Bug 51077 - [4.6/4.7 Regression] Endless recursion with __builtin_object_size
Summary: [4.6/4.7 Regression] Endless recursion with __builtin_object_size
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 4.6.2
: P1 normal
Target Milestone: 4.6.3
Assignee: Jakub Jelinek
URL:
Keywords: ice-on-valid-code
Depends on:
Blocks:
 
Reported: 2011-11-10 10:59 UTC by Jakub Jelinek
Modified: 2011-11-10 19:40 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2011-11-10 00:00:00

Attachments
gcc47-pr51077.patch (629 bytes, patch)
2011-11-10 11:08 UTC, Jakub Jelinek 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Jelinek 2011-11-10 10:59:35 UTC 
struct S { unsigned char s, t[256]; };

void
foo (const struct S *x, struct S *y, int z)
{
  int i;
  for (i = 0; i < 8; i++)
    {
      const struct S *a = &x[i];
      __builtin___memcpy_chk (y->t, a->t, z, __builtin_object_size (y->t, 0));
      y = (struct S *) &y->t[z];
    }
}

ICEs at -O2 starting with
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=179850
(aka PR50700 fix).

Yet untested fix:
--- gcc/tree-object-size.c.jj	2011-10-12 20:28:20.000000000 +0200
+++ gcc/tree-object-size.c	2011-11-10 11:53:37.106777916 +0100
@@ -175,7 +175,7 @@ addr_object_size (struct object_size_inf
       unsigned HOST_WIDE_INT sz;
 
       if (!osi || (object_size_type & 1) != 0
-	  || TREE_CODE (pt_var) != SSA_NAME)
+	  || TREE_CODE (TREE_OPERAND (pt_var, 0)) != SSA_NAME)
 	{
 	  sz = compute_builtin_object_size (TREE_OPERAND (pt_var, 0),
 					    object_size_type & ~1);

TREE_CODE (pt_var) != SSA_NAME is always 1, because a few lines above this
we check that TREE_CODE (pt_var) == MEM_REF.
Comment 1 Jakub Jelinek 2011-11-10 11:08:02 UTC 
Created attachment 25777 [details]
gcc47-pr51077.patch

Patch.
Comment 2 Richard Biener 2011-11-10 11:17:53 UTC 
Ick ;)  Quite obvious when it doesn't cause any fallout.
Comment 3 Jakub Jelinek 2011-11-10 19:02:34 UTC 
Author: jakub
Date: Thu Nov 10 19:02:30 2011
New Revision: 181263

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=181263
Log:
	PR middle-end/51077
	* tree-object-size.c (addr_object_size): Check TREE_CODE of
	MEM_REF's operand rather than code of the MEM_REF itself.

	* gcc.c-torture/compile/pr51077.c: New test.

Added:
    trunk/gcc/testsuite/gcc.c-torture/compile/pr51077.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/tree-object-size.c
Comment 4 Jakub Jelinek 2011-11-10 19:04:05 UTC 
Author: jakub
Date: Thu Nov 10 19:04:01 2011
New Revision: 181264

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=181264
Log:
	PR middle-end/51077
	* tree-object-size.c (addr_object_size): Check TREE_CODE of
	MEM_REF's operand rather than code of the MEM_REF itself.

	* gcc.c-torture/compile/pr51077.c: New test.

Added:
    branches/gcc-4_6-branch/gcc/testsuite/gcc.c-torture/compile/pr51077.c
Modified:
    branches/gcc-4_6-branch/gcc/ChangeLog
    branches/gcc-4_6-branch/gcc/testsuite/ChangeLog
    branches/gcc-4_6-branch/gcc/tree-object-size.c
Comment 5 Jakub Jelinek 2011-11-10 19:40:15 UTC 
Fixed.