fails in 4.8 up to 6, works with -O2 $ gcc -c -O3 math.i math.i: In function 'P_Pow': math.i:26:8: internal compiler error: Segmentation fault Object P_Pow (Object x, Object y) { return General_Function (x, y, pow); } ^ 0x102bde83 crash_signal ../../src/gcc/toplev.c:383 0x1031d914 gimple_expand_builtin_pow ../../src/gcc/tree-ssa-math-opts.c:1169 0x10a42827 execute ../../src/gcc/tree-ssa-math-opts.c:1517 Please submit a full bug report, with preprocessed source if appropriate. $ cat math.i extern double pow (double __x, double __y) __attribute__ ((__nothrow__ , __leaf__)); extern double __pow (double __x, double __y) __attribute__ ((__nothrow__ , __leaf__)); typedef int int64_t __attribute__ ((__mode__ (__DI__))); typedef struct { int64_t data; int tag; } Object; extern Object Make_Flonum (double); extern Object P_Pow (Object, Object); Object General_Function (Object x, Object y, double (*fun)()) { double d, ret; d = 1.0; if (y.tag >> 1) ret = (*fun) (d); else ret = (*fun) (d, 0.0); return Make_Flonum (ret); } Object P_Pow (Object x, Object y) { return General_Function (x, y, pow); }
Confirmed on aarch64 as well
Using gdb, the gimple stmt causing the ICE is: # .MEM_10 = VDEF <.MEM_1(D)> ret_5 = pow (1.0e+0);
So we have an unreachable call to pow with the wrong number of arguments. I suppose the expansion logic for builtin_pow should tolerate this situation and just do nothing with it.
(I should say, presumably unreachable. This source code looks pretty dicey in the first place, but nonetheless we should probably tolerate it at this stage of optimization.)
Created attachment 38156 [details] Patch that permits this to compile The attached patch allows the compilation to succeed in spite of the incorrect number of arguments provided to pow (). I suppose this is a reasonable approach, but it makes me a bit queasy to let obviously incorrect code go by undiagnosed. Still, it's no different than providing the wrong number of arguments to some other function; we only notice here because we convert the function call to a built-in. CCing Richard for his opinion.
IMHO much better would be to call gimple_call_builtin_p (call, BUILT_IN_NORMAL) (for non-internal functions) and only treat those as builtins if that function returned true. That checks both the number of arguments, roughly their types etc.
Ah, but gimple_call_combined_fn already performs this. So perhaps all you need is the tree-inline.c part?
The tree-inline part only shows up after fixing the part in tree-ssa-math-opts.c, where the initial failure occurs. The DECL is already encoded as a BUILT_IN_POW by the time we get that far.
I've missed the pass_optimize_widening_mul::execute in your patch, that is also another spot where you'd want to call it. But the sincos hunks should be safe as is.
Ok, sounds good. I have vacation this afternoon, but will revisit this over the weekend or Monday.
Jakub, thanks, I've verified that works and makes for a much better patch. Will post shortly on gcc-patches.
Author: wschmidt Date: Mon Apr 4 15:42:19 2016 New Revision: 234716 URL: https://gcc.gnu.org/viewcvs?rev=234716&root=gcc&view=rev Log: [gcc] 2016-04-04 Bill Schmidt <wschmidt@linux.vnet.ibm.com> Jakub Jelinek <jakub@redhat.com> PR middle-end/70457 * tree-inline.c (estimate_num_insn): Use gimple_call_builtin_p to ensure a call statement is compatible with a built-in's prototype. * tree-ssa-math-opts.c (pass_optimize_windening_mul::execute): Likewise. [gcc/testsuite] 2016-04-04 Bill Schmidt <wschmidt@linux.vnet.ibm.com> Jakub Jelinek <jakub@redhat.com> PR middle-end/70457 * gcc.dg/torture/pr70457.c: New. Added: trunk/gcc/testsuite/gcc.dg/torture/pr70457.c Modified: trunk/gcc/ChangeLog trunk/gcc/testsuite/ChangeLog trunk/gcc/tree-inline.c trunk/gcc/tree-ssa-math-opts.c
Author: wschmidt Date: Mon Apr 4 15:45:59 2016 New Revision: 234717 URL: https://gcc.gnu.org/viewcvs?rev=234717&root=gcc&view=rev Log: [gcc] 2016-04-04 Bill Schmidt <wschmidt@linux.vnet.ibm.com> Jakub Jelinek <jakub@redhat.com> PR middle-end/70457 * tree-inline.c (estimate_num_insn): Use gimple_call_builtin_p to ensure a call statement is compatible with a built-in's prototype. * tree-ssa-math-opts.c (execute_cse_sincos_1): Likewise. (pass_cse_sincos::execute): Likewise. (pass_optimize_widening_mul::execute): Likewise. [gcc/testsuite] 2016-04-04 Bill Schmidt <wschmidt@linux.vnet.ibm.com> Jakub Jelinek <jakub@redhat.com> PR middle-end/70457 * gcc.dg/torture/pr70457.c: New. Added: branches/gcc-5-branch/gcc/testsuite/gcc.dg/torture/pr70457.c Modified: branches/gcc-5-branch/gcc/ChangeLog branches/gcc-5-branch/gcc/testsuite/ChangeLog branches/gcc-5-branch/gcc/tree-inline.c branches/gcc-5-branch/gcc/tree-ssa-math-opts.c
Author: wschmidt Date: Mon Apr 4 15:47:51 2016 New Revision: 234718 URL: https://gcc.gnu.org/viewcvs?rev=234718&root=gcc&view=rev Log: [gcc] 2016-04-04 Bill Schmidt <wschmidt@linux.vnet.ibm.com> Jakub Jelinek <jakub@redhat.com> PR middle-end/70457 * tree-inline.c (estimate_num_insn): Use gimple_call_builtin_p to ensure a call statement is compatible with a built-in's prototype. * tree-ssa-math-opts.c (execute_cse_sincos_1): Likewise. (execute_cse_sincos): Likewise. (execute_optimize_widening_mul): Likewise. [gcc/testsuite] 2016-04-04 Bill Schmidt <wschmidt@linux.vnet.ibm.com> Jakub Jelinek <jakub@redhat.com> PR middle-end/70457 * gcc.dg/torture/pr70457.c: New. Added: branches/gcc-4_9-branch/gcc/testsuite/gcc.dg/torture/pr70457.c Modified: branches/gcc-4_9-branch/gcc/ChangeLog branches/gcc-4_9-branch/gcc/testsuite/ChangeLog branches/gcc-4_9-branch/gcc/tree-inline.c branches/gcc-4_9-branch/gcc/tree-ssa-math-opts.c
Matthias, the code is now fixed everywhere upstream. Do you need a merge into ibm/gcc-5-branch?
Fixed.