On Linux/Intel64, I got /export/build/gnu/gcc/build-x86_64-linux/gcc/xgcc -B/export/build/gnu/gcc/build-x86_64-linux/gcc/ /net/gnu-13/export/gnu/src/gcc/gcc/gcc/testsuite/gcc.dg/struct/wo_prof_malloc_size_var.c -O3 -fipa-struct-reorg -fdump-ipa-all -fwhole-program -combine -fipa-type-escape -fno-show-column -lm -o ./wo_prof_malloc_size_var.exe (timeout = 300) /net/gnu-13/export/gnu/src/gcc/gcc/gcc/testsuite/gcc.dg/struct/wo_prof_malloc_size_var.c:32: internal compiler error: Segmentation fault^M Please submit a full bug report,^M with preprocessed source if appropriate.^M See <http://gcc.gnu.org/bugs.html> for instructions.^M compiler exited with status 1
Unfortunately I cannot reproduce this failure on x86_64-linux system I have, so I'll highly appreciate your help in debugging it. If you could please comment out the following line from wo_prof_malloc_size_var.c file: /* { dg-final { cleanup-ipa-dump "*" } } */ run the struct-reorg.exp, and send me all dumps generated, i.e. wo_prof_malloc_size_var.c.* files, it would be really great. thank you, Olga
Created attachment 14786 [details] Dump files. Here are dump files. I think there may be some memory corruptions: GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072 Compiler executable checksum: f98be6b5bc4201f3bb3844a43442bc6b Program received signal SIGSEGV, Segmentation fault. 0x000000000080ae61 in safe_cond_expr_check (slot=0x10384c0, data=0x7fbffff254) at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/ipa-struct-reorg.c:3081 3081 if (TREE_CODE (acc->stmt) == COND_EXPR) (gdb) list 3076 static int 3077 safe_cond_expr_check (void **slot, void *data) 3078 { 3079 struct access_site *acc = *(struct access_site **) slot; 3080 3081 if (TREE_CODE (acc->stmt) == COND_EXPR) 3082 { 3083 if (!is_safe_cond_expr (acc->stmt)) 3084 { 3085 if (dump_file) (gdb) p acc $1 = (struct access_site *) 0x70 (gdb) bt #0 0x000000000080ae61 in safe_cond_expr_check (slot=0x10384c0, data=0x7fbffff254) at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/ipa-struct-reorg.c:3081 #1 0x0000000000ab5c8c in htab_traverse_noresize (htab=0x103fba0, callback=0x80ae42 <safe_cond_expr_check>, info=0x7fbffff254) at /net/gnu-13/export/gnu/src/gcc/gcc/libiberty/hashtab.c:750 #2 0x0000000000ab5cfb in htab_traverse (htab=0x103fba0, callback=0x80ae42 <safe_cond_expr_check>, info=0x7fbffff254) at /net/gnu-13/export/gnu/src/gcc/gcc/libiberty/hashtab.c:765 #3 0x000000000080bd49 in check_cond_exprs () at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/ipa-struct-reorg.c:3547 #4 0x000000000080c535 in collect_data_accesses () at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/ipa-struct-reorg.c:3830 #5 0x000000000080c71a in reorg_structs () at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/ipa-struct-reorg.c:3944 #6 0x000000000080c739 in reorg_structs_drive () at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/ipa-struct-reorg.c:3967 #7 0x00000000005e2530 in execute_one_pass (pass=0xf307a0) at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/passes.c:1118 #8 0x00000000005e26ef in execute_ipa_pass_list (pass=0xf307a0) at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/passes.c:1187 #9 0x00000000007fa210 in ipa_passes () at /net/gnu-13/export/gnu/src/gcc/gcc/gcc/cgraphunit.c:1339 BTW, I configured gcc with --enable-checking=assert.
