Bug 11087

Summary:	gcc miscompiles raid1.c from linux kernel
Product:	gcc	Reporter:	marcus
Component:	target	Assignee:	Jakub Jelinek <jakub>
Status:	RESOLVED FIXED
Severity:	normal	CC:	amodra, gcc-bugs, jakub, mmitchel
Priority:	P2	Keywords:	wrong-code
Version:	3.3
Target Milestone:	3.3.2
Host:	powerpc64-linux	Target:	powerpc64-linux
Build:	powerpc-linux	Known to work:
Known to fail:		Last reconfirmed:	2003-06-22 13:12:19
Attachments:	raid1 standalone testcase test.gcc33.s test.gcc34.s

Description marcus 2003-06-04 08:17:27 UTC

both the ppc32->ppc64 crosscompiler and the ppc64 native compiler in version  
3.2 + ppc64 patches 20020823, and gcc-3.3 with 20030513 patchset miscompile 
the function raid1_read_balance() in drivers/md/raid1.c of the linux kernel. 
 
I have extract a standalone testcase, which segfaults when run. 
(disk is 1, while its maximum is 0)

Comment 1 marcus 2003-06-04 08:18:04 UTC

Created attachment 4161 [details]
raid1 standalone testcase

compile with -O2

Comment 2 marcus 2003-06-04 08:19:24 UTC

i forgot, compuile wizth -O2 to get the problem

Comment 3 Dara Hazeghi 2003-06-04 10:21:18 UTC

Hello,

I have attached assembly generated by gcc 3.3 branch and mainline (20030603). Can you confirm 
whether these, when compiled, segfault? Thanks,

Dara

Comment 4 Dara Hazeghi 2003-06-04 10:22:14 UTC

Created attachment 4163 [details]
test.gcc33.s

Comment 5 Dara Hazeghi 2003-06-04 10:22:52 UTC

Created attachment 4164 [details]
test.gcc34.s

Comment 6 marcus 2003-06-04 10:32:43 UTC

both do not crash anymore. 
 
i also single stepped the code and it appears to be no longer generating 
accesses with disk = -1 
 
so i think this is good with 3.3 and 3.4. 
 
will this be added as a testcase?

Comment 7 Dara Hazeghi 2003-06-04 10:48:16 UTC

Alan,

would you mind taking a look at this report? It looks rather as if the bug is fixed, but as Marcus 
suggests, perhaps the code in question could be used as a testcase. Thanks,

Dara

Comment 8 Andrew Pinski 2003-06-22 13:12:19 UTC

This should not be in waiting, it is fixed with 3.3 and on the mainline but it would be nice if 
someone came up with a testcase.

Comment 9 GCC Commits 2003-07-18 11:13:39 UTC

Subject: Bug 11087

CVSROOT:	/cvs/gcc
Module name:	gcc
Changes by:	jakub@gcc.gnu.org	2003-07-18 11:13:37

Modified files:
	gcc            : ChangeLog loop.c 
	gcc/testsuite  : ChangeLog 
Added files:
	gcc/testsuite/gcc.c-torture/execute: 20030717-1.c 

Log message:
	PR target/11087
	* loop.c (basic_induction_var): Check if convert_modes emitted any
	instructions. Remove them and return 0 if so.
	
	* gcc.c-torture/execute/20030717-1.c: New test.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&r1=2.554&r2=2.555
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/loop.c.diff?cvsroot=gcc&r1=1.464&r2=1.465
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&r1=1.2895&r2=1.2896
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/20030717-1.c.diff?cvsroot=gcc&r1=NONE&r2=1.1

Comment 10 GCC Commits 2003-07-18 11:17:52 UTC

Subject: Bug 11087

CVSROOT:	/cvs/gcc
Module name:	gcc
Branch: 	gcc-3_2-rhl8-branch
Changes by:	jakub@gcc.gnu.org	2003-07-18 11:17:45

Modified files:
	gcc            : ChangeLog loop.c 
	gcc/testsuite  : ChangeLog 
Added files:
	gcc/testsuite/gcc.c-torture/execute: 20030717-1.c 

Log message:
	PR target/11087
	* loop.c (basic_induction_var): Check if convert_modes emitted any
	instructions. Remove them and return 0 if so.
	
