Bug 54136 - Compiling phoronix/dcraw with gcc 4.8 trunk causes infinite execution.
Summary: Compiling phoronix/dcraw with gcc 4.8 trunk causes infinite execution.
Status: RESOLVED INVALID
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 4.8.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-07-31 08:54 UTC by Venkataramanan
Modified: 2012-07-31 09:24 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Simplied test case (6.93 KB, application/octet-stream)
2012-07-31 09:02 UTC, Venkataramanan 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Venkataramanan 2012-07-31 08:54:45 UTC 
Attached test case is a extracted from dcraw application. 

GCC option used -O2 or -O1 -ftree-vrp.
Target: x86_64-unknown-linux-gnu.

With gcc 4.7 the test case completes.

But for gcc4.8 trunk revision r189951 it results in infinite loop execution.

(-----Snip-----)
 for (i=0; i < sizeof table / sizeof *table; i++)
    if (!strncmp (name, table[i].prefix, strlen(table[i].prefix))) {
      if (table[i].black)   black   = (unsigned short) table[i].black;
      if (table[i].maximum) maximum = (unsigned short) table[i].maximum;
      for (j=0; j < 12; j++)
        cam_xyz[0][j] = table[i].trans[j] / 10000.0;
        printf("reached here exiting out of loop : pointer to array cam_xyz %x\n", cam_xyz);
      break;
    }
(-----Snip-----)


 ----test.c.067t.mergephi2-----
     D.2580_12 = table[i_1].maximum;
     if (D.2580_12 != 0)
       goto <bb 7>;
     else
       goto <bb 10>;

     <bb 7>:
     D.2583_13 = (short unsigned int) D.2580_12;
     maximum.1_14 = (unsigned int) D.2583_13;
     maximum = maximum.1_14;
     goto <bb 10>;

     <bb 9>:
     D.2585_16 = table[i_1].trans[j_2];
     D.2586_17 = (double) D.2585_16;
     D.2587_18 = D.2586_17 / 1.0e+4;
     cam_xyz[0][j_2] = D.2587_18;
     j_19 = j_2 + 1;

     <bb 10>:
     # j_2 = PHI <0(6), j_19(9), 0(7)>
     if (j_2 <= 11)
       goto <bb 9>;
     else
       goto <bb 11>;

     <bb 11>:
     printf ("reached here exiting out of loop : pointer to array cam_xyz %x\n", &cam_xyz);
  goto <bb 14>

After VRP 

------test.c.068t.vrp1-----
    D.2580_12 = table[i_33].maximum;
    if (D.2580_12 != 0)
      goto <bb 7>;
    else
      goto <bb 8>;

    <bb 7>:
    D.2583_13 = (short unsigned int) D.2580_12;
    maximum.1_14 = (unsigned int) D.2583_13;
    maximum = maximum.1_14;

    <bb 8>:
    j_15 = 0;

    <bb 9>:
    # j_2 = PHI <0(8), j_19(9)>
    D.2585_16 = table[i_33].trans[j_2];
    D.2586_17 = (double) D.2585_16;
    D.2587_18 = D.2586_17 / 1.0e+4;
    cam_xyz[0][j_2] = D.2587_18;
    j_19 = j_2 + 1;
    goto <bb 9>; <== infinite loop is formed

    <bb 10>:
    i_20 = i_1 + 1;
Comment 1 Andrew Pinski 2012-07-31 09:01:54 UTC 
>cam_xyz[0][j] = table[i].trans[j]

How are those two arrays (cam_xyz[0] and trans) defined?
Comment 2 Venkataramanan 2012-07-31 09:02:34 UTC 
Created attachment 27904 [details]
Simplied test case
Comment 3 Andrew Pinski 2012-07-31 09:06:55 UTC 
> double cam_xyz[4][3];

> cam_xyz[0][j] 

Yes you are going past the array bounds of cam_xyz[0] .Rewrite the loop like:
      for (j0=0; j0 < 4; j0++)
      for (j=0; j < 3; j++)

	cam_xyz[j0][j] = table[i].trans[j0*3+j] / 10000.0;

Instead of change cam_xyz to be array of size 12.
Comment 4 Venkataramanan 2012-07-31 09:22:47 UTC 
Ok thanks will adjust the test case. 

So compiler can generate infinite loop incase of array out of bound acess?
Comment 5 Richard Biener 2012-07-31 09:24:56 UTC 
(In reply to comment #4)
> Ok thanks will adjust the test case. 
> 
> So compiler can generate infinite loop incase of array out of bound acess?

Yes, anything can happen when you invoke undefined behavior like this.