markus@x4 tmp % cat test.ii class A { public: int m_fn1(); }; class B { public: static B *m_fn1(int); enum { d = 8, Sub, Mul, UDiv, SDiv, URem, SRem, Shl, LShr }; }; class C { A Lex; void m_fn1(); }; void C::m_fn1() { switch (0) case 0: { int a = Lex.m_fn1(); switch (a) { case 1: case B::Sub: case B::Mul: case B::UDiv: case B::SDiv: case B::URem: case B::SRem: case B::Shl: case 0: case B::LShr: break; default: __builtin_unreachable(); } B::m_fn1(a); } } markus@x4 tmp % g++ -O2 -c test.ii test.ii: In member function ‘void C::m_fn1()’: test.ii:24:6: internal compiler error: Segmentation fault void C::m_fn1() { ^ 0xb15d0f crash_signal ../../gcc/gcc/toplev.c:334 0xd2a30f single_imm_use ../../gcc/gcc/ssa-iterators.h:426 0xd2a30f all_imm_uses_in_stmt_or_feed_cond ../../gcc/gcc/tree-vrp.c:6480 0xd2a30f remove_range_assertions ../../gcc/gcc/tree-vrp.c:6622 0xd2a30f execute_vrp ../../gcc/gcc/tree-vrp.c:9759 0xd2a30f execute ../../gcc/gcc/tree-vrp.c:9842 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See <http://gcc.gnu.org/bugs.html> for instructions.
Started with r204255.
Here, single_imm_use can set the stmt to NULL: /* If there aren't any uses whatsoever, we're done. */ if (ptr == ptr->next) { return_false: *use_p = NULL_USE_OPERAND_P; *stmt = NULL; and then we're calling gimple_code on that NULL stmt: if (gimple_code (use_stmt) != GIMPLE_COND
Thus, hopefully: --- a/gcc/tree-vrp.c +++ b/gcc/tree-vrp.c @@ -6479,8 +6479,9 @@ all_imm_uses_in_stmt_or_feed_cond (tree var, gimple stmt, basic_blo && single_imm_use (gimple_assign_lhs (use_stmt), &use2_p, &use_stmt)) ; - if (gimple_code (use_stmt) != GIMPLE_COND - || gimple_bb (use_stmt) != cond_bb) + if (use_stmt + && (gimple_code (use_stmt) != GIMPLE_COND + || gimple_bb (use_stmt) != cond_bb)) return false; } return true;
Reduced testcase: int foo (int x) { switch (x) { case 0: case 1: case 9: break; default: __builtin_unreachable (); } return x; }
On it.
Created attachment 31148 [details] gcc49-pr58978.patch While your patch will work too, I think it is better to fix it differently, the problem is that single_imm_use modifies the use_stmt argument even if it returns false, which I didn't expect.
Reassigning.
(In reply to Jakub Jelinek from comment #6) > Created attachment 31148 [details] > gcc49-pr58978.patch > > While your patch will work too, I think it is better to fix it differently, > the problem is that single_imm_use modifies the use_stmt argument even if it > returns false, which I didn't expect. Yeah, that looks good to me.
With your patch applied I get this new ICE: /home/markus/mozilla-central/js/src/jit/IonBuilder.cpp:6937:1: internal compiler error: Segmentation fault IonBuilder::jsop_getelem_typed(MDefinition *obj, MDefinition *index, ^ 0xb15d0f crash_signal ../../gcc/gcc/toplev.c:334 0xd2a30f single_imm_use ../../gcc/gcc/ssa-iterators.h:426 0xd2a30f all_imm_uses_in_stmt_or_feed_cond ../../gcc/gcc/tree-vrp.c:6480 0xd2a30f remove_range_assertions ../../gcc/gcc/tree-vrp.c:6622 0xd2a30f execute_vrp ../../gcc/gcc/tree-vrp.c:9759 0xd2a30f execute ../../gcc/gcc/tree-vrp.c:9842 Please submit a full bug report I'm currently reducing this testcase.
(In reply to octoploid from comment #9) > With your patch applied I get this new ICE: > I've posted the wrong backtrace. Here's the correct one: /var/tmp/gcc_test/usr/local/bin/g++ -w -c -std=gnu++0x -O2 test.ii /home/markus/mozilla-central/js/src/jit/IonBuilder.cpp: In member function ‘bool js::jit::IonBuilder::jsop_getelem_typed(js::jit::MDefinition*, js::jit::MDefinition*, js::Sca larTypeRepresentation::Type)’: /home/markus/mozilla-central/js/src/jit/IonBuilder.cpp:6937:1: internal compiler error: tree check: expected ssa_name, have component_ref in single_imm_use, at ssa-iterators. h:419 IonBuilder::jsop_getelem_typed(MDefinition *obj, MDefinition *index, ^ 0xd21764 tree_check_failed(tree_node const*, char const*, int, char const*, ...) ../../gcc/gcc/tree.c:9421 0xd1fc95 tree_check ../../gcc/gcc/tree.h:2902 0xd1fc95 single_imm_use ../../gcc/gcc/ssa-iterators.h:419 0xd1fc95 all_imm_uses_in_stmt_or_feed_cond ../../gcc/gcc/tree-vrp.c:6480 0xd1fc95 remove_range_assertions ../../gcc/gcc/tree-vrp.c:6622 0xd1fc95 execute_vrp ../../gcc/gcc/tree-vrp.c:9759 0xd1fc95 execute ../../gcc/gcc/tree-vrp.c:9842 Please submit a full bug report,
Created attachment 31153 [details] gcc49-pr58978.patch Supposedly this updated patch would fix even that?
(In reply to Jakub Jelinek from comment #11) > Created attachment 31153 [details] > gcc49-pr58978.patch > > Supposedly this updated patch would fix even that? Yes. Thanks.
Author: jakub Date: Mon Nov 4 20:17:17 2013 New Revision: 204357 URL: http://gcc.gnu.org/viewcvs?rev=204357&root=gcc&view=rev Log: PR tree-optimization/58978 * tree-vrp.c (all_imm_uses_in_stmt_or_feed_cond): Don't modify use_stmt by single_imm_use directly. Only call single_imm_use on SSA_NAMEs. * gcc.c-torture/compile/pr58978.c: New test. Added: trunk/gcc/testsuite/gcc.c-torture/compile/pr58978.c Modified: trunk/gcc/ChangeLog trunk/gcc/testsuite/ChangeLog trunk/gcc/tree-vrp.c
Closing.