* [PR 88214] Check that an argument is pointer before attempting agg jf construction from it
@ 2018-12-07 14:59 Martin Jambor
2018-12-10 10:27 ` Richard Biener
0 siblings, 1 reply; 4+ messages in thread
From: Martin Jambor @ 2018-12-07 14:59 UTC (permalink / raw)
To: GCC Patches
Hi,
ICE in PR 88214 happens because a type-mismatch in K&R C code makes
IPA-CP analysis call ao_ref_init_from_ptr_and_size on an integer
SSA_NAME, this function in turn constructs a temporary MEM_REF based on
that integer SSA_NAME and then later on call_may_clobber_ref_p_1 treats
the MEM_REF base as a pointer, gets its SSA_NAME_PTR_INFO and tries to
work with bitmaps there. But because the SSA_NAME is an integer, there
is no SSA_NAME_PTR_INFO, there is range info instead and this leads to a
crash.
On a related note, would people object to adding the following assert,
which would have made this bug much more straightforward to find?
index 85a5de7..66cf2f2 100644
--- a/gcc/tree-ssa-alias.c
+++ b/gcc/tree-ssa-alias.c
@@ -710,6 +710,7 @@ ao_ref_init_from_ptr_and_size (ao_ref *ref, tree ptr, tree size)
}
else
{
+ gcc_assert (POINTER_TYPE_P (TREE_TYPE (ptr)));
ref->base = build2 (MEM_REF, char_type_node,
ptr, null_pointer_node);
ref->offset = 0;
The bug itself can be fixed with the patch below. I have verified it
avoids the ICE on powerpc64-linux and did a full bootstrap and test on
an x86_64-linux. The patch is simple enough that I believe that is good
enough.
2018-12-06 Martin Jambor <mjambor@suse.cz>
PR ipa/88214
* ipa-prop.c (determine_locally_known_aggregate_parts): Make sure
we check pointers against pointers.
testsuite/
* gcc.dg/ipa/pr88214.c: New test.
---
gcc/ipa-prop.c | 3 ++-
gcc/testsuite/gcc.dg/ipa/pr88214.c | 10 ++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
create mode 100644 gcc/testsuite/gcc.dg/ipa/pr88214.c
diff --git a/gcc/ipa-prop.c b/gcc/ipa-prop.c
index 74052350ac1..4dbe26829e3 100644
--- a/gcc/ipa-prop.c
+++ b/gcc/ipa-prop.c
@@ -1569,7 +1569,8 @@ determine_locally_known_aggregate_parts (gcall *call, tree arg,
if (TREE_CODE (arg) == SSA_NAME)
{
tree type_size;
- if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type))))
+ if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type)))
+ || !POINTER_TYPE_P (TREE_TYPE (arg)))
return;
check_ref = true;
arg_base = arg;
diff --git a/gcc/testsuite/gcc.dg/ipa/pr88214.c b/gcc/testsuite/gcc.dg/ipa/pr88214.c
new file mode 100644
index 00000000000..4daa9829e75
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ipa/pr88214.c
@@ -0,0 +1,10 @@
+/* { dg-do compile } */
+/* { dg-options "-O2" } */
+
+void i();
+ short a;
+ void b(e) char * e;
+ {
+ i();
+ b(a);
+ }
--
2.19.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR 88214] Check that an argument is pointer before attempting agg jf construction from it
2018-12-07 14:59 [PR 88214] Check that an argument is pointer before attempting agg jf construction from it Martin Jambor
@ 2018-12-10 10:27 ` Richard Biener
2018-12-20 14:21 ` Martin Jambor
2019-01-16 15:26 ` Martin Jambor
0 siblings, 2 replies; 4+ messages in thread
From: Richard Biener @ 2018-12-10 10:27 UTC (permalink / raw)
To: Martin Jambor; +Cc: GCC Patches
On Fri, Dec 7, 2018 at 3:59 PM Martin Jambor <mjambor@suse.cz> wrote:
>
> Hi,
>
> ICE in PR 88214 happens because a type-mismatch in K&R C code makes
> IPA-CP analysis call ao_ref_init_from_ptr_and_size on an integer
> SSA_NAME, this function in turn constructs a temporary MEM_REF based on
> that integer SSA_NAME and then later on call_may_clobber_ref_p_1 treats
> the MEM_REF base as a pointer, gets its SSA_NAME_PTR_INFO and tries to
> work with bitmaps there. But because the SSA_NAME is an integer, there
> is no SSA_NAME_PTR_INFO, there is range info instead and this leads to a
> crash.
