Re: [PATCH, PR81192] Fix sigsegv in find_same_succ

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

* Re: [PATCH, PR81192] Fix sigsegv in find_same_succ_bb
       [not found] <2777d355-a59c-a87b-bb64-86cd40eab077@mentor.com>
@ 2017-07-03  6:59 ` Richard Biener
  0 siblings, 0 replies; 2+ messages in thread
From: Richard Biener @ 2017-07-03  6:59 UTC (permalink / raw)
  To: Tom de Vries; +Cc: GCC Patches

On Sun, 2 Jul 2017, Tom de Vries wrote:

> Hi,
> 
> consider this test-case:
> ...
> unsigned a;
> int b, c;
> 
> static int
> fn1 (int p1, int p2)
> {
>   return p1 > 2147483647 - p2 ? p1 : p1 + p2;
> }
> 
> void
> fn2 (void)
> {
>   int j;
>   a = 30;
>   for (; a;)
>     for (; c; b = fn1 (j, 1))
>       ;
> }
> ...
> 
> When compiling the test-case with -Os, just before tail-merge it looks as in
> before.pdf.
> 
> During tail-merge, it runs into a sigsegv.
> 
> What happens is the following:
> - tail-merge decides to merge blocks 4 and 6, and removes block 6.
> - bb8, a predecessor of block 6, is marked as member of
>   deleted_bb_preds.
> - during update_worklist, same_succ_flush_bb is called for bb8
> - same_succ_flush_bb runs into a sigsegv because
>   BB_SAME_SUCC (bb8) == NULL
> - the reason that BB_SAME_SUCC (bb8) == NULL, is because it hit the
>   bb->loop_father->latch == bb clause in find_same_succ_bb at the start
>   of the tail-merge pass.
> 
> This patch fixes the sigsegv by doing an early-out in same_succ_flush_bb if
> BB_SAME_SUCC () == NULL.
> 
> Bootstrapped and reg-tested on x86_64.
> 
> OK for trunk and gcc-[567]-branch?

Ok for trunk and branches.  Mind the gcc-6 branch is frozen right now.

Thanks,
Richard.

> Thanks,
> - Tom
> 

-- 
Richard Biener <rguenther@suse.de>
SUSE LINUX GmbH, GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH, PR81192] Fix sigsegv in find_same_succ_bb
@ 2017-07-02 22:26 Tom de Vries
  0 siblings, 0 replies; 2+ messages in thread
From: Tom de Vries @ 2017-07-02 22:26 UTC (permalink / raw)
  To: Richard Biener; +Cc: GCC Patches

[-- Attachment #1: Type: text/plain, Size: 1111 bytes --]

[ Trying again with before.svg instead of before.pdf ]

Hi,

consider this test-case:
...
unsigned a;
int b, c;

static int
fn1 (int p1, int p2)
{
   return p1 > 2147483647 - p2 ? p1 : p1 + p2;
}

void
fn2 (void)
{
   int j;
   a = 30;
   for (; a;)
     for (; c; b = fn1 (j, 1))
       ;
}
...

When compiling the test-case with -Os, just before tail-merge it looks 
as in before.svg.

During tail-merge, it runs into a sigsegv.

What happens is the following:
- tail-merge decides to merge blocks 4 and 6, and removes block 6.
- bb8, a predecessor of block 6, is marked as member of
   deleted_bb_preds.
- during update_worklist, same_succ_flush_bb is called for bb8
- same_succ_flush_bb runs into a sigsegv because
   BB_SAME_SUCC (bb8) == NULL
- the reason that BB_SAME_SUCC (bb8) == NULL, is because it hit the
   bb->loop_father->latch == bb clause in find_same_succ_bb at the start
   of the tail-merge pass.

This patch fixes the sigsegv by doing an early-out in same_succ_flush_bb 
if BB_SAME_SUCC () == NULL.

Bootstrapped and reg-tested on x86_64.

OK for trunk and gcc-[567]-branch?

Thanks,
- Tom

[-- Attachment #2: before.svg --]
[-- Type: image/svg+xml, Size: 14186 bytes --]

[-- Attachment #3: 0001-Fix-sigsegv-in-find_same_succ_bb.patch --]
[-- Type: text/x-patch, Size: 1373 bytes --]

Fix sigsegv in find_same_succ_bb

2017-06-30  Tom de Vries  <tom@codesourcery.com>

	PR tree-optimization/81192
	* tree-ssa-tail-merge.c (same_succ_flush_bb): Handle
	BB_SAME_SUCC (bb) == NULL.

	* gcc.dg/pr81192.c: New test.

---
 gcc/testsuite/gcc.dg/pr81192.c | 22 ++++++++++++++++++++++
 gcc/tree-ssa-tail-merge.c      |  3 +++
 2 files changed, 25 insertions(+)

diff --git a/gcc/testsuite/gcc.dg/pr81192.c b/gcc/testsuite/gcc.dg/pr81192.c
new file mode 100644
index 0000000..57eb478
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr81192.c
@@ -0,0 +1,22 @@
+/* { dg-options "-Os -fdump-tree-pre-details" } */
+
+unsigned a;
+int b, c;
+
+static int
+fn1 (int p1, int p2)
+{
+  return p1 > 2147483647 - p2 ? p1 : p1 + p2;
+}
+
+void
+fn2 (void)
+{
+  int j;
+  a = 30;
+  for (; a;)
+    for (; c; b = fn1 (j, 1))
+      ;
+}
+
+/* { dg-final { scan-tree-dump-times "(?n)find_duplicates: <bb .*> duplicate of <bb .*>" 1 "pre" } } */
diff --git a/gcc/tree-ssa-tail-merge.c b/gcc/tree-ssa-tail-merge.c
index f6c9878..bb8a308 100644
--- a/gcc/tree-ssa-tail-merge.c
+++ b/gcc/tree-ssa-tail-merge.c
@@ -809,6 +809,9 @@ static void
 same_succ_flush_bb (basic_block bb)
 {
   same_succ *same = BB_SAME_SUCC (bb);
+  if (! same)
+    return;
+
   BB_SAME_SUCC (bb) = NULL;
   if (bitmap_single_bit_set_p (same->bbs))
     same_succ_htab->remove_elt_with_hash (same, same->hashval);

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-07-03  6:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <2777d355-a59c-a87b-bb64-86cd40eab077@mentor.com>
2017-07-03  6:59 ` [PATCH, PR81192] Fix sigsegv in find_same_succ_bb Richard Biener
2017-07-02 22:26 Tom de Vries

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).