71622 – gcc 5.3.1 crashes when it tries to compile qtbase [dev]

Bug 71622 - gcc 5.3.1 crashes when it tries to compile qtbase [dev]

Summary: gcc 5.3.1 crashes when it tries to compile qtbase [dev]

Status:	RESOLVED DUPLICATE of bug 63319

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	pch (show other bugs)
Version:	5.3.0

Importance:	P3 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-06-22 12:50 UTC by mipohjan
Modified:	2016-06-23 07:21 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:	2016-06-23 00:00:00

Attachments
preprocessed file (142.47 KB, text/plain) 2016-06-22 12:52 UTC, mipohjan	Details
gcc output from the build crash (684 bytes, text/plain) 2016-06-22 13:03 UTC, mipohjan	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mipohjan 2016-06-22 12:50:21 UTC

Comment 1 mipohjan 2016-06-22 12:52:18 UTC

Created attachment 38746 [details]
preprocessed file

Comment 2 mipohjan 2016-06-22 13:03:59 UTC

Created attachment 38747 [details]
gcc output from the build crash

Comment 3 mipohjan 2016-06-22 13:08:39 UTC

* gcc version 5.3.1 20160413 (Ubuntu 5.3.1-14ubuntu2)
* Ubuntu 16.04 LTS (Xenial)
* gcc from the Ubuntu repositories
* qt cloned from http://codereview.qt-project.org/qt/qt5 [dev] branch
* qt configured with:
./configure -openssl -R . -opensource -confirm-license -nomake tests -verbose -prefix . -nomake examples -no-widgets -force-debug-info
* and build with:
 make module-qtbase

Note there's no crash if configured with:
./configure -openssl -R . -opensource -confirm-license -nomake tests -verbose -prefix . -developer-build -qtnamespace TestNamespace -qtlibinfix TestInfix -nomake examples

Comment 4 Thiago Macieira 2016-06-23 05:24:03 UTC

This happens with OpenSUSE's GCC 5.3.1 too. It does not happen with 6.1.1, so whatever the problem was, it's been solved.

I can also confirm that the problem goes away when PCH support is disabled in Qt. Maybe that can help the maintainers a find if there's a patch to backport to the gcc_5_branch.

Comment 5 Matthias Klose 2016-06-23 05:41:10 UTC

you need to build and submit the report without precompiled headers. In this form it is not reproducible.

Comment 6 Markus Trippelsdorf 2016-06-23 05:44:31 UTC

(In reply to Matthias Klose from comment #5)
> you need to build and submit the report without precompiled headers. In this
> form it is not reproducible.

Well, if the segfault only happens if PCH are used, this is impossible.

Comment 7 Markus Trippelsdorf 2016-06-23 05:59:46 UTC

Might be related to PR63319.

Can you please run gcc under gdb to get a backtrace?

Comment 8 Thiago Macieira 2016-06-23 06:53:10 UTC

cc1plus doesn't stop in gdb, for some reason. Instead, it prints:

painting/qdrawhelper.cpp: In function ‘void qt_bitmapblit_quint16(QRasterBuffer*, int, int, const QRgba64&, const uchar*, int, int, int)’:
painting/qdrawhelper.cpp:5753:20: internal compiler error: in tree_node_structure_for_code, at tree.c:508
 inline static void qt_bitmapblit_quint16(QRasterBuffer *rasterBuffer,
                    ^

Outside of gdb, it prints "Segmentation fault", but doesn't generate a core file nor does systemd-coredump catch this crash, so no postmortem debugging.

Any tricks to do that?

Comment 9 Markus Trippelsdorf 2016-06-23 07:00:32 UTC

(In reply to Thiago Macieira from comment #8)
> cc1plus doesn't stop in gdb, for some reason. Instead, it prints:
> 
> painting/qdrawhelper.cpp: In function ‘void
> qt_bitmapblit_quint16(QRasterBuffer*, int, int, const QRgba64&, const
> uchar*, int, int, int)’:
> painting/qdrawhelper.cpp:5753:20: internal compiler error: in
> tree_node_structure_for_code, at tree.c:508
>  inline static void qt_bitmapblit_quint16(QRasterBuffer *rasterBuffer,
>                     ^
> 
> Outside of gdb, it prints "Segmentation fault", but doesn't generate a core
> file nor does systemd-coredump catch this crash, so no postmortem debugging.
> 
> Any tricks to do that?

