* [Bug c/96130] 10.1.1: segfault during IPA pass: fnsummary
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
@ 2020-07-09 8:37 ` marxin at gcc dot gnu.org
2020-07-09 8:45 ` [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd marxin at gcc dot gnu.org
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-07-09 8:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2020-07-09
Ever confirmed|0 |1
Status|UNCONFIRMED |ASSIGNED
CC| |marxin at gcc dot gnu.org
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Confirmed, working on that..
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
2020-07-09 8:37 ` [Bug c/96130] " marxin at gcc dot gnu.org
@ 2020-07-09 8:45 ` marxin at gcc dot gnu.org
2020-07-09 8:56 ` marxin at gcc dot gnu.org
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-07-09 8:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEW
Known to work| |9.3.0
Keywords| |ice-on-valid-code
Known to fail| |10.1.0, 11.0
CC| |fxue at gcc dot gnu.org
Summary|10.1.1: segfault during IPA |[10/11 Regression] ICE in
|pass: fnsummary |analyze_function_body at
| |gcc/ipa-fnsummary.c:2769
| |since
| |r10-3199-g351e7c3b5fbd45bd
Component|c |ipa
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
Reduced test-case:
$ cat pr96130.c
enum {
PIPE_FUNC_NEVER,
PIPE_FUNC_LESS,
PIPE_FUNC_EQUAL,
PIPE_FUNC_LEQUAL,
PIPE_FUNC_GREATER,
PIPE_FUNC_NOTEQUAL,
PIPE_FUNC_GEQUAL,
PIPE_FUNC_ALWAYS
} sample_compare_k_0;
int sample_compare_rgba;
struct pipe_sampler_state {
unsigned compare_func : 3;
};
void
sample_compare(struct pipe_sampler_state *sp_samp) {
switch (sp_samp->compare_func) {
case PIPE_FUNC_LESS:
case PIPE_FUNC_LEQUAL:
case PIPE_FUNC_GREATER:
case PIPE_FUNC_GEQUAL:
case PIPE_FUNC_EQUAL:
case PIPE_FUNC_NOTEQUAL:
sample_compare_k_0 != sample_compare_rgba;
case PIPE_FUNC_ALWAYS:
case PIPE_FUNC_NEVER:
break;
default:
for (;;)
;
}
}
fails here:
$ gcc pr96130.c -c -O1
during IPA pass: fnsummary
pr96130.c: In function ‘sample_compare’:
pr96130.c:34:1: internal compiler error: Segmentation fault
34 | }
| ^
0xdc22ef crash_signal
/home/marxin/Programming/gcc/gcc/toplev.c:328
0x7ffff78d752f ???
/usr/src/debug/glibc-2.31-6.1.x86_64/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0xb938f9 analyze_function_body
/home/marxin/Programming/gcc/gcc/ipa-fnsummary.c:2769
0xb944e3 compute_fn_summary(cgraph_node*, bool)
/home/marxin/Programming/gcc/gcc/ipa-fnsummary.c:2974
0xb94990 inline_analyze_function(cgraph_node*)
/home/marxin/Programming/gcc/gcc/ipa-fnsummary.c:4078
0xb94b73 ipa_fn_summary_generate
/home/marxin/Programming/gcc/gcc/ipa-fnsummary.c:4121
0xcea35b execute_ipa_summary_passes(ipa_opt_pass_d*)
/home/marxin/Programming/gcc/gcc/passes.c:2191
0x966a97 ipa_passes
/home/marxin/Programming/gcc/gcc/cgraphunit.c:2646
0x966a97 symbol_table::compile()
/home/marxin/Programming/gcc/gcc/cgraphunit.c:2756
0x96885c symbol_table::compile()
/home/marxin/Programming/gcc/gcc/cgraphunit.c:2736
0x96885c symbol_table::finalize_compilation_unit()
/home/marxin/Programming/gcc/gcc/cgraphunit.c:3003
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
started with
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
2020-07-09 8:37 ` [Bug c/96130] " marxin at gcc dot gnu.org
2020-07-09 8:45 ` [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd marxin at gcc dot gnu.org
@ 2020-07-09 8:56 ` marxin at gcc dot gnu.org
2020-07-09 11:37 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-07-09 8:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
Started with r10-3199-g351e7c3b5fbd45bd, leaving to Feng.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (2 preceding siblings ...)
