* [Bug tree-optimization/96820] ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358)
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
@ 2020-08-27 15:33 ` cnsun at uwaterloo dot ca
2020-08-28 6:16 ` rguenth at gcc dot gnu.org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: cnsun at uwaterloo dot ca @ 2020-08-27 15:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
--- Comment #1 from cnsun at uwaterloo dot ca <cnsun at uwaterloo dot ca> ---
Not sure if this is a dup to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96730
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/96820] ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358)
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
2020-08-27 15:33 ` [Bug tree-optimization/96820] " cnsun at uwaterloo dot ca
@ 2020-08-28 6:16 ` rguenth at gcc dot gnu.org
2020-08-28 7:26 ` marxin at gcc dot gnu.org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu.org @ 2020-08-28 6:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|unknown |11.0
CC| |jamborm at gcc dot gnu.org
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
the large indices seem to suggest so, but let's ask Martin
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/96820] ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358)
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
2020-08-27 15:33 ` [Bug tree-optimization/96820] " cnsun at uwaterloo dot ca
2020-08-28 6:16 ` rguenth at gcc dot gnu.org
@ 2020-08-28 7:26 ` marxin at gcc dot gnu.org
2020-08-28 7:33 ` marxin at gcc dot gnu.org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-08-28 7:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
CC| |marxin at gcc dot gnu.org
Last reconfirmed| |2020-08-28
--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
Fails due to:
#1 0x0000000000e6602c in verify_sra_access_forest (root=0x262cc80) at
/home/marxin/Programming/gcc/gcc/tree-sra.c:2358
2358 gcc_assert (offset == access->offset);
(gdb) p offset
$1 = -386657941920
(gdb) p access->offset
$2 = 437975778912
which must be some overflow?
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/96820] ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358)
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
` (2 preceding siblings ...)
2020-08-28 7:26 ` marxin at gcc dot gnu.org
@ 2020-08-28 7:33 ` marxin at gcc dot gnu.org
2020-08-28 10:27 ` jamborm at gcc dot gnu.org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: marxin at gcc dot gnu.org @ 2020-08-28 7:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
--- Comment #4 from Martin Liška <marxin at gcc dot gnu.org> ---
Where first bad value is 1840700270.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/96820] ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358)
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
` (3 preceding siblings ...)
2020-08-28 7:33 ` marxin at gcc dot gnu.org
@ 2020-08-28 10:27 ` jamborm at gcc dot gnu.org
2020-08-30 14:31 ` [Bug tree-optimization/96820] ICE in verify_sra_access_forest with array and out of bounds reference jamborm at gcc dot gnu.org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jamborm at gcc dot gnu.org @ 2020-08-28 10:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
--- Comment #5 from Martin Jambor <jamborm at gcc dot gnu.org> ---
(In reply to Chengnian Sun from comment #1)
> Not sure if this is a dup to
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96730
No, this time it's build_user_friendly_ref_for_offset turning a nonsensical
expression into a different nonsensical expression. Anyway, mine.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/96820] ICE in verify_sra_access_forest with array and out of bounds reference
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
` (4 preceding siblings ...)
2020-08-28 10:27 ` jamborm at gcc dot gnu.org
@ 2020-08-30 14:31 ` jamborm at gcc dot gnu.org
2020-09-03 20:51 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jamborm at gcc dot gnu.org @ 2020-08-30 14:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
Martin Jambor <jamborm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |jamborm at gcc dot gnu.org
--- Comment #6 from Martin Jambor <jamborm at gcc dot gnu.org> ---
I proposed a fix on the mailing list:
https://gcc.gnu.org/pipermail/gcc-patches/2020-August/552900.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/96820] ICE in verify_sra_access_forest with array and out of bounds reference
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
` (5 preceding siblings ...)
2020-08-30 14:31 ` [Bug tree-optimization/96820] ICE in verify_sra_access_forest with array and out of bounds reference jamborm at gcc dot gnu.org
@ 2020-09-03 20:51 ` cvs-commit at gcc dot gnu.org
2020-09-04 12:32 ` cvs-commit at gcc dot gnu.org
2020-09-04 12:32 ` jamborm at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-09-03 20:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Jambor <jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:8ad3fc6ca46c603d9c3efe8e6d4a8f2ff1a893a4
commit r11-3003-g8ad3fc6ca46c603d9c3efe8e6d4a8f2ff1a893a4
Author: Martin Jambor <mjambor@suse.cz>
Date: Thu Sep 3 22:43:49 2020 +0200
sra: Avoid SRAing if there is an aout-of-bounds access (PR 96820)
The testcase causes and ICE in the SRA verifier on x86_64 when
compiling with -m32 because build_user_friendly_ref_for_offset looks
at an out-of-bounds array_ref within an array_ref which accesses an
offset which does not fit into a signed 32bit integer and turns it
into an array-ref with a negative index.