Yes. Just invoke cc1plus directly.
(Add -v to the gcc invocation and then copy & paste the cc1plus command
line, that is printed out.

Comment 10 Markus Trippelsdorf 2016-06-23 07:02:37 UTC

valgrind --track-origins=yes --trace-children=yes g++...
will probably also print a backtrace.

Comment 11 Thiago Macieira 2016-06-23 07:03:38 UTC

(In reply to Markus Trippelsdorf from comment #9)
> Yes. Just invoke cc1plus directly.
> (Add -v to the gcc invocation and then copy & paste the cc1plus command
> line, that is printed out.

That's what I've done. cc1plus seems not to crash when run inside gdb.

Comment 12 Markus Trippelsdorf 2016-06-23 07:10:59 UTC

(In reply to Thiago Macieira from comment #11)
> (In reply to Markus Trippelsdorf from comment #9)
> > Yes. Just invoke cc1plus directly.
> > (Add -v to the gcc invocation and then copy & paste the cc1plus command
> > line, that is printed out.
> 
> That's what I've done. cc1plus seems not to crash when run inside gdb.

Ah, sorry. It looks like a dup of 63319.

*** This bug has been marked as a duplicate of bug 63319 ***

Comment 13 Thiago Macieira 2016-06-23 07:11:14 UTC

(In reply to Markus Trippelsdorf from comment #10)
> valgrind --track-origins=yes --trace-children=yes g++...
> will probably also print a backtrace.

First error:

==32645== Conditional jump or move depends on uninitialised value(s)
==32645==    at 0x7EE1B2: sparseset_bit_p (sparseset.h:147)                                                             
==32645==    by 0x7EE1B2: mark_pseudo_regno_live(int) (ira-lives.c:301)                                                 
==32645==    by 0x7EEE40: process_bb_node_lives(ira_loop_tree_node*) (ira-lives.c:1281)                                 
==32645==    by 0x7D6276: ira_traverse_loop_tree(bool, ira_loop_tree_node*, void (*)(ira_loop_tree_node*), void (*)(ira_loop_tree_node*)) (ira-build.c:1845)                                                                                    
==32645==    by 0x7EFB21: ira_create_allocno_live_ranges() (ira-lives.c:1582)                                           
==32645==    by 0x7D7BF3: ira_build() (ira-build.c:3461)                                                                
==32645==    by 0x7D114A: ira (ira.c:5278)
==32645==    by 0x7D114A: (anonymous namespace)::pass_ira::execute(function*) (ira.c:5570)
==32645==    by 0x879215: execute_one_pass(opt_pass*) (passes.c:2330)
==32645==    by 0x879645: execute_pass_list_1(opt_pass*) [clone .constprop.64] (passes.c:2383)
==32645==    by 0x879657: execute_pass_list_1(opt_pass*) [clone .constprop.64] (passes.c:2384)
==32645==    by 0x879698: execute_pass_list(function*, opt_pass*) (passes.c:2394)
==32645==    by 0x62DC8A: cgraph_node::expand() (cgraphunit.c:1896)
==32645==    by 0x62EF73: expand_all_functions (cgraphunit.c:2032)
==32645==    by 0x62EF73: symbol_table::compile() [clone .part.43] (cgraphunit.c:2385)
==32645==  Uninitialised value was created by a heap allocation
==32645==    at 0x4C2D12F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32645==    by 0xF33B97: xmalloc (xmalloc.c:147)
==32645==    by 0x90E544: sparseset_alloc(unsigned long) (sparseset.c:33)
==32645==    by 0x7EFAAF: ira_create_allocno_live_ranges() (ira-lives.c:1574)
==32645==    by 0x7D7BF3: ira_build() (ira-build.c:3461)
==32645==    by 0x7D114A: ira (ira.c:5278)
==32645==    by 0x7D114A: (anonymous namespace)::pass_ira::execute(function*) (ira.c:5570)
==32645==    by 0x879215: execute_one_pass(opt_pass*) (passes.c:2330)
==32645==    by 0x879645: execute_pass_list_1(opt_pass*) [clone .constprop.64] (passes.c:2383)
==32645==    by 0x879657: execute_pass_list_1(opt_pass*) [clone .constprop.64] (passes.c:2384)
==32645==    by 0x879698: execute_pass_list(function*, opt_pass*) (passes.c:2394)
==32645==    by 0x62DC8A: cgraph_node::expand() (cgraphunit.c:1896)
==32645==    by 0x62EF73: expand_all_functions (cgraphunit.c:2032)
==32645==    by 0x62EF73: symbol_table::compile() [clone .part.43] (cgraphunit.c:2385)