2020-07-09 8:56 ` marxin at gcc dot gnu.org
@ 2020-07-09 11:37 ` rguenth at gcc dot gnu.org
2020-07-10 13:38 ` marxin at gcc dot gnu.org
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu.org @ 2020-07-09 11:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |10.2
Priority|P3 |P2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (3 preceding siblings ...)
2020-07-09 11:37 ` rguenth at gcc dot gnu.org
@ 2020-07-10 13:38 ` marxin at gcc dot gnu.org
2020-07-10 13:47 ` jakub at gcc dot gnu.org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-07-10 13:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #4 from Martin Liška <marxin at gcc dot gnu.org> ---
*** Bug 96150 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (4 preceding siblings ...)
2020-07-10 13:38 ` marxin at gcc dot gnu.org
@ 2020-07-10 13:47 ` jakub at gcc dot gnu.org
2020-07-10 14:13 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-07-10 13:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Reduced testcase from the other PR which is shorter:
struct S { unsigned j : 3; };
int k, l, m;
void
foo (struct S x)
{
while (l != 5)
switch (x.j)
{
case 1:
case 3:
case 4:
case 6:
case 2:
case 5:
l = m;
case 7:
case 0:
k = 0;
default:
break;
}
}
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (5 preceding siblings ...)
2020-07-10 13:47 ` jakub at gcc dot gnu.org
@ 2020-07-10 14:13 ` jakub at gcc dot gnu.org
2020-07-10 14:18 ` jakub at gcc dot gnu.org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-07-10 14:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
My understanding of the problem is that set_switch_stmt_execution_predicate
figures out that the default: is unreachable (operand is a bitfield with values
0 to 7 and there are cases for all 8) and notes that into the predicate for the
switch -> default: edge's aux, and then compute_bb_predicates iterates, but as
the 3 -> 9 predicate always resolves to false, nothing adds bb_9->aux. And
later we try to dereference that.
So, either predicates in bb->aux are optional and we should treat a missing
predicate as false predicate, or compute_bb_predicate should ensure to fill in
bb->aux even for bbs it left NULL at the end.
if (bb->aux)
bb_predicate = *(predicate *) bb->aux;
else
bb_predicate = false;
in analyze_function_body suggests that perhaps the latter is the case.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (6 preceding siblings ...)
2020-07-10 14:13 ` jakub at gcc dot gnu.org
@ 2020-07-10 14:18 ` jakub at gcc dot gnu.org
2020-07-11 13:25 ` jakub at gcc dot gnu.org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-07-10 14:18 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Created attachment 48858
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48858&action=edit
gcc11-pr96130.patch
So, my fix would be like this (untested except on the testcase so far).
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (7 preceding siblings ...)
2020-07-10 14:18 ` jakub at gcc dot gnu.org
@ 2020-07-11 13:25 ` jakub at gcc dot gnu.org
2020-07-13 16:27 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-07-11 13:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jpalus+gcc at fastmail dot com
--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
*** Bug 96165 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (8 preceding siblings ...)
2020-07-11 13:25 ` jakub at gcc dot gnu.org
@ 2020-07-13 16:27 ` cvs-commit at gcc dot gnu.org
2020-07-13 16:31 ` cvs-commit at gcc dot gnu.org
2020-07-13 16:34 ` jakub at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-07-13 16:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:776e48e0931db69f158f40e5cb8e15463d879a42
commit r11-2066-g776e48e0931db69f158f40e5cb8e15463d879a42
Author: Jakub Jelinek <jakub@redhat.com>
Date: Mon Jul 13 18:25:53 2020 +0200
ipa-fnsummary: Fix ICE with switch predicates [PR96130]
The following testcase ICEs since r10-3199.
