107803 – [13 Regression] ICE in init_from_control_deps, at gimple-predicate-analysis.cc:1699 since r13-2314-ga8ebd27d0ab69b

Bug 107803 - [13 Regression] ICE in init_from_control_deps, at gimple-predicate-analysis.cc:1699 since r13-2314-ga8ebd27d0ab69b

Summary: [13 Regression] ICE in init_from_control_deps, at gimple-predicate-analysis.c...

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	tree-optimization (show other bugs)
Version:	13.0

Importance:	P1 normal
Target Milestone:	13.0
Assignee:	Richard Biener

URL:
Keywords:	ice-on-valid-code

Depends on:
Blocks:

Reported:	2022-11-22 07:34 UTC by Martin Liška
Modified:	2022-11-25 09:40 UTC (History)
CC List:	1 user (show)

See Also:	107867
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2022-11-22 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Liška 2022-11-22 07:34:02 UTC

The following crashes:

$ cat ~/Programming/testcases/feasible.ii
void printf(...);
void __sigsetjmp_cancel() __attribute__((__returns_twice__));
int z, main_ret;
void func(void *) {}

int
main() {
  int x;
  void (*__cancel_routine)(void *)(func);
  __sigsetjmp_cancel();
  __cancel_routine(0);
  if (main_ret)
    x = z;
  printf(x);
}

$ ./xgcc -B. ~/Programming/testcases/feasible.ii -fno-tree-dominator-opts -O1 -Wmaybe-uninitialized -fno-tree-fre -c
during GIMPLE pass: uninit
/home/marxin/Programming/testcases/feasible.ii: In function ‘int main()’:
/home/marxin/Programming/testcases/feasible.ii:7:1: internal compiler error: in init_from_control_deps, at gimple-predicate-analysis.cc:1699
    7 | main() {
      | ^~~~
0x2dd8fb3 predicate::init_from_control_deps(vec<edge_def*, va_heap, vl_ptr> const*, unsigned int, bool)
	/home/marxin/Programming/gcc2/gcc/gimple-predicate-analysis.cc:1699
0x2dd9aab uninit_analysis::init_use_preds(predicate&, basic_block_def*, basic_block_def*)
	/home/marxin/Programming/gcc2/gcc/gimple-predicate-analysis.cc:1943
0x2dda1be uninit_analysis::is_use_guarded(gimple*, basic_block_def*, gphi*, unsigned int, hash_set<gphi*, false, default_hash_traits<gphi*> >*)
	/home/marxin/Programming/gcc2/gcc/gimple-predicate-analysis.cc:2094
0x2dda349 uninit_analysis::is_use_guarded(gimple*, basic_block_def*, gphi*, unsigned int)
	/home/marxin/Programming/gcc2/gcc/gimple-predicate-analysis.cc:2135
0x1b7ff35 find_uninit_use
	/home/marxin/Programming/gcc2/gcc/tree-ssa-uninit.cc:1238
0x1b80277 warn_uninitialized_phi
	/home/marxin/Programming/gcc2/gcc/tree-ssa-uninit.cc:1308
0x1b806f9 execute_late_warn_uninitialized
	/home/marxin/Programming/gcc2/gcc/tree-ssa-uninit.cc:1426
0x1b807f9 execute
	/home/marxin/Programming/gcc2/gcc/tree-ssa-uninit.cc:1442
Please submit a full bug report, with preprocessed source (by using -freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.

Comment 1 Richard Biener 2022-11-22 08:47:46 UTC

Confirmed, I'll have a look (another hit of this sanity check ...).  We have

<bb 5> [local count: 1073312329]:

with two successors (one "dead" abnormal edge to .ABNORMAL_DISPATCHER) left around by some pass not properly cleaning up.

Comment 2 Richard Biener 2022-11-22 09:14:29 UTC

So it's CCP which turns

  <bb 2> :
  __cancel_routine_8 = func;
...
  <bb 5> :
  __cancel_routine.0_1 = __cancel_routine_8;
  __cancel_routine.0_1 (0B);

into

  <bb 5> :
  func (0B);

but fails to invoke abnormal cleanup here.  It's a general issue with the propagation engine.

Comment 3 GCC Commits 2022-11-22 11:05:34 UTC

The master branch has been updated by Richard Biener <rguenth@gcc.gnu.org>:

https://gcc.gnu.org/g:e4faee8d02ec5d65bf418612f7181823eb08c078

commit r13-4229-ge4faee8d02ec5d65bf418612f7181823eb08c078
Author: Richard Biener <rguenther@suse.de>
Date:   Tue Nov 22 10:16:14 2022 +0100

    tree-optimization/107803 - abnormal cleanup from the SSA propagator
    
    The SSA propagator is missing abnormal cleanup which shows in a
    sanity check in the uninit engine (and missed CFG verification).
    The following adds that.
    
            PR tree-optimization/107803
            * tree-ssa-propagate.cc (substitute_and_fold_dom_walker): Add
            need_ab_cleanup member.
            (substitute_and_fold_dom_walker::before_dom_children): When
            a stmt can no longer transfer control flow abnormally set
            need_ab_cleanup.
            (substitute_and_fold_engine::substitute_and_fold): Cleanup
            abnormal control flow.
    
            * g++.dg/pr107803.C: New testcase.

Comment 4 Richard Biener 2022-11-22 11:17:58 UTC

Fixed.