[Bug tree-optimization/22219] New: ICE when compiling gcc.dg/builtin-object-size-[1234].c

jakub at redhat dot com gcc-bugzilla@gcc.gnu.org
Tue Jun 28 15:10:00 GMT 2005 

With current GCC CVS 4 of the added tests
(gcc.dg/builtin-object-size-{1,2,3,4}.c) fail with:
/usr/src/gcc/gcc/testsuite/gcc.dg/builtin-object-size-1.c: In function 'test2':
/usr/src/gcc/gcc/testsuite/gcc.dg/builtin-object-size-1.c:159: error:
Pointers with a memory tag, should have points-to sets or r_1, name memory tag:
NMT.52, points-to vars: { } r, UID 0, char *
/usr/src/gcc/gcc/testsuite/gcc.dg/builtin-object-size-1.c:159: internal
compiler error: verify_flow_sensitive_alias_info failed.Please submit a full bug
report,
with preprocessed source if appropriate.
See <URL:http://gcc.gnu.org/bugs.html> for instructions.

but a) that looks like a tree-ssa-alias bug to me (see below)
b) it is a checking only failure, when not checking, it works
c) it is not something people usually do with the builtins.
Usually the builtin result is passed to a function that also uses
the pointer passed to the __builtin_object_size (ptr, cst) function
and therefore the pointer use is usually not completely optimized
away when __builtin_object_size (ptr, cst) is optimized into a
constant.

In gcc.dg/builtin-object-size{1,2,3,4}.c I'm only testing
the __builtin_object_size builtin, so e.g. in test2 function
__builtin_object_size is the only place that uses the r variable.
At alias4 time, the variable is:
rD.1709_1, name memory tag: NMT.52D.2245, is dereferenced, its value escapes,
points-to vars: { buf3D.1710 aD.1708 }
...
  # rD.1709_1 = PHI <&aD.1708.buf1D.1706[1](1), &aD.1708.buf2D.1707[7](2),
&buf3D.1710[5](3), rD.1709_40(4),
+&aD.1708.buf1D.1706[9](5)>;
...
  D.1726_12 = __builtin_object_size (rD.1709_1, 0);
Now, objsz pass (but similarly could optimize e.g. a fab pass) optimizes
the last line into:
  D.1726_12 = 20;
and when alias5 starts, in init_alias_info it clears
rD.1709_1's is_dereferenced, clears pi->pt_vars
bitmap etc., but does not clear it's pi->name_mem_tag
(this is I guess desirable, so that in the likely case the mem tag
will be needed again a new mem tag is not created again).
Next collect_points_to_info_for is called for pointer uses
and collect_points_to_info_for leads to populating the processed_ptrs
array (and for pointers in processed_ptrs varray it clears pi->name_mem_tag
in create_name_tags).  The problem here is that rD.1709_1
is not used any longer, so pi->name_mem_tag is not cleared,
while pi->is_dereferenced is 0, pi->pt_vars is empty bitmap
and verify_flow_sensitive_alias_info complains.
PR tree-optimization/21584 sounds like the same problem.
Now, unless we require a DCE pass right before every may_alias
pass, I'm afraid we have to live with pointers that had a name_mem_tag
set, but after some optimization are no longer used anywhere, but not yet
eliminated as dead code.  So, either create_name_tags would need to
walk over all SSA names with pointer type and do:
      if (pi->pt_anything || !pi->is_dereferenced)
        {
          /* No name tags for pointers that have not been
             dereferenced or point to an arbitrary location.  */
          pi->name_mem_tag = NULL_TREE;
          continue;
        }
on them, not just on those in ai->processed_ptrs,
or verify_flow_sensitive_alias_info should allow non-NULL
name_mem_tag if pt_anything != 0 || pi->is_dereferenced = NULL.

-- 
           Summary: ICE when compiling gcc.dg/builtin-object-size-[1234].c
           Product: gcc
           Version: 4.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: tree-optimization
        AssignedTo: dnovillo at gcc dot gnu dot org
        ReportedBy: jakub at redhat dot com
                CC: gcc-bugs at gcc dot gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22219

More information about the Gcc-bugs mailing list