Bug 58088 - [4.8/4.9 Regression] ICE in gcc.c
Summary: [4.8/4.9 Regression] ICE in gcc.c
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 4.9.0
: P3 normal
Target Milestone: 4.8.2
Assignee: ktkachov
URL:
Keywords: ice-on-valid-code
: 58617 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-08-05 13:20 UTC by Ishiura Lab Compiler Team
Modified: 2013-10-04 12:48 UTC (History)
1 user (show)

See Also:
Host:
Target: i686-pc-linux-gnu, arm-none-eabi, x86_64-pc-linux-gnu
Build:
Known to work: 4.7.3
Known to fail: 4.8.1, 4.9.0
Last reconfirmed: 2013-08-05 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ishiura Lab Compiler Team 2013-08-05 13:20:58 UTC
GCC 4.9.0 ICEs on the following code. (i686 and x86_64)

  $ cat error.c
  
  int main (void)
  {
    int x = 0;
    int y = 127 | ( 128 & ( 2 * x ));
  
    return 0;
  }
  
  $ i686-pc-linux-gnu-gcc-4.9.0 error.c
  
  i686-pc-linux-gnu-gcc-4.9.0: internal compiler error: Segmentation
fault (program cc1)
  0x8053b4e execute
    ../../../../../gcc/gcc/gcc.c:2824
  0x8053e1a do_spec_1
    ../../../../../gcc/gcc/gcc.c:4616
  0x80565bd process_brace_body
    ../../../../../gcc/gcc/gcc.c:5873
  0x80565bd handle_braces
    ../../../../../gcc/gcc/gcc.c:5787
  0x8054a2a do_spec_1
    ../../../../../gcc/gcc/gcc.c:5270
  0x80565bd process_brace_body
    ../../../../../gcc/gcc/gcc.c:5873
  0x80565bd handle_braces
    ../../../../../gcc/gcc/gcc.c:5787
  0x8054a2a do_spec_1
    ../../../../../gcc/gcc/gcc.c:5270
  0x805414e do_spec_1
    ../../../../../gcc/gcc/gcc.c:5375
  0x80565bd process_brace_body
    ../../../../../gcc/gcc/gcc.c:5873
  0x80565bd handle_braces
    ../../../../../gcc/gcc/gcc.c:5787
  0x8054a2a do_spec_1
    ../../../../../gcc/gcc/gcc.c:5270
  0x80565bd process_brace_body
    ../../../../../gcc/gcc/gcc.c:5873
  0x80565bd handle_braces
    ../../../../../gcc/gcc/gcc.c:5787
  0x8054a2a do_spec_1
    ../../../../../gcc/gcc/gcc.c:5270
  0x80565bd process_brace_body
    ../../../../../gcc/gcc/gcc.c:5873
  0x80565bd handle_braces
    ../../../../../gcc/gcc/gcc.c:5787
  0x8054a2a do_spec_1
    ../../../../../gcc/gcc/gcc.c:5270
  0x80565bd process_brace_body
    ../../../../../gcc/gcc/gcc.c:5873
  0x80565bd handle_braces
    ../../../../../gcc/gcc/gcc.c:5787
  Please submit a full bug report,
  with preprocessed source if appropriate.
  Please include the complete backtrace with any bug report.
  See <http://gcc.gnu.org/bugs.html> for instructions.

  $ i686-pc-linux-gnu-gcc-4.9.0 -v
  Using built-in specs.
  COLLECT_GCC=i686-pc-linux-gnu-gcc-4.9.0
  COLLECT_LTO_WRAPPER=/usr/local/i686-tools/gcc-4.9.0/libexec/gcc/i686-pc-linux-gnu/4.9.0/lto-wrapper
  Target: i686-pc-linux-gnu
  Configured with: ../../../../gcc/configure
--prefix=/usr/local/i686-tools/gcc-4.9.0/
--with-gmp=/usr/local/gmp-5.1.1/ --with-mpfr=/usr/local/mpfr-3.1.2/
--with-mpc=/usr/local/mpc-1.0.1/ --disable-multilib --disable-nls
--enable-languages=c
  Thread model: posix
  gcc version 4.9.0 20130805 (experimental) (GCC)
Comment 1 Marek Polacek 2013-08-05 13:39:38 UTC
Ugh.  Confirmed.
Comment 2 ktkachov 2013-08-05 14:07:18 UTC
FWIW, also segfaults on arm-none-eabi.