	* gcc.c-torture/execute/20030717-1.c: New test.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_2-rhl8-branch&r1=1.13152.2.657.2.27.2.146&r2=1.13152.2.657.2.27.2.147
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/loop.c.diff?cvsroot=gcc&only_with_tag=gcc-3_2-rhl8-branch&r1=1.389.2.7.4.8&r2=1.389.2.7.4.9
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_2-rhl8-branch&r1=1.1672.2.166.2.8.2.58&r2=1.1672.2.166.2.8.2.59
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/20030717-1.c.diff?cvsroot=gcc&only_with_tag=gcc-3_2-rhl8-branch&r1=NONE&r2=1.1.2.1

Comment 11 GCC Commits 2003-07-18 11:20:22 UTC

Subject: Bug 11087

CVSROOT:	/cvs/gcc
Module name:	gcc
Branch: 	gcc-3_3-rhl-branch
Changes by:	jakub@gcc.gnu.org	2003-07-18 11:20:20

Modified files:
	gcc            : ChangeLog loop.c 
	gcc/testsuite  : ChangeLog 
Added files:
	gcc/testsuite/gcc.c-torture/execute: 20030717-1.c 

Log message:
	PR target/11087
	* loop.c (basic_induction_var): Check if convert_modes emitted any
	instructions. Remove them and return 0 if so.
	
	* gcc.c-torture/execute/20030717-1.c: New test.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-rhl-branch&r1=1.16114.2.523.2.49&r2=1.16114.2.523.2.50
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/loop.c.diff?cvsroot=gcc&only_with_tag=gcc-3_3-rhl-branch&r1=1.433.2.7.2.1&r2=1.433.2.7.2.2
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-rhl-branch&r1=1.2261.2.170.2.22&r2=1.2261.2.170.2.23
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/testsuite/gcc.c-torture/execute/20030717-1.c.diff?cvsroot=gcc&only_with_tag=gcc-3_3-rhl-branch&r1=NONE&r2=1.1.4.1

Comment 12 Christian Ehrhardt 2003-07-28 12:29:22 UTC

Jakub, the change log of this bug indicates that you added
a testcase. Could you please close the bug if this is indeed
the case? The problem itself is reportedly fixed on all active
branches.

Comment 13 Falk Hueffner 2003-10-13 15:10:07 UTC

I think this really should also be added to 3.3.2. I know it's late, but I
suppose it was only accidentally that it wasn't comitted to the plain 3.3 branch,
and it has received lots of testing on the other branches, and it leads to
a miscompilation of the Linux kernel on at least powerpc and alpha.

Comment 14 Mark Mitchell 2003-10-13 19:25:32 UTC

I don't understand Falk's comment.  According to the audit trail, this is
already fixed in GCC 3.3.  However, it does not appear if Jakub's patch is on
the 3.3
branch.  

Jakub, can you clarify this situation?

If there is a patch for 3.3, please link to it from the audit trail so I can
review it.

Thanks.

Comment 15 Andrew Pinski 2003-10-13 19:31:30 UTC

The patch was commited to the mainline and redhat's 2 branches and that is all.

Comment 16 Mark Mitchell 2003-10-13 19:50:37 UTC

Subject: Re:  gcc miscompiles raid1.c from linux kernel

On Mon, 2003-10-13 at 12:31, pinskia at gcc dot gnu dot org wrote:
> PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
> 
> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11087
> 
> 
> 
> ------- Additional Comments From pinskia at gcc dot gnu dot org  2003-10-13 19:31 -------
> The patch was commited to the mainline and redhat's 2 branches and that is all.

So why does Marcus say that it is fixed in 3.3?

Comment 17 Falk Hueffner 2003-10-13 20:52:58 UTC

I don't know why Marcus considers it fixed in 3.3; the patch is certainly
not in the 3.3-branch. I can reproduce the crash with raid1.c on alpha-linux
with 3.3.2 20031013. The patch committed to 3_3-rhl-branch (linked in the
audit trail) applies cleanly to the 3.3-branch and fixes the crash.

By the way, I cannot reproduce it with the test case which was commited 
to 3_3-rhl-branch (20030717-1.c), so probably raid1.c should be taken as test
case instead or additionally.

Comment 18 Mark Mitchell 2003-10-13 20:59:20 UTC

Subject: Re:  gcc miscompiles raid1.c from linux kernel


Thanks for the additional information.  

The patch is OK for 3.3.2.

Thanks,

Comment 19 GCC Commits 2003-10-14 08:10:37 UTC

Subject: Bug 11087

CVSROOT:	/cvs/gcc
Module name:	gcc
Branch: 	gcc-3_3-branch
Changes by:	steven@gcc.gnu.org	2003-10-14 08:10:33

Modified files:
	gcc            : ChangeLog loop.c 

Log message:
	2003-10-14  Steven Bosscher  <steven@gcc.gnu.org>
	
	PR target/11087
	Backport from gcc-3_3-rhl-branch and mainline.
	
