I'm building a system with Linux From Scratch approach on a Loongson-3A4000 (mips64el, with MSA support). I tried to build GCC-10.2.0 but it crashes building other packages, with `-mmsa`. I investigated a little and it shown a simple program could trigger the ICE: $ cat bug.c void foo() { double x = 1.0; } $ cc bug.c -c bug.c:3:10: internal compiler error: in mode_size_inline, at ./insn-modes-inline.h:18 The problem is pinpointed at gcc/config/mips/mips.c line 2895: return mips_symbol_insns (symbol_type, MAX_MACHINE_MODE); In mips_symbol_insns: if (MSA_SUPPORTED_MODE_P (mode)) return 0; MSA_SUPPORTED_MODE_P is defined as: #define MSA_SUPPORTED_MODE_P(MODE) \ (ISA_HAS_MSA \ && GET_MODE_SIZE (MODE) == UNITS_PER_MSA_REG \ && (GET_MODE_CLASS (MODE) == MODE_VECTOR_INT \ || GET_MODE_CLASS (MODE) == MODE_VECTOR_FLOAT)) When -mmsa is used, ISA_HAS_MSA is expanded to `true`. And GET_MODE_SIZE is expanded to a call to mode_to_bytes, which is defined: ALWAYS_INLINE poly_uint16 mode_to_bytes (machine_mode mode) { #if GCC_VERSION >= 4001 return (__builtin_constant_p (mode) ? mode_size_inline (mode) : mode_size[mode]); #else return mode_size[mode]; #endif } Here `mode` is MAX_MACHINE_MODE, which equals to NUM_MACHINE_MODES, the size of array `mode_size`. And, there is an assertion in mode_size_inline: gcc_assert (mode >= 0 && mode < NUM_MACHINE_MODES); So, if __builtin_constant_p is evaluated `true`, the assertion will be triggered. Otherwise, we have an out-of-bound array access. Anyway it is wrong.
It can be reproduced with a cross build on x86_64-linux, with asan: $ ../gcc/configure --target=mips64el-unknown-linux-gnuabi64 --with-abi=64 --enable-languages=c,c++ --with-system-zlib (build log skipped) $ ASAN_OPTIONS=detect_leaks=0:use_odr_indicator=1 make all-gcc {C,CXX,LD}FLAGS="-O0 -g3 -ggdb -fsanitize=address -static-libasan" -j 4 (build log skipped) $ gcc/cc1 ~/bug.c -nostdinc -mmsa f Analyzing compilation unit Performing interprocedural optimizations <*free_lang_data> {heap 0 } <visibility> {heap 0 } <build_ssa_passes> {heap 0 } <opt_local_passes> {heap 0 } <remove_symbols> {heap 0 } <targetclone> {heap 0 } <free-fnsummary> {heap 0 }Streaming LTO <whole-program> {heap 0 } <fnsummary> {heap 0 } <inline> {heap 0 } <modref> {heap 0 } <free-fnsummary> {heap 0 } <single-use> {heap 0 } <comdats> {heap 0 }Assembling functions: f================================================================= ==257274==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000521e70a at pc 0x000002c535c1 bp 0x7ffc1ac50930 sp 0x7ffc1ac50928 READ of size 2 at 0x00000521e70a thread T0 #0 0x2c535c0 in mode_to_bytes(machine_mode) ../../gcc/gcc/machmode.h:550 #1 0x2c535c0 in mips_symbol_insns ../../gcc/gcc/config/mips/mips.c:2384 #2 0x2c591fc in mips_const_insns(rtx_def*) ../../gcc/gcc/config/mips/mips.c:2895 (more asan output skipped)
Patch proposed: https://gcc.gnu.org/pipermail/gcc-patches/2020-December/562629.html
The master branch has been updated by Richard Sandiford <rsandifo@gcc.gnu.org>: https://gcc.gnu.org/g:06505e701dcfdb1b9855601d6cf0aa1caea62975 commit r11-7264-g06505e701dcfdb1b9855601d6cf0aa1caea62975 Author: Xi Ruoyao <xry111@mengyan1223.wang> Date: Wed Feb 17 11:57:13 2021 +0000 mips: Avoid out-of-bounds access in mips_symbol_insns [PR98491] An invalid use of MSA_SUPPORTED_MODE_P was causing an ICE on mips64el with -mmsa. The detailed analysis is posted on bugzilla. gcc/ChangeLog: 2021-02-17 Xi Ruoyao <xry111@mengyan1223.wang> PR target/98491 * config/mips/mips.c (mips_symbol_insns): Do not use MSA_SUPPORTED_MODE_P if mode is MAX_MACHINE_MODE.
All unfixed branches are closed.