>
> On a related note, would people object to adding the following assert,
> which would have made this bug much more straightforward to find?
That's fine with me.
> index 85a5de7..66cf2f2 100644
> --- a/gcc/tree-ssa-alias.c
> +++ b/gcc/tree-ssa-alias.c
> @@ -710,6 +710,7 @@ ao_ref_init_from_ptr_and_size (ao_ref *ref, tree ptr, tree size)
> }
> else
> {
> + gcc_assert (POINTER_TYPE_P (TREE_TYPE (ptr)));
> ref->base = build2 (MEM_REF, char_type_node,
> ptr, null_pointer_node);
> ref->offset = 0;
>
>
> The bug itself can be fixed with the patch below. I have verified it
> avoids the ICE on powerpc64-linux and did a full bootstrap and test on
> an x86_64-linux. The patch is simple enough that I believe that is good
> enough.
OK.
Richard.
>
> 2018-12-06 Martin Jambor <mjambor@suse.cz>
>
> PR ipa/88214
> * ipa-prop.c (determine_locally_known_aggregate_parts): Make sure
> we check pointers against pointers.
>
> testsuite/
> * gcc.dg/ipa/pr88214.c: New test.
> ---
> gcc/ipa-prop.c | 3 ++-
> gcc/testsuite/gcc.dg/ipa/pr88214.c | 10 ++++++++++
> 2 files changed, 12 insertions(+), 1 deletion(-)
> create mode 100644 gcc/testsuite/gcc.dg/ipa/pr88214.c
>
> diff --git a/gcc/ipa-prop.c b/gcc/ipa-prop.c
> index 74052350ac1..4dbe26829e3 100644
> --- a/gcc/ipa-prop.c
> +++ b/gcc/ipa-prop.c
> @@ -1569,7 +1569,8 @@ determine_locally_known_aggregate_parts (gcall *call, tree arg,
> if (TREE_CODE (arg) == SSA_NAME)
> {
> tree type_size;
> - if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type))))
> + if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type)))
> + || !POINTER_TYPE_P (TREE_TYPE (arg)))
> return;
> check_ref = true;
> arg_base = arg;
> diff --git a/gcc/testsuite/gcc.dg/ipa/pr88214.c b/gcc/testsuite/gcc.dg/ipa/pr88214.c
> new file mode 100644
> index 00000000000..4daa9829e75
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/ipa/pr88214.c
> @@ -0,0 +1,10 @@
> +/* { dg-do compile } */
> +/* { dg-options "-O2" } */
> +
> +void i();
> + short a;
> + void b(e) char * e;
> + {
> + i();
> + b(a);
> + }
> --
> 2.19.1
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR 88214] Check that an argument is pointer before attempting agg jf construction from it
2018-12-10 10:27 ` Richard Biener
@ 2018-12-20 14:21 ` Martin Jambor
2019-01-16 15:26 ` Martin Jambor
1 sibling, 0 replies; 4+ messages in thread
From: Martin Jambor @ 2018-12-20 14:21 UTC (permalink / raw)
To: GCC Patches
Hi,
On Mon, Dec 10 2018, Richard Biener wrote:
> On Fri, Dec 7, 2018 at 3:59 PM Martin Jambor <mjambor@suse.cz> wrote:
>>
...
>>
>> On a related note, would people object to adding the following assert,
>> which would have made this bug much more straightforward to find?
>
> That's fine with me.
Thanks, I have just committed the following as r267298 after
bootstrapping and testing it on x86_64-linux.
Martin
2018-12-20 Martin Jambor <mjambor@suse.cz>
PR ipa/88214
* tree-ssa-alias.c (ao_ref_init_from_ptr_and_size): Assert that
ptr is a pointer.