	2003-07-17  Jakub Jelinek  <jakub@redhat.com>
	
	* loop.c (basic_induction_var): Check if convert_modes
	emitted any instructions. Remove them and return 0 if so.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.16114.2.778&r2=1.16114.2.779
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/loop.c.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.433.2.8&r2=1.433.2.9

Comment 20 Steven Bosscher 2003-10-14 08:10:58 UTC

I've commited this so that it's in before Mark starts rolling tarballs.  I have
not commited the test case from the rhl branches since it doesn't fail without
the patch.

Comment 21 Thomas Steudten 2003-10-14 14:19:49 UTC

Ok, what does this mean?
"I've commited this so that it's in before Mark starts rolling tarballs.  I have
not commited the test case from the rhl branches since it doesn't fail without
the patch."
In which version/release the patch is included *and* the tarball is verified,
that the patch is in?
The RH raid1.c workaround was for RH 7.1 kernel 2.4.20 gcc 2.96 and the current
kernel 2.6.0-test7 runs tests with gcc-3.2.2. So i tested gcc 2.95-3, 2.96, 3.3
and the new sources form cvs from yesterday (still open). And everyone crashs in
raid1.c.
I checked out the raid1.c standalone program, and it *never* crashs. So i thinks
it´s not usefull for the testsuite.
However i try to found out, what´s wrong with the alpha assembly code, but i
doesn´t found anything wrong here ( i can´t singlestep the kernel code for
read_balance and the standalone program seems to be fine.)

Code;  fffffc000050dd38 <read_balance+158/280>
0000000000000000 <_PC>:
Code;  fffffc000050dd38 <read_balance+158/280>
   0:   10 00 a6 a0       ldl  t4,16(t5)
Code;  fffffc000050dd3c <read_balance+15c/280>
   4:   1f 04 ff 47       nop
Code;  fffffc000050dd40 <read_balance+160/280>
   8:   24 15 82 40       subq t3,0x10,t3
Code;  fffffc000050dd44 <read_balance+164/280>
   c:   25 31 a0 40       subl t4,0x1,t4
Code;  fffffc000050dd48 <read_balance+168/280>
  10:   00 00 44 a4       ldq  t1,0(t3)
Code;  fffffc000050dd4c <read_balance+16c/280>
  14:   0e 00 40 e4       beq  t1,50 <_PC+0x50> fffffc000050dd88
<read_balance+1a8/280>
Code;  fffffc000050dd50 <read_balance+170/280>   <=====
  18:   58 00 22 a0       ldl  t0,88(t1)   <=====
Code;  fffffc000050dd54 <read_balance+174/280>
  1c:   0c 00 20 e4       beq  t0,50 <_PC+0x50> fffffc000050dd88 

Can anyone tell me, why this code is wrong? $t3 seems to be a valid pointer, but
$t1 got 1 and that fails.
OK - what gcc release i can test with the patch included?

Thanks
Thomas
http://alpha.steudten.com

Comment 22 falk.hueffner 2003-10-14 14:44:23 UTC

Subject: Re:  gcc miscompiles raid1.c from linux kernel

"tst at worldonline dot ch" <gcc-bugzilla@gcc.gnu.org> writes:

> In which version/release the patch is included *and* the tarball is
> verified, that the patch is in?

In no release. It has been added to the 3.3 CVS branch and should
therefore be in the 3.3.2 release tarball when it gets created.

> So i tested gcc 2.95-3, 2.96, 3.3 and the new sources form cvs from
> yesterday (still open). And everyone crashs in raid1.c. 

Are you sure the patch was already in when you checked out gcc? Is it
mentioned in the changelog?

> I checked out the raid1.c standalone program, and it *never*
> crashs.

That is weird. It certainly does for me:

falk@juist:/tmp% uname -a                                                       Linux juist 2.6.0-test3 #2 Sat Aug 9 20:21:49 CEST 2003 alpha GNU/Linux
falk@juist:/tmp% gcc-3.3 --version
gcc-3.3 (GCC) 3.3.2 20031005 (Debian prerelease)
falk@juist:/tmp% wget --quiet "http://gcc.gnu.org/bugzilla/attachment.cgi?id=4161&action=view" -O raid1.c
falk@juist:/tmp% gcc-3.3 -O2 raid1.c && ./a.out
zsh: segmentation fault (core dumped)  ./a.out

The crash goes away with the patch.

Comment 23 Andrew Pinski 2003-10-14 19:43:37 UTC

Fixed for 3.3.2.

Comment 24 Thomas Steudten 2003-11-04 09:35:28 UTC

The problem with the raid1.c in linux 2.4.21 and linux-2.6.0-test9-bk8 is gone
and fixed for me.
So gcc-3.3.2 is the prefered compiler for alpha in this days.

Regards
Tom