Bug 45948 - [4.6 Regression] ICE: SIGSEGV in find_uses_to_rename_use (tree-ssa-loop-manip.c:1242) with -O -fstrict-overflow -ftree-loop-distribution
Summary: [4.6 Regression] ICE: SIGSEGV in find_uses_to_rename_use (tree-ssa-loop-manip...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 4.6.0
: P1 normal
Target Milestone: 4.6.0
Assignee: Sebastian Pop
URL:
Keywords: ice-on-valid-code
Depends on:
Blocks:
 
Reported: 2010-10-08 22:33 UTC by Zdenek Sojka
Modified: 2021-12-26 12:35 UTC (History)
1 user (show)

See Also:
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Build:
Known to work: 4.5.2
Known to fail: 4.6.0
Last reconfirmed: 2010-11-08 04:21:15

Attachments
reduced testcase (125 bytes, text/plain)
2010-10-08 22:33 UTC, Zdenek Sojka 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Zdenek Sojka 2010-10-08 22:33:03 UTC 
Created attachment 22003 [details]
reduced testcase

Command line:
$ gcc -O2 -ftree-loop-distribution pr45948.c

Related valgrind output:
==6585== Invalid read of size 8
==6585==    at 0x97C679: find_uses_to_rename_use (tree-ssa-loop-manip.c:1242)
==6585==    by 0x97C94F: find_uses_to_rename_bb (tree-ssa-loop-manip.c:284)
==6585==    by 0x97CFED: rewrite_into_loop_closed_ssa (tree-ssa-loop-manip.c:331)
==6585==    by 0x8F2CF2: distribute_loop (tree-loop-distribution.c:1087)
==6585==    by 0x8F466C: tree_loop_distribution (tree-loop-distribution.c:1208)
==6585==    by 0x7BF35E: execute_one_pass (passes.c:1562)
==6585==    by 0x7BF5F4: execute_pass_list (passes.c:1617)
==6585==    by 0x7BF606: execute_pass_list (passes.c:1618)
==6585==    by 0x7BF606: execute_pass_list (passes.c:1618)
==6585==    by 0x902275: tree_rest_of_compilation (tree-optimize.c:419)
==6585==    by 0xAC4991: cgraph_expand_function (cgraphunit.c:1498)
==6585==    by 0xAC6F29: cgraph_optimize (cgraphunit.c:1557)
==6585==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==6585== 
pr45948.c: In function 'foo':
pr45948.c:4:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.

Tested revisions:
r165152 - crash
Comment 1 Zdenek Sojka 2010-11-08 01:01:51 UTC 
I did further testing, and this seems to be a regression:

Related valgrind output:
$ gcc -O -fstrict-overflow -ftree-loop-distribution pr45948.c
==3184== Invalid read of size 8
==3184==    at 0x966569: find_uses_to_rename_use (tree-ssa-loop-manip.c:1242)
==3184==    by 0x96683F: find_uses_to_rename_bb (tree-ssa-loop-manip.c:284)
==3184==    by 0x966EED: rewrite_into_loop_closed_ssa (tree-ssa-loop-manip.c:331)
==3184==    by 0x8D79A9: distribute_loop (tree-loop-distribution.c:1080)
==3184==    by 0x8D8A0C: tree_loop_distribution (tree-loop-distribution.c:1201)
==3184==    by 0x79980E: execute_one_pass (passes.c:1560)
==3184==    by 0x799AB4: execute_pass_list (passes.c:1615)
==3184==    by 0x799AC6: execute_pass_list (passes.c:1616)
==3184==    by 0x799AC6: execute_pass_list (passes.c:1616)
==3184==    by 0x8E6715: tree_rest_of_compilation (tree-optimize.c:422)
==3184==    by 0xAB6601: cgraph_expand_function (cgraphunit.c:1493)
==3184==    by 0xAB8BC9: cgraph_optimize (cgraphunit.c:1552)
==3184==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==3184== 
pr45948.c: In function 'foo':
pr45948.c:4:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.

Tested revisions:
r166414 - crash
r161659 - crash
r159696 - OK
4.5 r165781 - OK
Comment 2 H.J. Lu 2010-11-08 04:21:15 UTC 
It is caused by revision 159992:

http://gcc.gnu.org/ml/gcc-cvs/2010-05/msg01050.html
Comment 3 Sebastian Pop 2010-11-08 15:49:36 UTC 
Mine.
Comment 4 Sebastian Pop 2010-12-02 18:39:23 UTC 
For this case, we end up generating two memset (0) for the first loop,
and we completely remove that loop:

void
foo (int i, int n)
{
  int a[30];
  int b[30];
  for (; i < n; i++)
    a[i] = b[i] = 0;

  while (1)
    if (b[0])
      bar (a[i - 1]);
}

The problem seems to be that the close phi node for the last value of
i is not removed by the scev constant propagation, and we don't have
the for loop anymore to compute it.
Comment 5 Sebastian Pop 2010-12-02 19:19:46 UTC 
First patch here: http://gcc.gnu.org/ml/gcc-patches/2010-12/msg00216.html
However, I am not fully happy with this fix that tweaks scev const prop to work around this bug...

The other fix that I am thinking about is that we test for scalar dependences outside the loop in the loop distribution pass, but it seems like rdg_defs_used_in_other_loops_p does not handle this correctly...
I'm still investigating.
Comment 6 Sebastian Pop 2010-12-10 23:51:22 UTC 
Patch here:
http://gcc.gnu.org/ml/gcc-patches/2010-12/msg00919.html
Comment 7 Sebastian Pop 2010-12-15 05:04:34 UTC 
Author: spop
Date: Wed Dec 15 05:04:30 2010
New Revision: 167842

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=167842
Log:
Fix PR45948: add ssa defs from builtin partitions to the last partition.

2010-12-14  Sebastian Pop  <sebastian.pop@amd.com>

	PR tree-optimization/45948
	* tree-loop-distribution.c (ssa_name_has_uses_outside_loop_p): New.
	(stmt_has_scalar_dependences_outside_loop): New.
	(stmt_generated_in_another_partition): New.
	(add_scalar_computations_to_partition): New.
	(rdg_build_partitions): Call add_scalar_computations_to_partition.

	* gcc.dg/tree-ssa/ldist-pr45948.c: New.

Added:
    trunk/gcc/testsuite/gcc.dg/tree-ssa/ldist-pr45948.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/tree-loop-distribution.c
Comment 8 Sebastian Pop 2010-12-15 05:07:53 UTC 
Fixed.