Created attachment 44612 [details] .ii file attached gcc version --------------------------------------------------------------- swamimauli@swamimauli:~/upload/csmith/runtime/del$ gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/i686-linux-gnu/7/lto-wrapper Target: i686-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 7.2.0-8ubuntu3.2' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-7 --program-prefix=i686-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-targets=all --enable-multiarch --disable-werror --with-arch-32=i686 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=i686-linux-gnu --host=i686-linux-gnu --target=i686-linux-gnu Thread model: posix gcc version 7.2.0 (Ubuntu 7.2.0-8ubuntu3.2) swamimauli@swamimauli:~/upload/csmith/runtime/del$ compiling command ----------------------------------------------- Below is command line: OPTIONS :-fgnu-tm for transactional memory extension swamimauli@swamimauli:~/upload/csmith/runtime/del$ gcc -fgnu-tm testcase.c testcase.c: In function ‘func_9’: testcase.c:471:139: warning: comparison of distinct pointer types lacks a cast nc_14(func_18(p_11), ((safe_div_func_uint8_t_u_u(((g_406.f5 &= (l_538[0][1] > ((safe_sub_func_uint64_t_u_u(p_11, ((g_541 == ((*l_546) = g_545)) , (p_11 , (-3L))))) != (safe_div_func_uint8_t_u_u(((*l_558) = ((safe_add_func_int32_t_s_s((safe_lshift_func_uint8_t_u_u(((((safe_mul_func_uint8_t_u_u(((safe_lshift_func_uint8_t_u_s((((g_100.f4 || 65531UL) , (-8L)) & p_11), 3)) < 0xC625L), l_557)) , 0xEF867843L) , l_557) != p_11), 6)), g_133[0][1].f5)) == 0x3EADAD52L)), l_538[0][1]))))) == g_212[0][4]), (**g_391))) , (void*)0), g_3); ^~ testcase.c: In function ‘func_14’: testcase.c:618:468: warning: comparison of distinct pointer types lacks a cast func_int16_t_s_s(6L, (1UL & l_703[7]))), g_531.f5)) <= 0x5EL), l_644)), (*l_662))))) | 0x9C1A534825D755BFLL) , (*g_541)) != l_704[2][0][1]) == l_629))); ^~ testcase.c:685:260: warning: comparison of distinct pointer types lacks a cast nt32_t_u_u(p_17, (-6L))))), ((g_751 != ((l_752 != (**p_15)) != (l_753 = l_652[3]))) < (safe_div_func_uint16_t_u_u((l_756 != l_757), 0x0ABFL))))) != p_17)); ^~ testcase.c: In function ‘func_33’: testcase.c:859:139: internal compiler error: in expand_expr_addr_expr_1, at expr.c:7862 (((((*l_126) = 4294967295UL) == (((((*l_128) = &g_102) != l_130) , ((g_133[0][1] , l_134) != (p_36 != (void*)0))) > g_100.f3)) & ((void*)0 == l_135)) || 0xAC466B2A51B1567ELL) > g_56.f0); ~~~~~^~~ Please submit a full bug report, with preprocessed source if appropriate. See <file:///usr/share/doc/gcc-7/README.Bugs> for instructions. swamimauli@swamimauli:~/upload/csmith/runtime/del$ reduced file ------------------------------------------------- REDUCED TESTCACE : #include "csmith.h" struct { unsigned : 7; unsigned a : 3 } b[][1]; c() { __transaction_relaxed { safe_rshift_func_int16_t_s_u(0, b[0][1].a); } } backtrack report -------------------------------------------------- This is the full backtrace of the ICE: bug.c: In function ‘func_33’: bug.c:857:139: internal compiler error: in exact_div, at poly-int.h:2139 0x89a47f poly_int<1u, poly_result<long, if_nonpoly<int, int, poly_int_traits<int>::is_poly>::type, poly_coeff_pair_traits<long, if_nonpoly<int, int, poly_int_traits<int>::is_poly>::type>::result_kind>::type> exact_div<1u, long, int>(poly_int_pod<1u, long> const&, int) ../../gcc/gcc/poly-int.h:2139 0x89a47f expand_expr_addr_expr_1 ../../gcc/gcc/expr.c:7977 0x88caa1 expand_expr_addr_expr ../../gcc/gcc/expr.c:8018 0x88caa1 expand_expr_real_1(tree_node*, rtx_def*, machine_mode, expand_modifier, rtx_def**, bool) ../../gcc/gcc/expr.c:11142 0x74ff69 expand_normal ../../gcc/gcc/expr.h:285 0x74ff69 precompute_register_parameters ../../gcc/gcc/calls.c:976 0x74ff69 expand_call(tree_node*, rtx_def*, int) ../../gcc/gcc/calls.c:4055 0x73e65d expand_builtin(tree_node*, rtx_def*, rtx_def*, machine_mode, int) ../../gcc/gcc/builtins.c:8002 0x88eac3 expand_expr_real_1(tree_node*, rtx_def*, machine_mode, expand_modifier, rtx_def**, bool) ../../gcc/gcc/expr.c:10911 0x89acba store_expr(tree_node*, rtx_def*, int, bool, bool) ../../gcc/gcc/expr.c:5614 0x89c5bd expand_assignment(tree_node*, tree_node*, bool) ../../gcc/gcc/expr.c:5398 0x765e78 expand_call_stmt ../../gcc/gcc/cfgexpand.c:2685 0x765e78 expand_gimple_stmt_1 ../../gcc/gcc/cfgexpand.c:3575 0x765e78 expand_gimple_stmt ../../gcc/gcc/cfgexpand.c:3734 0x767917 expand_gimple_basic_block ../../gcc/gcc/cfgexpand.c:5769 0x76d97e execute ../../gcc/gcc/cfgexpand.c:6372
Confirmed, it's very old ICE (4.8.0+). Cleaned up test-case: $ cat pr87118-2.c struct { unsigned a: 7; unsigned b : 3; } b; void d() {} void c() { __transaction_relaxed { d(b.b); } }
This bug came up on the mailing lists here: https://gcc.gnu.org/ml/gcc/2018-12/msg00057.html
comfirmed on gcc-9.0 Currently, I tested on gcc-9.0, I could reproduce the same there. I found the crash function name differs this time, from the previous function name, whereas the backtrack remains the same, So is this same bug? internal compiler error: in exact_div, at poly-int.h:2139 857 | != l_130) , ((g_133[0][1] , l_134) != (p_36 != (void*)0))) > g_100.f3)) & ((void*)0 == l_135)) || 0xAC466B2A51B1567ELL) > g_56.f0); | ~~~~~^~~
Seems that this commit is causing it: d3f2e41eae66b3 based on Martin's comments.
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=d3f2e41eae66b3699aaa6e2bfc4ce5b86cedd37e
Here is a testcase which shows the issue is related to bitfields: struct { unsigned a: 7; unsigned b : 3; } b; void d(int t) {} void c() { __transaction_relaxed { d(b.b); } }
*** Bug 89351 has been marked as a duplicate of this bug. ***