Followed by a lot of similar errors, then

==32645== Use of uninitialised value of size 8
==32645==    at 0x7EE1B7: sparseset_bit_p (sparseset.h:147)
==32645==    by 0x7EE1B7: mark_pseudo_regno_live(int) (ira-lives.c:301)
==32645==    by 0x7EEBA6: process_bb_node_lives(ira_loop_tree_node*) (ira-lives.c:1106)
==32645==    by 0x7D6295: ira_traverse_loop_tree(bool, ira_loop_tree_node*, void (*)(ira_loop_tree_node*), void (*)(ira_loop_tree_node*)) (ira-build.c:1845)
==32645==    by 0x7EFB21: ira_create_allocno_live_ranges() (ira-lives.c:1582)
==32645==    by 0x7D7BF3: ira_build() (ira-build.c:3461)
==32645==    by 0x7D114A: ira (ira.c:5278)
==32645==    by 0x7D114A: (anonymous namespace)::pass_ira::execute(function*) (ira.c:5570)
==32645==    by 0x879215: execute_one_pass(opt_pass*) (passes.c:2330)
==32645==    by 0x879645: execute_pass_list_1(opt_pass*) [clone .constprop.64] (passes.c:2383)
==32645==    by 0x879657: execute_pass_list_1(opt_pass*) [clone .constprop.64] (passes.c:2384)
==32645==    by 0x879698: execute_pass_list(function*, opt_pass*) (passes.c:2394)
==32645==    by 0x62DC8A: cgraph_node::expand() (cgraphunit.c:1896)
==32645==    by 0x62EF73: expand_all_functions (cgraphunit.c:2032)
==32645==    by 0x62EF73: symbol_table::compile() [clone .part.43] (cgraphunit.c:2385)
==32645==  Uninitialised value was created by a heap allocation
==32645==    at 0x4C2D12F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32645==    by 0xF33B97: xmalloc (xmalloc.c:147)
==32645==    by 0x90E544: sparseset_alloc(unsigned long) (sparseset.c:33)
==32645==    by 0x7EFAAF: ira_create_allocno_live_ranges() (ira-lives.c:1574)
==32645==    by 0x7D7BF3: ira_build() (ira-build.c:3461)
==32645==    by 0x7D114A: ira (ira.c:5278)
==32645==    by 0x7D114A: (anonymous namespace)::pass_ira::execute(function*) (ira.c:5570)
==32645==    by 0x879215: execute_one_pass(opt_pass*) (passes.c:2330)
==32645==    by 0x879645: execute_pass_list_1(opt_pass*) [clone .constprop.64] (passes.c:2383)
==32645==    by 0x879657: execute_pass_list_1(opt_pass*) [clone .constprop.64] (passes.c:2384)
==32645==    by 0x879698: execute_pass_list(function*, opt_pass*) (passes.c:2394)
==32645==    by 0x62DC8A: cgraph_node::expand() (cgraphunit.c:1896)
==32645==    by 0x62EF73: expand_all_functions (cgraphunit.c:2032)
==32645==    by 0x62EF73: symbol_table::compile() [clone .part.43] (cgraphunit.c:2385)

Later:

==32645== More than 100 errors detected.  Subsequent errors
==32645== will still be recorded, but in less detail than before.

