From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 24AA3396EC9A; Tue, 15 Sep 2020 04:07:41 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 24AA3396EC9A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
 s=default; t=1600142861;
 bh=YeF6nzoVSRl6bbwTNe64nqY0tzwsXaXPdY+vqKAxhU4=;
 h=From:To:Subject:Date:From;
 b=F1ugnxTbMV2queuVGIyMmCWgms+rDyIxq5cC34CECKWvTRCG/qdRieFMoedxrIeyr
 k0Kva6qk1SpIqcoIoQwyY+16xD3JU8Fs8qJ5DFIBrIvRPdIz4pz9wnIs/jTfJGb1sL
 LAckPC5wlxmtfhwyUKK2W4CXKVWISe7E8NBOPOkQ=
From: "skpgkp2 at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/97054] New: [r10-3559 Regression] Runtime segfault with
 attached test code
Date: Tue, 15 Sep 2020 04:07:40 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: target
X-Bugzilla-Version: 11.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: skpgkp2 at gmail dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter cc target_milestone
 attachments.created
Message-ID: <bug-97054-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 04:07:41 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D97054

            Bug ID: 97054
           Summary: [r10-3559 Regression] Runtime segfault with attached
                    test code
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: skpgkp2 at gmail dot com
                CC: crazylht at gmail dot com, hjl.tools at gmail dot com
  Target Milestone: ---

Created attachment 49218
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D49218&action=3Dedit
reproducer test case.

Test case attached.

How to reproduce:

$g++ -fno-strict-aliasing -msse4.2 -mfpmath=3Dsse  -gdwarf-2 -Wall
-Wwrite-strings -fPIC -Wformat-security -fstack-protector-strong -O2
-Wfatal-errors  -Wformat -Werror -Wundef  repro.cc && ./a.out
Segmentation fault (core dumped)

(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /local/skpandey/gccwork/toolwork/a.out=20

Program received signal SIGSEGV, Segmentation fault.
0x00000000004011b0 in p2_ep_REBIND_IPC () at repro.cc:55
55              cur_pro->pc_RIP.i64 =3D code_lin_to_log(cur_pro,
int2linaddr(cur_pro, ipc));
(gdb) disass
Dump of assembler code for function p2_ep_REBIND_IPC():
   0x0000000000401180 <+0>:     push   %r15
   0x0000000000401182 <+2>:     push   %r12
   0x0000000000401184 <+4>:     mov    %rbp,%r12
   0x0000000000401187 <+7>:     mov    %r12,%rdi
   0x000000000040118a <+10>:    sub    $0x18,%rsp
   0x000000000040118e <+14>:    mov    $0x4040a0,%r15
   0x0000000000401195 <+21>:    mov    0x10(%rbp),%rbp
   0x0000000000401199 <+25>:    mov    (%r15),%rsi
   0x000000000040119c <+28>:    mov    %rbp,0x8(%rsp)
   0x00000000004011a1 <+33>:    mov    %rsi,0x30(%r12)
   0x00000000004011a6 <+38>:    mov    %rsi,0x8(%r12)
   0x00000000004011ab <+43>:    callq  0x401150 <int2linaddr(processor_t*,
p2_icode_t const*)>
=3D> 0x00000000004011b0 <+48>:    movq   $0x0,0x10(%rbp)
   0x00000000004011b8 <+56>:    mov    %rbp,%rdi
   0x00000000004011bb <+59>:    callq  0x401160 <turbo_clear(processor*)>
   0x00000000004011c0 <+64>:    mov    %rbp,%rdi
   0x00000000004011c3 <+67>:    mov    0x8(%rsp),%rbp
   0x00000000004011c8 <+72>:    mov    %rbp,%rsi
   0x00000000004011cb <+75>:    callq  0x401170
<x86_log_to_icode_exec(processor_t*, la_t)>
   0x00000000004011d0 <+80>:    addq   $0x4,(%r15)
   0x00000000004011d4 <+84>:    xor    %edx,%edx
   0x00000000004011d6 <+86>:    mov    %rax,0x30(%r12)
   0x00000000004011db <+91>:    subl   $0x1,0x4(%rbp)
   0x00000000004011df <+95>:    mov    0x4(%rbp),%eax
   0x00000000004011e2 <+98>:    test   %eax,%eax
   0x00000000004011e4 <+100>:   movsbl 0x0(%rbp),%eax
   0x00000000004011e8 <+104>:   setle  %dl
   0x00000000004011eb <+107>:   or     %eax,%edx
   0x00000000004011ed <+109>:   jne    0x4011f5 <p2_ep_REBIND_IPC()+117>
   0x00000000004011ef <+111>:   mov    (%r15),%rax
   0x00000000004011f2 <+114>:   mov    (%rax),%r13d
   0x00000000004011f5 <+117>:   add    $0x18,%rsp
   0x00000000004011f9 <+121>:   xor    %eax,%eax
   0x00000000004011fb <+123>:   pop    %r12
   0x00000000004011fd <+125>:   pop    %r15
   0x00000000004011ff <+127>:   retq=20=20=20
End of assembler dump.



Configured with: ../../gcc/configure
--prefix=3D/local/skpandey/gccwork/toolwork/gcc-bisect-master/master/r10-35=
59/usr
--enable-clocale=3Dgnu --with-system-zlib --with-demangler-in-ld
--with-fpmath=3Dsse --disable-libsanitizer --enable-languages=3Dc,c++,fortr=
an
--enable-cet --without-isl --enable-libmpx --disable-bootstrap

1bcb4c4faa4bd6b1c917c75b100d618faf9e628c is the first bad commit
commit 1bcb4c4faa4bd6b1c917c75b100d618faf9e628c
Author: Richard Sandiford <richard.sandiford@arm.com>
Date:   Wed Oct 2 07:37:10 2019 +0000

    [LRA] Don't make eliminable registers live (PR91957)

    One effect of https://gcc.gnu.org/ml/gcc-patches/2019-09/msg00802.html
    was to strengthen the sanity check in lra_assigns so that it checks
    whether reg_renumber is consistent with the whole conflict set.
    This duly tripped on csky for a pseudo that had been allocated
    to the eliminated frame pointer.  (csky doesn't have a separate
    hard frame pointer.)

    lra-lives uses:

    /* Set of hard regs (except eliminable ones) currently live.  */
    static HARD_REG_SET hard_regs_live;

    to track the set of live directly-referenced hard registers, and it
    correctly implements the exclusion when setting up the initial set:

      hard_regs_live &=3D ~eliminable_regset;

    But later calls to make_hard_regno_live and make_hard_regno_dead
    would process eliminable registers like other registers, recording
    conflicts for them and potentially making them live.  (Note that
    after r266086, make_hard_regno_dead adds conflicts for registers
    that are already marked dead.)  I think this would have had the
    effect of pessimising targets without a separate hard frame pointer.

    2019-10-02  Richard Sandiford  <richard.sandiford@arm.com>

    gcc/
            PR middle-end/91957
            * lra-lives.c (make_hard_regno_dead): Don't record conflicts for
            eliminable registers.
            (make_hard_regno_live): Likewise, and don't make them live.

    From-SVN: r276440

 gcc/ChangeLog   | 7 +++++++
 gcc/lra-lives.c | 6 +++++-
 2 files changed, 12 insertions(+), 1 deletion(-)=