public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug target/98491] New: [MIPS] ICE: in mode_size_inline, with -mmsa
@ 2020-12-31 22:58 xry111 at mengyan1223 dot wang
2020-12-31 23:01 ` [Bug target/98491] " xry111 at mengyan1223 dot wang
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: xry111 at mengyan1223 dot wang @ 2020-12-31 22:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98491
Bug ID: 98491
Summary: [MIPS] ICE: in mode_size_inline, with -mmsa
Product: gcc
Version: 10.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: xry111 at mengyan1223 dot wang
Target Milestone: ---
I'm building a system with Linux From Scratch approach on a Loongson-3A4000
(mips64el, with MSA support). I tried to build GCC-10.2.0 but it crashes
building other packages, with `-mmsa`.
I investigated a little and it shown a simple program could trigger the ICE:
$ cat bug.c
void foo()
{
double x = 1.0;
}
$ cc bug.c -c
bug.c:3:10: internal compiler error: in mode_size_inline, at
./insn-modes-inline.h:18
The problem is pinpointed at gcc/config/mips/mips.c line 2895:
return mips_symbol_insns (symbol_type, MAX_MACHINE_MODE);
In mips_symbol_insns:
if (MSA_SUPPORTED_MODE_P (mode))
return 0;
MSA_SUPPORTED_MODE_P is defined as:
#define MSA_SUPPORTED_MODE_P(MODE) \
(ISA_HAS_MSA \
&& GET_MODE_SIZE (MODE) == UNITS_PER_MSA_REG \
&& (GET_MODE_CLASS (MODE) == MODE_VECTOR_INT \
|| GET_MODE_CLASS (MODE) == MODE_VECTOR_FLOAT))
When -mmsa is used, ISA_HAS_MSA is expanded to `true`. And GET_MODE_SIZE is
expanded to a call to mode_to_bytes, which is defined:
ALWAYS_INLINE poly_uint16
mode_to_bytes (machine_mode mode)
{
#if GCC_VERSION >= 4001
return (__builtin_constant_p (mode)
? mode_size_inline (mode) : mode_size[mode]);
#else
return mode_size[mode];
#endif
}
Here `mode` is MAX_MACHINE_MODE, which equals to NUM_MACHINE_MODES, the size of
array `mode_size`. And, there is an assertion in mode_size_inline:
gcc_assert (mode >= 0 && mode < NUM_MACHINE_MODES);
So, if __builtin_constant_p is evaluated `true`, the assertion will be
triggered. Otherwise, we have an out-of-bound array access. Anyway it is
wrong.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug target/98491] [MIPS] ICE: in mode_size_inline, with -mmsa
2020-12-31 22:58 [Bug target/98491] New: [MIPS] ICE: in mode_size_inline, with -mmsa xry111 at mengyan1223 dot wang
@ 2020-12-31 23:01 ` xry111 at mengyan1223 dot wang
2020-12-31 23:30 ` xry111 at mengyan1223 dot wang
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: xry111 at mengyan1223 dot wang @ 2020-12-31 23:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98491
--- Comment #1 from Xi Ruoyao <xry111 at mengyan1223 dot wang> ---
It can be reproduced with a cross build on x86_64-linux, with asan:
$ ../gcc/configure --target=mips64el-unknown-linux-gnuabi64 --with-abi=64
--enable-languages=c,c++ --with-system-zlib
(build log skipped)
$ ASAN_OPTIONS=detect_leaks=0:use_odr_indicator=1 make all-gcc
{C,CXX,LD}FLAGS="-O0 -g3 -ggdb -fsanitize=address -static-libasan" -j 4
(build log skipped)
$ gcc/cc1 ~/bug.c -nostdinc -mmsa
f
Analyzing compilation unit
Performing interprocedural optimizations
<*free_lang_data> {heap 0 } <visibility> {heap 0 } <build_ssa_passes> {heap 0
} <opt_local_passes> {heap 0 } <remove_symbols> {heap 0 } <targetclone> {heap 0
} <free-fnsummary> {heap 0 }Streaming LTO
<whole-program> {heap 0 } <fnsummary> {heap 0 } <inline> {heap 0 } <modref>
{heap 0 } <free-fnsummary> {heap 0 } <single-use> {heap 0 } <comdats> {heap 0
}Assembling functions:
f=================================================================