gdb says:

fold_binary_loc (loc=787, code=BIT_AND_EXPR, type=0x7ffff6eba5e8, op0=0x7ffff7052488, op1=0x7ffff6de6280)
Comment 3 Marek Polacek 2013-08-05 14:37:16 UTC
Started with r187280.
Comment 4 Marek Polacek 2013-08-06 08:18:54 UTC
Another testcases:

int
bar (int i)
{
  return 1 | ((i * 2) & 254);
}

int
foo (int i)
{
  return 1 | ((i * 2) & 255);
}
Comment 5 ktkachov 2013-08-06 08:28:08 UTC
(In reply to Marek Polacek from comment #4)
> Another testcases:
> 
> int
> bar (int i)
> {
>   return 1 | ((i * 2) & 254);
> }
> 
> int
> foo (int i)
> {
>   return 1 | ((i * 2) & 255);
> }

This happens for any value of the RHS of the AND that is >= 128.
A stack overflow occurs because fold_binary_loc keeps getting called, but op1, which is supposed to be the result of maksing the RHS with the NOT of the 2 in (i * 2) is set to something else.
Now investigating...
Comment 6 Marek Polacek 2013-08-06 08:40:32 UTC
Well, for (i * 2) & 128 the BIT_AND_EXPR case doesn't do anything, but then we get into BIT_IOR_EXPR case, here the "Canonicalize (X & C1) | C2." code changes that into (i * 2) & 255, then in BIT_AND_EXPR we drop the zero bits, so we get
(i * 2) & 254, but then it gets canonicalized into (i * 2) & 255 again and so on and on, then we overflow.
Comment 7 Marek Polacek 2013-08-06 18:01:59 UTC
Kyrylo, do you plan to work on this?  If that's the case, please assign the bug to yourself.
Comment 8 ktkachov 2013-08-06 18:37:21 UTC
Mine.
Comment 9 ktkachov 2013-08-07 13:34:51 UTC
Proposed patch posted at:
http://gcc.gnu.org/ml/gcc-patches/2013-08/msg00361.html
Comment 10 ktkachov 2013-09-17 13:29:44 UTC
Author: ktkachov
Date: Tue Sep 17 13:29:41 2013
New Revision: 202652

URL: http://gcc.gnu.org/viewcvs?rev=202652&root=gcc&view=rev
Log:
[gcc/]
2013-09-17  Kyrylo Tkachov  <kyrylo.tkachov@arm.com>

	PR tree-optimization/58088
	* fold-const.c (mask_with_trailing_zeros): New function.
	(fold_binary_loc): Make sure we don't recurse infinitely
	when the X in (X & C1) | C2 is a tree of the form (Y * K1) & K2.
	Use mask_with_trailing_zeros where appropriate.

[gcc/testsuite]
2013-09-17  Kyrylo Tkachov  <kyrylo.tkachov@arm.com>

	PR tree-optimization/58088
	* gcc.c-torture/compile/pr58088.c: New test.

Added:
    trunk/gcc/testsuite/gcc.c-torture/compile/pr58088.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/fold-const.c
    trunk/gcc/testsuite/ChangeLog
Comment 11 ktkachov 2013-09-17 13:59:43 UTC
Author: ktkachov
Date: Tue Sep 17 13:59:42 2013
New Revision: 202653

URL: http://gcc.gnu.org/viewcvs?rev=202653&root=gcc&view=rev
Log:
[gcc/]
2013-09-17  Kyrylo Tkachov  <kyrylo.tkachov@arm.com>

	PR tree-optimization/58088
	* fold-const.c (mask_with_trailing_zeros): New function.
	(fold_binary_loc): Make sure we don't recurse infinitely
	when the X in (X & C1) | C2 is a tree of the form (Y * K1) & K2.
	Use mask_with_trailing_zeros where appropriate.

[gcc/testsuite/]
2013-09-17  Kyrylo Tkachov  <kyrylo.tkachov@arm.com>

	PR tree-optimization/58088
	* gcc.c-torture/compile/pr58088.c: New test.

Added:
    branches/gcc-4_8-branch/gcc/testsuite/gcc.c-torture/compile/pr58088.c
Modified:
    branches/gcc-4_8-branch/gcc/ChangeLog
    branches/gcc-4_8-branch/gcc/fold-const.c
    branches/gcc-4_8-branch/gcc/testsuite/ChangeLog
Comment 12 ktkachov 2013-09-17 14:00:22 UTC
Fixed on trunk and 4.8 branch.
Comment 13 Marc Glisse 2013-10-04 12:48:44 UTC
*** Bug 58617 has been marked as a duplicate of this bug. ***