Valgrind reports: ==20091== Invalid read of size 8 ==20091== at 0x964769: htab_traverse_noresize (hashtab.c:749) ==20091== by 0x747B6B: reorg_structs_drive (ipa-struct-reorg.c:3547) ==20091== by 0x584BF1: execute_one_pass (passes.c:1118) ==20091== by 0x5850B3: execute_ipa_pass_list (passes.c:1187) ==20091== by 0x73ADAD: cgraph_optimize (cgraphunit.c:1339) ==20091== by 0x410AAA: c_write_global_declarations (c-decl.c:8077) ==20091== by 0x5FA23B: toplev_main (toplev.c:1055) ==20091== by 0x39A0A1DAB3: (below main) (in /lib64/libc-2.6.so) ==20091== Address 0x8E70F68 is 24 bytes inside a block of size 104 free'd ==20091== at 0x4A055AB: free (vg_replace_malloc.c:233) ==20091== by 0x964F85: htab_expand (hashtab.c:550) ==20091== by 0x965002: htab_traverse (hashtab.c:763) ==20091== by 0x743D33: free_data_struct (ipa-struct-reorg.c:1674) ==20091== by 0x743E0D: remove_structure (ipa-struct-reorg.c:2353) ==20091== by 0x743F0A: safe_cond_expr_check (ipa-struct-reorg.c:3090) ==20091== by 0x964777: htab_traverse_noresize (hashtab.c:750) ==20091== by 0x747B6B: reorg_structs_drive (ipa-struct-reorg.c:3547) ==20091== by 0x584BF1: execute_one_pass (passes.c:1118) ==20091== by 0x5850B3: execute_ipa_pass_list (passes.c:1187) ==20091== by 0x73ADAD: cgraph_optimize (cgraphunit.c:1339) ==20091== by 0x410AAA: c_write_global_declarations (c-decl.c:8077) ==20091== ==20091== Conditional jump or move depends on uninitialised value(s) ==20091== at 0x9201D4: global_conflicts (sparseset.h:89) ==20091== by 0x8F7259: rest_of_handle_global_alloc (global.c:533) ==20091== by 0x584BF1: execute_one_pass (passes.c:1118) ==20091== by 0x584D8F: execute_pass_list (passes.c:1171) ==20091== by 0x584DA4: execute_pass_list (passes.c:1172) ==20091== by 0x62D093: tree_rest_of_compilation (tree-optimize.c:404) ==20091== by 0x739291: cgraph_expand_function (cgraphunit.c:1151) ==20091== by 0x73ACC3: cgraph_optimize (cgraphunit.c:1214) ==20091== by 0x410AAA: c_write_global_declarations (c-decl.c:8077) ==20091== by 0x5FA23B: toplev_main (toplev.c:1055) ==20091== by 0x39A0A1DAB3: (below main) (in /lib64/libc-2.6.so) ==20091== ==20091== Conditional jump or move depends on uninitialised value(s) ==20091== at 0x920F71: global_conflicts (sparseset.h:89) ==20091== by 0x8F7259: rest_of_handle_global_alloc (global.c:533) ==20091== by 0x584BF1: execute_one_pass (passes.c:1118) ==20091== by 0x584D8F: execute_pass_list (passes.c:1171) ==20091== by 0x584DA4: execute_pass_list (passes.c:1172) ==20091== by 0x62D093: tree_rest_of_compilation (tree-optimize.c:404) ==20091== by 0x739291: cgraph_expand_function (cgraphunit.c:1151) ==20091== by 0x73ACC3: cgraph_optimize (cgraphunit.c:1214) ==20091== by 0x410AAA: c_write_global_declarations (c-decl.c:8077) ==20091== by 0x5FA23B: toplev_main (toplev.c:1055) ==20091== by 0x39A0A1DAB3: (below main) (in /lib64/libc-2.6.so) ==20091== ==20091== Conditional jump or move depends on uninitialised value(s) ==20091== at 0x920ABB: global_conflicts (sparseset.h:89) ==20091== by 0x8F7259: rest_of_handle_global_alloc (global.c:533) ==20091== by 0x584BF1: execute_one_pass (passes.c:1118) ==20091== by 0x584D8F: execute_pass_list (passes.c:1171) ==20091== by 0x584DA4: execute_pass_list (passes.c:1172) ==20091== by 0x62D093: tree_rest_of_compilation (tree-optimize.c:404) ==20091== by 0x739291: cgraph_expand_function (cgraphunit.c:1151) ==20091== by 0x73ACC3: cgraph_optimize (cgraphunit.c:1214) ==20091== by 0x410AAA: c_write_global_declarations (c-decl.c:8077) ==20091== by 0x5FA23B: toplev_main (toplev.c:1055) ==20091== by 0x39A0A1DAB3: (below main) (in /lib64/libc-2.6.so) ==20091== ==20091== Use of uninitialised value of size 8 ==20091== at 0x921C4D: global_conflicts (sparseset.h:89) ==20091== by 0x8F7259: rest_of_handle_global_alloc (global.c:533) ==20091== by 