Created attachment 48847 [details] preprocessed unreduced testcase The testcase, extracted from current mesa, segfaults with -O1 or higher: # gcc -O1 -c sp_tex_sample.i during IPA pass: fnsummary ../mesa-9999/src/gallium/drivers/softpipe/sp_tex_sample.c: In function 'sample_compare': ../mesa-9999/src/gallium/drivers/softpipe/sp_tex_sample.c:3862:1: internal compiler error: Segmentation fault 3862 | } | ^ Please submit a full bug report, with preprocessed source if appropriate. # gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/10.1.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /tmp-ram/portage/sys-devel/gcc-10.1.0-r1/work/gcc-10.1.0/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/10.1.0 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/10.1.0/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/10.1.0 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/10.1.0/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/10.1.0/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/10.1.0/include/g++-v10 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/10.1.0/python --enable-languages=c,c++ --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --disable-nls --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo 10.1.0-r1 p2' --disable-esp --enable-libstdcxx-time --with-build-config=bootstrap-lto --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-fixed-point --enable-targets=all --enable-libgomp --disable-libmudflap --disable-libssp --disable-libada --disable-systemtap --disable-vtable-verify --disable-libvtv --without-zstd --disable-libquadmath --enable-lto --with-isl --disable-isl-version-check --disable-libsanitizer --disable-default-pie --disable-default-ssp Thread model: posix Supported LTO compression algorithms: zlib gcc version 10.1.0 (Gentoo 10.1.0-r1 p2)
Confirmed, working on that..
Reduced test-case: $ cat pr96130.c enum { PIPE_FUNC_NEVER, PIPE_FUNC_LESS, PIPE_FUNC_EQUAL, PIPE_FUNC_LEQUAL, PIPE_FUNC_GREATER, PIPE_FUNC_NOTEQUAL, PIPE_FUNC_GEQUAL, PIPE_FUNC_ALWAYS } sample_compare_k_0; int sample_compare_rgba; struct pipe_sampler_state { unsigned compare_func : 3; }; void sample_compare(struct pipe_sampler_state *sp_samp) { switch (sp_samp->compare_func) { case PIPE_FUNC_LESS: case PIPE_FUNC_LEQUAL: case PIPE_FUNC_GREATER: case PIPE_FUNC_GEQUAL: case PIPE_FUNC_EQUAL: case PIPE_FUNC_NOTEQUAL: sample_compare_k_0 != sample_compare_rgba; case PIPE_FUNC_ALWAYS: case PIPE_FUNC_NEVER: break; default: for (;;) ; } } fails here: $ gcc pr96130.c -c -O1 during IPA pass: fnsummary pr96130.c: In function ‘sample_compare’: pr96130.c:34:1: internal compiler error: Segmentation fault 34 | } | ^ 0xdc22ef crash_signal /home/marxin/Programming/gcc/gcc/toplev.c:328 0x7ffff78d752f ??? /usr/src/debug/glibc-2.31-6.1.x86_64/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0 0xb938f9 analyze_function_body /home/marxin/Programming/gcc/gcc/ipa-fnsummary.c:2769 0xb944e3 compute_fn_summary(cgraph_node*, bool) /home/marxin/Programming/gcc/gcc/ipa-fnsummary.c:2974 0xb94990 inline_analyze_function(cgraph_node*) /home/marxin/Programming/gcc/gcc/ipa-fnsummary.c:4078 0xb94b73 ipa_fn_summary_generate /home/marxin/Programming/gcc/gcc/ipa-fnsummary.c:4121 0xcea35b execute_ipa_summary_passes(ipa_opt_pass_d*) /home/marxin/Programming/gcc/gcc/passes.c:2191 0x966a97 ipa_passes /home/marxin/Programming/gcc/gcc/cgraphunit.c:2646 0x966a97 symbol_table::compile() /home/marxin/Programming/gcc/gcc/cgraphunit.c:2756 0x96885c symbol_table::compile() /home/marxin/Programming/gcc/gcc/cgraphunit.c:2736 0x96885c symbol_table::finalize_compilation_unit() /home/marxin/Programming/gcc/gcc/cgraphunit.c:3003 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See <https://gcc.gnu.org/bugs/> for instructions. started with
Started with r10-3199-g351e7c3b5fbd45bd, leaving to Feng.
