_store
                   |(gimple-ssa-store-merging.c |(gimple-ssa-store-merging.c
                   |:4307) with -O2             |:4307) with -O2
                   |-fnon-call-exceptions       |-fnon-call-exceptions
                   |-ftracer                    |-ftracer since
                   |                            |r10-3575-g629387a6586a7531
                 CC|                            |ebotcazou at gcc dot gnu.org,
                   |                            |jakub at gcc dot gnu.org,
                   |                            |marxin at gcc dot gnu.org
           Priority|P3                          |P1
   Target Milestone|---                         |10.0
   Last reconfirmed|                            |2020-04-23
     Ever confirmed|0                           |1

--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r10-3575-g629387a6586a7531.

[Bug tree-optimization/94717] [10 Regression] ICE: SIGSEGV in output_merged_store (gimple-ssa-store-merging.c:4307) with -O2 -fnon-call-exceptions -ftracer since r10-3575-g629387a6586a7531

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

Eric Botcazou <ebotcazou at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at gcc dot gnu.org      |ebotcazou at gcc dot gnu.org
             Status|NEW                         |ASSIGNED

--- Comment #2 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
The compiler is apparently not prepared for new trapping loads.  Fixing...

[Bug tree-optimization/94717] [10 Regression] segfault with -O2 -fnon-call-exceptions -ftracer

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

--- Comment #3 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
> The compiler is apparently not prepared for new trapping loads.  Fixing...

No, just a missing check on landing pads:

index a6687cd9c98..4ab8e0250ab 100644
--- a/gcc/gimple-ssa-store-merging.c
+++ b/gcc/gimple-ssa-store-merging.c
@@ -2680,6 +2680,7 @@ imm_store_chain_info::coalesce_immediate_stores ()
         p[3] = data;
         using the bswap framework.  */
       if (info->bitpos == merged_store->start + merged_store->width
+         && info->lp_nr == merged_store->lp_nr
          && merged_store->stores.length () == 1
          && merged_store->stores[0]->ins_stmt != NULL
          && info->ins_stmt != NULL)

[Bug tree-optimization/94717] [10 Regression] segfault with -O2 -fnon-call-exceptions -ftracer

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to Eric Botcazou from comment #3)
> > The compiler is apparently not prepared for new trapping loads.  Fixing...
> 
> No, just a missing check on landing pads:
> 
> index a6687cd9c98..4ab8e0250ab 100644
> --- a/gcc/gimple-ssa-store-merging.c
> +++ b/gcc/gimple-ssa-store-merging.c
> @@ -2680,6 +2680,7 @@ imm_store_chain_info::coalesce_immediate_stores ()
>          p[3] = data;
>          using the bswap framework.  */
>        if (info->bitpos == merged_store->start + merged_store->width
> +         && info->lp_nr == merged_store->lp_nr
>           && merged_store->stores.length () == 1
>           && merged_store->stores[0]->ins_stmt != NULL
>           && info->ins_stmt != NULL)

Shouldn't that be done in try_coalesce_bswap instead?
Because checking lp_nr above will only make sure it is the same between
merged_store and the first store after it, but we are trying to coalesce often
more than that.
By checking it in try_coalesce_bswap, in the first loop in that function, it
will verify all stores.

[Bug tree-optimization/94717] [10 Regression] segfault with -O2 -fnon-call-exceptions -ftracer

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

--- Comment #5 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
> Shouldn't that be done in try_coalesce_bswap instead?
> Because checking lp_nr above will only make sure it is the same between
> merged_store and the first store after it, but we are trying to coalesce
> often more than that.
> By checking it in try_coalesce_bswap, in the first loop in that function, it
> will verify all stores.

OK, I didn't realize that try_coalesce_bswap has its own private loop.  But
this can be done in both places, like the check on ins_stmt.

[Bug tree-optimization/94717] [10 Regression] segfault with -O2 -fnon-call-exceptions -ftracer

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Even the
&& info->ins_stmt != NULL
in coalesce_immediate_stores is redundant, because try_coalesce_bswap is called
with first = i - 1 and starts with i = first + 1 and thus caller's i and
info in the caller is m_store_info[i].
But I certainly don't object to having the redundant check in the caller,
so patch to add the check to try_coalesce_bswap is preapproved, with or without
adding the check to the caller too, your decision.

[Bug tree-optimization/94717] [10 Regression] segfault with -O2 -fnon-call-exceptions -ftracer

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Eric Botcazou <ebotcazou@gcc.gnu.org>:

https://gcc.gnu.org/g:cb76fcd7fb4a4f1e4d1688deca87969124f16fef

commit r10-7926-gcb76fcd7fb4a4f1e4d1688deca87969124f16fef
Author: Eric Botcazou <ebotcazou@gcc.gnu.org>
Date:   Thu Apr 23 22:25:04 2020 +0200

    Fix segfault with -O2 -fnon-call-exceptions -ftracer

    The GIMPLE SSA store merging pass blows up when it is rewriting the
    stores because it didn't realize that they don't belong to the same
    EH region.  Fixed by refusing to merge them.

            PR tree-optimization/94717
            * gimple-ssa-store-merging.c (try_coalesce_bswap): Return false if
            one of the stores doesn't have the same landing pad number as the
            first.
            (coalesce_immediate_stores): Do not try to coalesce the store using
            bswap if it doesn't have the same landing pad number as the first.

[Bug tree-optimization/94717] [10 Regression] segfault with -O2 -fnon-call-exceptions -ftracer

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94717

Eric Botcazou <ebotcazou at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #8 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
.