0x584BF1: execute_one_pass (passes.c:1118) ==20091== by 0x584D8F: execute_pass_list (passes.c:1171) ==20091== by 0x584DA4: execute_pass_list (passes.c:1172) ==20091== by 0x62D093: tree_rest_of_compilation (tree-optimize.c:404) ==20091== by 0x739291: cgraph_expand_function (cgraphunit.c:1151) ==20091== by 0x73ACC3: cgraph_optimize (cgraphunit.c:1214) ==20091== by 0x410AAA: c_write_global_declarations (c-decl.c:8077) ==20091== by 0x5FA23B: toplev_main (toplev.c:1055) ==20091== by 0x39A0A1DAB3: (below main) (in /lib64/libc-2.6.so) ==20091== ==20091== Use of uninitialised value of size 8 ==20091== at 0x920F7C: global_conflicts (sparseset.h:89) ==20091== by 0x8F7259: rest_of_handle_global_alloc (global.c:533) ==20091== by 0x584BF1: execute_one_pass (passes.c:1118) ==20091== by 0x584D8F: execute_pass_list (passes.c:1171) ==20091== by 0x584DA4: execute_pass_list (passes.c:1172) ==20091== by 0x62D093: tree_rest_of_compilation (tree-optimize.c:404) ==20091== by 0x739291: cgraph_expand_function (cgraphunit.c:1151) ==20091== by 0x73ACC3: cgraph_optimize (cgraphunit.c:1214) ==20091== by 0x410AAA: c_write_global_declarations (c-decl.c:8077) ==20091== by 0x5FA23B: toplev_main (toplev.c:1055) ==20091== by 0x39A0A1DAB3: (below main) (in /lib64/libc-2.6.so) ==20091== ==20091== Use of uninitialised value of size 8 ==20091== at 0x92108C: global_conflicts (sparseset.h:89) ==20091== by 0x8F7259: rest_of_handle_global_alloc (global.c:533) ==20091== by 0x584BF1: execute_one_pass (passes.c:1118) ==20091== by 0x584D8F: execute_pass_list (passes.c:1171) ==20091== by 0x584DA4: execute_pass_list (passes.c:1172) ==20091== by 0x62D093: tree_rest_of_compilation (tree-optimize.c:404) ==20091== by 0x739291: cgraph_expand_function (cgraphunit.c:1151) ==20091== by 0x73ACC3: cgraph_optimize (cgraphunit.c:1214) ==20091== by 0x410AAA: c_write_global_declarations (c-decl.c:8077) ==20091== by 0x5FA23B: toplev_main (toplev.c:1055) ==20091== by 0x39A0A1DAB3: (below main) (in /lib64/libc-2.6.so)
Thank you for debugging! Now I see approximately where it fails. Although I am not sure that the following patch solves the issue, please try it, and let me know whether it helps. Thank you a lot, Olga Index: ipa-struct-reorg.c =================================================================== --- ipa-struct-reorg.c (revision 130906) +++ ipa-struct-reorg.c (working copy) @@ -3068,6 +3068,17 @@ dump_access_sites (str->accs); } +/* Auxiliary data structure for safe_cond_expr_check callback function. */ +struct cond_check_data +{ + /* Structure declaration. */ + tree type; + + /* Vector of unsuitable types. If the type participates in unsafe + conditional expression, it will be added to this vector. */ + VEC (tree, heap) **unsuitable_types; +}; + /* This function checks whether an access statement, pointed by SLOT, is a condition we are capable to transform. If not, it removes the structure with index, represented by DATA, from the vector @@ -3077,6 +3088,7 @@ safe_cond_expr_check (void **slot, void *data) { struct access_site *acc = *(struct access_site **) slot; + struct cond_check_data dt = *(struct cond_check_data *) data; if (TREE_CODE (acc->stmt) == COND_EXPR) { @@ -3087,7 +3099,7 @@ fprintf (dump_file, "\nUnsafe conditional statement "); print_generic_stmt (dump_file, acc->stmt, 0); } - remove_structure (*(unsigned *) data); + add_unsuitable_type (dt.unsuitable_types, dt.type); } } return 1; @@ -3541,10 +3553,23 @@ { d_str str; unsigned i; + VEC (tree, heap) *unsuitable_types = VEC_alloc (tree, heap, + VEC_length (structure, + structures)); + struct cond_check_data data; + data.type = NULL_TREE; + data.unsuitable_types = &unsuitable_types; + for (i = 0; VEC_iterate (structure, structures, i, str); i++) if (str->accs) - htab_traverse (str->accs, safe_cond_expr_check, &i); + { + data.type = str->decl; + htab_traverse (str->accs, safe_cond_expr_check, &data); + } + + remove_unsuitable_types (unsuitable_types); + VEC_free (tree, heap, unsuitable_types); } /* We exclude from non-field accesses of the structure @@ -3848,6 +3873,9 @@ gcov_type hotest = 0; unsigned i; d_str str; + VEC (tree, heap) *unsuitable_types = VEC_alloc (tree, heap, + VEC_length (structure, + structures)); /* We summarize counts of fields of a structure into the structure count. */ for (i = 0; VEC_iterate (structure, structures, i, str); i++) @@ -3863,8 +3891,11 @@ print_generic_expr (dump_file, str->decl, 0); fprintf (dump_file, " is cold."); } - remove_structure (i); + add_unsuitable_type (&unsuitable_types, str->decl); } + + remove_unsuitable_types (unsuitable_types); + VEC_free (tree, heap, unsuitable_types); } /* This function decomposes original structure into substructures,
(In reply to comment #4) > Thank you for debugging! Now I see approximately where it fails. Although I am > not sure that the following patch solves the issue, please try it, and let me > know whether it helps. > > Thank you a lot, > Olga > > Index: ipa-struct-reorg.c > =================================================================== > --- ipa-struct-reorg.c (revision 130906) > +++ ipa-struct-reorg.c (working copy) > @@ -3068,6 +3068,17 @@ > dump_access_sites (str->accs); > } Yes, it works for me on both Intel64 and ia64. Thanks.
Confirmed on x86_64-unknown-linux-gnu.
*** Bug 34874 has been marked as a duplicate of this bug. ***
(In reply to comment #6) > Confirmed on x86_64-unknown-linux-gnu. It fails only with --enable-checkgin=assert, as is the case in http://gcc.gnu.org/ml/gcc-testresults/2008-01/msg00695.html
olga, even if the test case does not normally ice on your system, you be able to see the bug if you run the test with valgrind.
(In reply to comment #9) > olga, > even if the test case does not normally ice on your system, you be able to see > the bug if you run the test with valgrind. Kenny, Thank you a lot for information. I was not aware about valgrid. Does it help also with segfaults? The patch in comment #4 solves the ICE, but on some system it generates the execution failures (PR 34534 and PR 34483). Can you see what it makes on your system? Thank you a lot, Olga
Subject: Re: [4.3 Regression] gcc.dg/struct/wo_prof_malloc_size_var.c doesn't work olga at gcc dot gnu dot org wrote: > ------- Comment #10 from olga at gcc dot gnu dot org 2008-01-20 16:28 ------- > (In reply to comment #9) > >> olga, >> even if the test case does not normally ice on your system, you be able to see >> the bug if you run the test with valgrind. >> > > Kenny, > > Thank you a lot for information. I was not aware about valgrid. Does it help > also with segfaults? > > The patch in comment #4 solves the ICE, but on some system it generates the > execution failures (PR 34534 and PR 34483). Can you see what it makes on your > system? > > Thank you a lot, > Olga > > > > generally it does. it is not perfect. it is very good at finding faults with malloc'ed memory. did you actually try valgrind with this bug? if you need some help, hop on irc and i will talk you thru it. kenny
Subject: Bug 34472 Author: rsandifo Date: Thu Jan 24 17:46:31 2008 New Revision: 131798 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=131798 Log: gcc/ PR tree-optimization/34472 * ipa-struct-reorg.c (safe_cond_expr_check): Change the DATA parameter to a "bool *" and set *DATA to false if there is an unsafe access. Do not delete the structure here. (check_cond_exprs): Delete it here instead. (check_cond_exprs, exclude_cold_structs): Do not increase I when removing a structure. Modified: trunk/gcc/ChangeLog trunk/gcc/ipa-struct-reorg.c
Revision 131801 is OK.