There is a switch with default label, where the controlling expression has
range just 0..7 and there are case labels for all those 8 values, but
nothing has yet optimized away the default.
Since r10-3199, set_switch_stmt_execution_predicate sets the switch to
default label's edge's predicate to a false predicate and then
compute_bb_predicates propagates the predicates through the cfg, but false
predicates aren't really added. The caller of compute_bb_predicates
in one place handles NULL bb->aux as false predicate:
if (fbi.info)
{
if (bb->aux)
bb_predicate = *(predicate *) bb->aux;
else
bb_predicate = false;
}
else
bb_predicate = true;
but then in two further spots that the patch below is changing
it assumes bb->aux must be non-NULL. Those two spots are guarded by a
condition that is only true if fbi.info is non-NULL, so I think the right
fix is to treat NULL aux as false predicate in those spots too.
2020-07-13 Jakub Jelinek <jakub@redhat.com>
PR ipa/96130
* ipa-fnsummary.c (analyze_function_body): Treat NULL bb->aux
as false predicate.
* gcc.dg/torture/pr96130.c: New test.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (9 preceding siblings ...)
2020-07-13 16:27 ` cvs-commit at gcc dot gnu.org
@ 2020-07-13 16:31 ` cvs-commit at gcc dot gnu.org
2020-07-13 16:34 ` jakub at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-07-13 16:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
--- Comment #10 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:0d03c0ee5213703ec6d9ffa632fa5298d83adaaa
commit r10-8472-g0d03c0ee5213703ec6d9ffa632fa5298d83adaaa
Author: Jakub Jelinek <jakub@redhat.com>
Date: Mon Jul 13 18:25:53 2020 +0200
ipa-fnsummary: Fix ICE with switch predicates [PR96130]
The following testcase ICEs since r10-3199.
There is a switch with default label, where the controlling expression has
range just 0..7 and there are case labels for all those 8 values, but
nothing has yet optimized away the default.
Since r10-3199, set_switch_stmt_execution_predicate sets the switch to
default label's edge's predicate to a false predicate and then
compute_bb_predicates propagates the predicates through the cfg, but false
predicates aren't really added. The caller of compute_bb_predicates
in one place handles NULL bb->aux as false predicate:
if (fbi.info)
{
if (bb->aux)
bb_predicate = *(predicate *) bb->aux;
else
bb_predicate = false;
}
else
bb_predicate = true;
but then in two further spots that the patch below is changing
it assumes bb->aux must be non-NULL. Those two spots are guarded by a
condition that is only true if fbi.info is non-NULL, so I think the right
fix is to treat NULL aux as false predicate in those spots too.
2020-07-13 Jakub Jelinek <jakub@redhat.com>
PR ipa/96130
* ipa-fnsummary.c (analyze_function_body): Treat NULL bb->aux
as false predicate.
* gcc.dg/torture/pr96130.c: New test.
(cherry picked from commit 776e48e0931db69f158f40e5cb8e15463d879a42)
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug ipa/96130] [10/11 Regression] ICE in analyze_function_body at gcc/ipa-fnsummary.c:2769 since r10-3199-g351e7c3b5fbd45bd
2020-07-09 8:33 [Bug c/96130] New: 10.1.1: segfault during IPA pass: fnsummary manuel.lauss at googlemail dot com
` (10 preceding siblings ...)
2020-07-13 16:31 ` cvs-commit at gcc dot gnu.org
@ 2020-07-13 16:34 ` jakub at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: jakub at gcc dot gnu.org @ 2020-07-13 16:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96130
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|fxue at gcc dot gnu.org |jakub at gcc dot gnu.org
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #11 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed for 10.2 and 11.1.
^ permalink raw reply [flat|nested] 13+ messages in thread