*** Bug 96150 has been marked as a duplicate of this bug. ***
Reduced testcase from the other PR which is shorter: struct S { unsigned j : 3; }; int k, l, m; void foo (struct S x) { while (l != 5) switch (x.j) { case 1: case 3: case 4: case 6: case 2: case 5: l = m; case 7: case 0: k = 0; default: break; } }
My understanding of the problem is that set_switch_stmt_execution_predicate figures out that the default: is unreachable (operand is a bitfield with values 0 to 7 and there are cases for all 8) and notes that into the predicate for the switch -> default: edge's aux, and then compute_bb_predicates iterates, but as the 3 -> 9 predicate always resolves to false, nothing adds bb_9->aux. And later we try to dereference that. So, either predicates in bb->aux are optional and we should treat a missing predicate as false predicate, or compute_bb_predicate should ensure to fill in bb->aux even for bbs it left NULL at the end. if (bb->aux) bb_predicate = *(predicate *) bb->aux; else bb_predicate = false; in analyze_function_body suggests that perhaps the latter is the case.
Created attachment 48858 [details] gcc11-pr96130.patch So, my fix would be like this (untested except on the testcase so far).
*** Bug 96165 has been marked as a duplicate of this bug. ***
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>: https://gcc.gnu.org/g:776e48e0931db69f158f40e5cb8e15463d879a42 commit r11-2066-g776e48e0931db69f158f40e5cb8e15463d879a42 Author: Jakub Jelinek <jakub@redhat.com> Date: Mon Jul 13 18:25:53 2020 +0200 ipa-fnsummary: Fix ICE with switch predicates [PR96130] The following testcase ICEs since r10-3199. There is a switch with default label, where the controlling expression has range just 0..7 and there are case labels for all those 8 values, but nothing has yet optimized away the default. Since r10-3199, set_switch_stmt_execution_predicate sets the switch to default label's edge's predicate to a false predicate and then compute_bb_predicates propagates the predicates through the cfg, but false predicates aren't really added. The caller of compute_bb_predicates in one place handles NULL bb->aux as false predicate: if (fbi.info) { if (bb->aux) bb_predicate = *(predicate *) bb->aux; else bb_predicate = false; } else bb_predicate = true; but then in two further spots that the patch below is changing it assumes bb->aux must be non-NULL. Those two spots are guarded by a condition that is only true if fbi.info is non-NULL, so I think the right fix is to treat NULL aux as false predicate in those spots too. 2020-07-13 Jakub Jelinek <jakub@redhat.com> PR ipa/96130 * ipa-fnsummary.c (analyze_function_body): Treat NULL bb->aux as false predicate. * gcc.dg/torture/pr96130.c: New test.
The releases/gcc-10 branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>: https://gcc.gnu.org/g:0d03c0ee5213703ec6d9ffa632fa5298d83adaaa commit r10-8472-g0d03c0ee5213703ec6d9ffa632fa5298d83adaaa Author: Jakub Jelinek <jakub@redhat.com> Date: Mon Jul 13 18:25:53 2020 +0200 ipa-fnsummary: Fix ICE with switch predicates [PR96130] The following testcase ICEs since r10-3199. There is a switch with default label, where the controlling expression has range just 0..7 and there are case labels for all those 8 values, but nothing has yet optimized away the default. Since r10-3199, set_switch_stmt_execution_predicate sets the switch to default label's edge's predicate to a false predicate and then compute_bb_predicates propagates the predicates through the cfg, but false predicates aren't really added. The caller of compute_bb_predicates in one place handles NULL bb->aux as false predicate: if (fbi.info) { if (bb->aux) bb_predicate = *(predicate *) bb->aux; else bb_predicate = false; } else bb_predicate = true; but then in two further spots that the patch below is changing it assumes bb->aux must be non-NULL. Those two spots are guarded by a condition that is only true if fbi.info is non-NULL, so I think the right fix is to treat NULL aux as false predicate in those spots too. 2020-07-13 Jakub Jelinek <jakub@redhat.com> PR ipa/96130 * ipa-fnsummary.c (analyze_function_body): Treat NULL bb->aux as false predicate. * gcc.dg/torture/pr96130.c: New test. (cherry picked from commit 776e48e0931db69f158f40e5cb8e15463d879a42)
Fixed for 10.2 and 11.1.