==257274==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00000521e70a at pc 0x000002c535c1 bp 0x7ffc1ac50930 sp 0x7ffc1ac50928
READ of size 2 at 0x00000521e70a thread T0
#0 0x2c535c0 in mode_to_bytes(machine_mode) ../../gcc/gcc/machmode.h:550
#1 0x2c535c0 in mips_symbol_insns ../../gcc/gcc/config/mips/mips.c:2384
#2 0x2c591fc in mips_const_insns(rtx_def*)
../../gcc/gcc/config/mips/mips.c:2895
(more asan output skipped)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug target/98491] [MIPS] ICE: in mode_size_inline, with -mmsa
2020-12-31 22:58 [Bug target/98491] New: [MIPS] ICE: in mode_size_inline, with -mmsa xry111 at mengyan1223 dot wang
2020-12-31 23:01 ` [Bug target/98491] " xry111 at mengyan1223 dot wang
@ 2020-12-31 23:30 ` xry111 at mengyan1223 dot wang
2021-02-17 11:57 ` cvs-commit at gcc dot gnu.org
2024-02-05 11:44 ` xry111 at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: xry111 at mengyan1223 dot wang @ 2020-12-31 23:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98491
--- Comment #2 from Xi Ruoyao <xry111 at mengyan1223 dot wang> ---
Patch proposed:
https://gcc.gnu.org/pipermail/gcc-patches/2020-December/562629.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug target/98491] [MIPS] ICE: in mode_size_inline, with -mmsa
2020-12-31 22:58 [Bug target/98491] New: [MIPS] ICE: in mode_size_inline, with -mmsa xry111 at mengyan1223 dot wang
2020-12-31 23:01 ` [Bug target/98491] " xry111 at mengyan1223 dot wang
2020-12-31 23:30 ` xry111 at mengyan1223 dot wang
@ 2021-02-17 11:57 ` cvs-commit at gcc dot gnu.org
2024-02-05 11:44 ` xry111 at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-02-17 11:57 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98491
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Richard Sandiford <rsandifo@gcc.gnu.org>:
https://gcc.gnu.org/g:06505e701dcfdb1b9855601d6cf0aa1caea62975
commit r11-7264-g06505e701dcfdb1b9855601d6cf0aa1caea62975
Author: Xi Ruoyao <xry111@mengyan1223.wang>
Date: Wed Feb 17 11:57:13 2021 +0000
mips: Avoid out-of-bounds access in mips_symbol_insns [PR98491]
An invalid use of MSA_SUPPORTED_MODE_P was causing an ICE on
mips64el with -mmsa. The detailed analysis is posted on bugzilla.
gcc/ChangeLog:
2021-02-17 Xi Ruoyao <xry111@mengyan1223.wang>
PR target/98491
* config/mips/mips.c (mips_symbol_insns): Do not use
MSA_SUPPORTED_MODE_P if mode is MAX_MACHINE_MODE.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug target/98491] [MIPS] ICE: in mode_size_inline, with -mmsa
2020-12-31 22:58 [Bug target/98491] New: [MIPS] ICE: in mode_size_inline, with -mmsa xry111 at mengyan1223 dot wang
` (2 preceding siblings ...)
2021-02-17 11:57 ` cvs-commit at gcc dot gnu.org
@ 2024-02-05 11:44 ` xry111 at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: xry111 at gcc dot gnu.org @ 2024-02-05 11:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98491
Xi Ruoyao <xry111 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Target Milestone|--- |11.0
Status|UNCONFIRMED |RESOLVED
--- Comment #4 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
All unfixed branches are closed.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-02-05 11:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-31 22:58 [Bug target/98491] New: [MIPS] ICE: in mode_size_inline, with -mmsa xry111 at mengyan1223 dot wang
2020-12-31 23:01 ` [Bug target/98491] " xry111 at mengyan1223 dot wang
2020-12-31 23:30 ` xry111 at mengyan1223 dot wang
2021-02-17 11:57 ` cvs-commit at gcc dot gnu.org
2024-02-05 11:44 ` xry111 at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).