Unlike in PR63319, valgrind showed no "Invalid read" or write.

Comment 14 Thiago Macieira 2016-06-23 07:12:18 UTC

(In reply to Markus Trippelsdorf from comment #12)
> (In reply to Thiago Macieira from comment #11)
> > (In reply to Markus Trippelsdorf from comment #9)
> > > Yes. Just invoke cc1plus directly.
> > > (Add -v to the gcc invocation and then copy & paste the cc1plus command
> > > line, that is printed out.
> > 
> > That's what I've done. cc1plus seems not to crash when run inside gdb.
> 
> Ah, sorry. It looks like a dup of 63319.
> 
> *** This bug has been marked as a duplicate of bug 63319 ***

That might be, but bug 63319 is closed as WORKSFORME. Any recourse possible?

Comment 15 Markus Trippelsdorf 2016-06-23 07:15:38 UTC

All these bogus valgrind warnings can be suppressed if you configure gcc
with --enable-valgrind-annotations.

Comment 16 Thiago Macieira 2016-06-23 07:21:52 UTC

(In reply to Markus Trippelsdorf from comment #15)
> All these bogus valgrind warnings can be suppressed if you configure gcc
> with --enable-valgrind-annotations.

That's good to know, but Valgrind didn't report a single erroneous access. And since there's no actual crash when run inside gdb, I don't think valgrind will help further.

If I put a breakpoint on tree.c:508 (the line reported in the output), I get:

#0  tree_node_structure_for_code (code=30240) at ../../gcc/tree.c:508
#1  tree_node_structure (t=t@entry=0x7ffff3e27438) at ../../gcc/tree.c:3370
#2  0x0000000000545080 in gt_ggc_mx_lang_tree_node (x_p=<optimized out>) at ./gt-cp-tree.h:243
#3  0x00000000007188c6 in ggc_mark_root_tab (rt=0x10b9d08 <gt_ggc_r_gt_i386_h+40>) at ../../gcc/ggc-common.c:81
#4  0x0000000000718b91 in ggc_mark_roots () at ../../gcc/ggc-common.c:98
#5  0x00000000005d1280 in ggc_collect () at ../../gcc/ggc-page.c:2199
#6  0x000000000087931f in execute_one_pass (pass=pass@entry=0x19920e0) at ../../gcc/passes.c:2371
#7  0x0000000000879646 in execute_pass_list_1 (pass=0x19920e0) at ../../gcc/passes.c:2383
#8  0x0000000000879658 in execute_pass_list_1 (pass=0x1991d20, pass@entry=0x1991c60) at ../../gcc/passes.c:2384
#9  0x0000000000879699 in execute_pass_list (fn=0x7ffff2f479d8, pass=0x1991c60) at ../../gcc/passes.c:2394
#10 0x000000000062dc8b in cgraph_node::expand (this=this@entry=0x7ffff2f45498) at ../../gcc/cgraphunit.c:1896
#11 0x000000000062ef74 in expand_all_functions () at ../../gcc/cgraphunit.c:2032
#12 symbol_table::compile (this=this@entry=0x100478d300) at ../../gcc/cgraphunit.c:2385
#13 0x0000000000630410 in symbol_table::compile (this=0x100478d300) at ../../gcc/timevar.h:110
#14 symbol_table::finalize_compilation_unit (this=0x100478d300) at ../../gcc/cgraphunit.c:2462
#15 0x00000000004ce4d3 in cp_write_global_declarations () at ../../gcc/cp/decl2.c:4849
#16 0x000000000091d763 in compile_file () at ../../gcc/toplev.c:613
#17 0x000000000045f095 in do_compile () at ../../gcc/toplev.c:2067
#18 toplev::main (this=this@entry=0x7fffffffd040, argc=argc@entry=84, argv=argv@entry=0x7fffffffd148)
    at ../../gcc/toplev.c:2165
#19 0x000000000045fd8a in main (argc=84, argv=0x7fffffffd148) at ../../gcc/main.c:39

It crashes after this.