Bug 71462 - [7 Regression] gcc ICE at -O3 on valid code on x86_64-linux-gnu with “seg fault”
Summary: [7 Regression] gcc ICE at -O3 on valid code on x86_64-linux-gnu with “seg fa...
Status: RESOLVED FIXED
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 7.0
: P3 normal
Target Milestone: 7.0
Assignee: Richard Biener
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-08 19:16 UTC by Qirun Zhang
Modified: 2016-06-09 11:57 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2016-06-09 00:00:00

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Qirun Zhang 2016-06-08 19:16:40 UTC 
The following valid code causes an ICE when compiled with the current gcc trunk at -O3 on x86_64-linux-gnu in both 32-bit and 64-bit modes.

It appears to be a 7 regression.


$ gcc-trunk -v
Using built-in specs.
COLLECT_GCC=gcc-trunk
COLLECT_LTO_WRAPPER=/home/absozero/trunk/root-gcc/libexec/gcc/x86_64-pc-linux-gnu/7.0.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../gcc/configure --prefix=/home/absozero/trunk/root-gcc --enable-languages=c,c++ --disable-werror --enable-multilib
Thread model: posix
gcc version 7.0.0 20160608 (experimental) [trunk revision 237212] (GCC)


$ gcc-trunk -O3 abc.c
abc.c: In function ‘fn1’:
abc.c:3:6: internal compiler error: Segmentation fault
 void fn1() {
      ^~~
0xb635cf crash_signal
	../../gcc/gcc/toplev.c:335
0xcbe6bb ei_container
	../../gcc/gcc/basic-block.h:393
0xcbe6bb ei_end_p
	../../gcc/gcc/basic-block.h:429
0xcbe6bb ei_cond
	../../gcc/gcc/basic-block.h:479
0xcbe6bb find_uses_to_rename_bb
	../../gcc/gcc/tree-ssa-loop-manip.c:442
0xcc0a5e find_uses_to_rename
	../../gcc/gcc/tree-ssa-loop-manip.c:476
0xcc0a5e rewrite_into_loop_closed_ssa_1(bitmap_head*, unsigned int, int, loop*)
	../../gcc/gcc/tree-ssa-loop-manip.c:642
0xca5b30 tree_unroll_loops_completely(bool, bool)
	../../gcc/gcc/tree-ssa-loop-ivcanon.c:1388
0xca6030 execute
	../../gcc/gcc/tree-ssa-loop-ivcanon.c:1531
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <http://gcc.gnu.org/bugs.html> for instructions.


$ cat abc.c
short a;
long b;
void fn1() {
  int c = a = 1;
  for (; a; a++) {
    for (; 9 <= 8;)
      for (;;) {
        a = 20;
        for (; a <= 35; a++)
          ;
      line:;
      }
    if ((c += 264487869) == 9) {
      unsigned *d = 0;
      for (; b;)
        d = (unsigned *)&c;
      if (d)
        for (;;)
          ;
    }
  }
  goto line;
}
Comment 1 Richard Biener 2016-06-09 07:16:47 UTC 
Confirmed.  I will have a look.
Comment 2 Richard Biener 2016-06-09 07:55:37 UTC 
#4  0x0000000001035c30 in find_uses_to_rename (changed_bbs=0x26e1748, 
    use_blocks=0x281d750, need_phis=0x2792450, use_flags=1)
    at /space/rguenther/src/svn/trunk/gcc/tree-ssa-loop-manip.c:476
476                                   need_phis, use_flags);
(gdb) l
471       bitmap_iterator bi;
472
473       if (changed_bbs)
474         EXECUTE_IF_SET_IN_BITMAP (changed_bbs, 0, index, bi)
475           find_uses_to_rename_bb (BASIC_BLOCK_FOR_FN (cfun, index), use_blocks,
476                                   need_phis, use_flags);

hits a block in the bitmap that was removed.  This bitmap is filled
by unloop called in unloop_loops and after that we remove paths
that may cause such blocks to become removed...

It's probably easiest to robustify the above code instead.
Comment 3 Richard Biener 2016-06-09 11:36:54 UTC 
Author: rguenth
Date: Thu Jun  9 11:36:22 2016
New Revision: 237254

URL: https://gcc.gnu.org/viewcvs?rev=237254&root=gcc&view=rev
Log:
2016-06-09  Richard Biener  <rguenther@suse.de>

	PR tree-optimization/71462
	* tree-ssa-loop-manip.c (find_uses_to_rename): Guard against
	removed blocks.

	* gcc.dg/torture/pr71462.c: New testcase.

Added:
    trunk/gcc/testsuite/gcc.dg/torture/pr71462.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/tree-ssa-loop-manip.c
Comment 4 Richard Biener 2016-06-09 11:57:49 UTC 
Fixed.