The best thing is probably to bail out early when encountering an out
of bounds access to a local stack-allocated aggregate (and let the DSE
just delete such statements) which is what the patch does.
I also glanced over to the initial candidate vetting routine to make
sure the size would fit into HWI and noticed that it uses unsigned
variants whereas the rest of SRA operates on signed offsets and
sizes (because get_ref_and_extent does) and so changed that for the
sake of consistency. These ancient checks operate on sizes of types
as opposed to DECLs but I hope that any issues potentially arising
from that are basically hypothetical.
gcc/ChangeLog:
2020-08-28 Martin Jambor <mjambor@suse.cz>
PR tree-optimization/96820
* tree-sra.c (create_access): Disqualify candidates with accesses
beyond the end of the original aggregate.
(maybe_add_sra_candidate): Check that candidate type size fits
signed uhwi for the sake of consistency.
gcc/testsuite/ChangeLog:
2020-08-28 Martin Jambor <mjambor@suse.cz>
PR tree-optimization/96820
* gcc.dg/tree-ssa/pr96820.c: New test.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/96820] ICE in verify_sra_access_forest with array and out of bounds reference
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
` (6 preceding siblings ...)
2020-09-03 20:51 ` cvs-commit at gcc dot gnu.org
@ 2020-09-04 12:32 ` cvs-commit at gcc dot gnu.org
2020-09-04 12:32 ` jamborm at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-09-04 12:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Martin Jambor
<jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:75f5776b3fc4dad7453f8b9cf1690bd2ad628991
commit r10-8709-g75f5776b3fc4dad7453f8b9cf1690bd2ad628991
Author: Martin Jambor <mjambor@suse.cz>
Date: Fri Sep 4 14:31:16 2020 +0200
sra: Avoid SRAing if there is an aout-of-bounds access (PR 96820)
The testcase causes and ICE in the SRA verifier on x86_64 when
compiling with -m32 because build_user_friendly_ref_for_offset looks
at an out-of-bounds array_ref within an array_ref which accesses an
offset which does not fit into a signed 32bit integer and turns it
into an array-ref with a negative index.
The best thing is probably to bail out early when encountering an out
of bounds access to a local stack-allocated aggregate (and let the DSE
just delete such statements) which is what the patch does.
I also glanced over to the initial candidate vetting routine to make
sure the size would fit into HWI and noticed that it uses unsigned
variants whereas the rest of SRA operates on signed offsets and
sizes (because get_ref_and_extent does) and so changed that for the
sake of consistency. These ancient checks operate on sizes of types
as opposed to DECLs but I hope that any issues potentially arising
from that are basically hypothetical.
gcc/ChangeLog:
2020-08-28 Martin Jambor <mjambor@suse.cz>
PR tree-optimization/96820
* tree-sra.c (create_access): Disqualify candidates with accesses
beyond the end of the original aggregate.
(maybe_add_sra_candidate): Check that candidate type size fits
signed uhwi for the sake of consistency.
gcc/testsuite/ChangeLog:
2020-08-28 Martin Jambor <mjambor@suse.cz>
PR tree-optimization/96820
* gcc.dg/tree-ssa/pr96820.c: New test.
(cherry picked from commit 8ad3fc6ca46c603d9c3efe8e6d4a8f2ff1a893a4)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug tree-optimization/96820] ICE in verify_sra_access_forest with array and out of bounds reference
2020-08-27 15:28 [Bug tree-optimization/96820] New: ICE on x86_64-linux-gnu with `-m32` and from `-O0` to `-O3` (internal compiler error: in verify_sra_access_forest, at tree-sra.c:2358) cnsun at uwaterloo dot ca
` (7 preceding siblings ...)
2020-09-04 12:32 ` cvs-commit at gcc dot gnu.org
@ 2020-09-04 12:32 ` jamborm at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: jamborm at gcc dot gnu.org @ 2020-09-04 12:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96820
Martin Jambor <jamborm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #9 from Martin Jambor <jamborm at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 10+ messages in thread