public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug target/97054] New: [r10-3559 Regression] Runtime segfault with attached test code
@ 2020-09-15 4:07 skpgkp2 at gmail dot com
2020-09-15 4:32 ` [Bug target/97054] " hjl.tools at gmail dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: skpgkp2 at gmail dot com @ 2020-09-15 4:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97054
Bug ID: 97054
Summary: [r10-3559 Regression] Runtime segfault with attached
test code
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: skpgkp2 at gmail dot com
CC: crazylht at gmail dot com, hjl.tools at gmail dot com
Target Milestone: ---
Created attachment 49218
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49218&action=edit
reproducer test case.
Test case attached.
How to reproduce:
$g++ -fno-strict-aliasing -msse4.2 -mfpmath=sse -gdwarf-2 -Wall
-Wwrite-strings -fPIC -Wformat-security -fstack-protector-strong -O2
-Wfatal-errors -Wformat -Werror -Wundef repro.cc && ./a.out
Segmentation fault (core dumped)
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /local/skpandey/gccwork/toolwork/a.out
Program received signal SIGSEGV, Segmentation fault.
0x00000000004011b0 in p2_ep_REBIND_IPC () at repro.cc:55
55 cur_pro->pc_RIP.i64 = code_lin_to_log(cur_pro,
int2linaddr(cur_pro, ipc));
(gdb) disass
Dump of assembler code for function p2_ep_REBIND_IPC():
0x0000000000401180 <+0>: push %r15
0x0000000000401182 <+2>: push %r12
0x0000000000401184 <+4>: mov %rbp,%r12
0x0000000000401187 <+7>: mov %r12,%rdi
0x000000000040118a <+10>: sub $0x18,%rsp
0x000000000040118e <+14>: mov $0x4040a0,%r15
0x0000000000401195 <+21>: mov 0x10(%rbp),%rbp
0x0000000000401199 <+25>: mov (%r15),%rsi
0x000000000040119c <+28>: mov %rbp,0x8(%rsp)
0x00000000004011a1 <+33>: mov %rsi,0x30(%r12)
0x00000000004011a6 <+38>: mov %rsi,0x8(%r12)
0x00000000004011ab <+43>: callq 0x401150 <int2linaddr(processor_t*,
p2_icode_t const*)>
=> 0x00000000004011b0 <+48>: movq $0x0,0x10(%rbp)
0x00000000004011b8 <+56>: mov %rbp,%rdi
0x00000000004011bb <+59>: callq 0x401160 <turbo_clear(processor*)>
0x00000000004011c0 <+64>: mov %rbp,%rdi
0x00000000004011c3 <+67>: mov 0x8(%rsp),%rbp
0x00000000004011c8 <+72>: mov %rbp,%rsi
0x00000000004011cb <+75>: callq 0x401170
<x86_log_to_icode_exec(processor_t*, la_t)>
0x00000000004011d0 <+80>: addq $0x4,(%r15)
0x00000000004011d4 <+84>: xor %edx,%edx
0x00000000004011d6 <+86>: mov %rax,0x30(%r12)
0x00000000004011db <+91>: subl $0x1,0x4(%rbp)
0x00000000004011df <+95>: mov 0x4(%rbp),%eax
0x00000000004011e2 <+98>: test %eax,%eax
0x00000000004011e4 <+100>: movsbl 0x0(%rbp),%eax
0x00000000004011e8 <+104>: setle %dl
0x00000000004011eb <+107>: or %eax,%edx
0x00000000004011ed <+109>: jne 0x4011f5 <p2_ep_REBIND_IPC()+117>
0x00000000004011ef <+111>: mov (%r15),%rax
0x00000000004011f2 <+114>: mov (%rax),%r13d
0x00000000004011f5 <+117>: add $0x18,%rsp
0x00000000004011f9 <+121>: xor %eax,%eax
0x00000000004011fb <+123>: pop %r12
0x00000000004011fd <+125>: pop %r15
0x00000000004011ff <+127>: retq
End of assembler dump.
Configured with: ../../gcc/configure
--prefix=/local/skpandey/gccwork/toolwork/gcc-bisect-master/master/r10-3559/usr
--enable-clocale=gnu --with-system-zlib --with-demangler-in-ld
--with-fpmath=sse --disable-libsanitizer --enable-languages=c,c++,fortran
--enable-cet --without-isl --enable-libmpx --disable-bootstrap
1bcb4c4faa4bd6b1c917c75b100d618faf9e628c is the first bad commit
commit 1bcb4c4faa4bd6b1c917c75b100d618faf9e628c
Author: Richard Sandiford <richard.sandiford@arm.com>
Date: Wed Oct 2 07:37:10 2019 +0000
[LRA] Don't make eliminable registers live (PR91957)
One effect of https://gcc.gnu.org/ml/gcc-patches/2019-09/msg00802.html
was to strengthen the sanity check in lra_assigns so that it checks
whether reg_renumber is consistent with the whole conflict set.
This duly tripped on csky for a pseudo that had been allocated
to the eliminated frame pointer. (csky doesn't have a separate
hard frame pointer.)
lra-lives uses:
/* Set of hard regs (except eliminable ones) currently live. */
static HARD_REG_SET hard_regs_live;
to track the set of live directly-referenced hard registers, and it
correctly implements the exclusion when setting up the initial set:
hard_regs_live &= ~eliminable_regset;
But later calls to make_hard_regno_live and make_hard_regno_dead
would process eliminable registers like other registers, recording
conflicts for them and potentially making them live. (Note that
after r266086, make_hard_regno_dead adds conflicts for registers
that are already marked dead.) I think this would have had the
effect of pessimising targets without a separate hard frame pointer.
2019-10-02 Richard Sandiford <richard.sandiford@arm.com>
gcc/
PR middle-end/91957
* lra-lives.c (make_hard_regno_dead): Don't record conflicts for
eliminable registers.
(make_hard_regno_live): Likewise, and don't make them live.
From-SVN: r276440
gcc/ChangeLog | 7 +++++++
gcc/lra-lives.c | 6 +++++-
2 files changed, 12 insertions(+), 1 deletion(-)
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-09-29 14:14 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-15 4:07 [Bug target/97054] New: [r10-3559 Regression] Runtime segfault with attached test code skpgkp2 at gmail dot com
2020-09-15 4:32 ` [Bug target/97054] " hjl.tools at gmail dot com
2020-09-15 11:35 ` [Bug middle-end/97054] [10/11 Regression] Runtime segfault with attached test code since r10-3559 hjl.tools at gmail dot com
2020-09-15 13:26 ` hjl.tools at gmail dot com
2020-09-18 17:14 ` hjl.tools at gmail dot com
2020-09-29 14:14 ` hjl.tools at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).