---
gcc/tree-ssa-alias.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gcc/tree-ssa-alias.c b/gcc/tree-ssa-alias.c
index 85a5de7ce05..66cf2f2c669 100644
--- a/gcc/tree-ssa-alias.c
+++ b/gcc/tree-ssa-alias.c
@@ -710,6 +710,7 @@ ao_ref_init_from_ptr_and_size (ao_ref *ref, tree ptr, tree size)
}
else
{
+ gcc_assert (POINTER_TYPE_P (TREE_TYPE (ptr)));
ref->base = build2 (MEM_REF, char_type_node,
ptr, null_pointer_node);
ref->offset = 0;
--
2.19.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR 88214] Check that an argument is pointer before attempting agg jf construction from it
2018-12-10 10:27 ` Richard Biener
2018-12-20 14:21 ` Martin Jambor
@ 2019-01-16 15:26 ` Martin Jambor
1 sibling, 0 replies; 4+ messages in thread
From: Martin Jambor @ 2019-01-16 15:26 UTC (permalink / raw)
To: GCC Patches
Hi,
On Mon, Dec 10 2018, Richard Biener wrote:
> On Fri, Dec 7, 2018 at 3:59 PM Martin Jambor <mjambor@suse.cz> wrote:
>>
>> Hi,
>>
>> ICE in PR 88214 happens because a type-mismatch in K&R C code makes
>> IPA-CP analysis call ao_ref_init_from_ptr_and_size on an integer
>> SSA_NAME, this function in turn constructs a temporary MEM_REF based on
>> that integer SSA_NAME and then later on call_may_clobber_ref_p_1 treats
>> the MEM_REF base as a pointer, gets its SSA_NAME_PTR_INFO and tries to
>> work with bitmaps there. But because the SSA_NAME is an integer, there
>> is no SSA_NAME_PTR_INFO, there is range info instead and this leads to a
>> crash.
>>
...
>> The bug itself can be fixed with the patch below. I have verified it
>> avoids the ICE on powerpc64-linux and did a full bootstrap and test on
>> an x86_64-linux. The patch is simple enough that I believe that is good
>> enough.
>
> OK.
>
> Richard.
I have bootstrapped the patch on gcc-8 an gcc-7 branches too and will
commit it there in a few moments too.
Thanks,
Martin
>
>>
>> 2018-12-06 Martin Jambor <mjambor@suse.cz>
>>
>> PR ipa/88214
>> * ipa-prop.c (determine_locally_known_aggregate_parts): Make sure
>> we check pointers against pointers.
>>
>> testsuite/
>> * gcc.dg/ipa/pr88214.c: New test.
>> ---
>> gcc/ipa-prop.c | 3 ++-
>> gcc/testsuite/gcc.dg/ipa/pr88214.c | 10 ++++++++++
>> 2 files changed, 12 insertions(+), 1 deletion(-)
>> create mode 100644 gcc/testsuite/gcc.dg/ipa/pr88214.c
>>
>> diff --git a/gcc/ipa-prop.c b/gcc/ipa-prop.c
>> index 74052350ac1..4dbe26829e3 100644
>> --- a/gcc/ipa-prop.c
>> +++ b/gcc/ipa-prop.c
>> @@ -1569,7 +1569,8 @@ determine_locally_known_aggregate_parts (gcall *call, tree arg,
>> if (TREE_CODE (arg) == SSA_NAME)
>> {
>> tree type_size;
>> - if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type))))
>> + if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type)))
>> + || !POINTER_TYPE_P (TREE_TYPE (arg)))
>> return;
>> check_ref = true;
>> arg_base = arg;
>> diff --git a/gcc/testsuite/gcc.dg/ipa/pr88214.c b/gcc/testsuite/gcc.dg/ipa/pr88214.c
>> new file mode 100644
>> index 00000000000..4daa9829e75
>> --- /dev/null
>> +++ b/gcc/testsuite/gcc.dg/ipa/pr88214.c
>> @@ -0,0 +1,10 @@
>> +/* { dg-do compile } */
>> +/* { dg-options "-O2" } */
>> +
>> +void i();
>> + short a;
>> + void b(e) char * e;
>> + {
>> + i();
>> + b(a);
>> + }
>> --
>> 2.19.1
>>
>>
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-01-16 15:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-07 14:59 [PR 88214] Check that an argument is pointer before attempting agg jf construction from it Martin Jambor
2018-12-10 10:27 ` Richard Biener
2018-12-20 14:21 ` Martin Jambor
2019-01-16 15:26 ` Martin Jambor
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).