[Bug middle-end/59399] New: ICE in expand_expr_real_1 with -m64 -fsanitize=signed-integer-overflow

bergner at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Thu Dec 5 18:19:00 GMT 2013 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59399

            Bug ID: 59399
           Summary: ICE in expand_expr_real_1 with -m64
                    -fsanitize=signed-integer-overflow
           Product: gcc
           Version: 4.9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: bergner at gcc dot gnu.org

On powerpc64-linux, I'm seeing a failure in the ubsan testsuite that causes an
ICE in expand_real_1, line 9484.  A simplified test case is:

[bergner@igoo BUGS]$ cat bug.ii 
void
foo (int i, int j)
{
  volatile int k = j + i;
}

[bergner@igoo BUGS]$ /home/bergner/gcc/build/gcc-fsf-mainline-debug/gcc/cc1plus
-fpreprocessed -quiet -m64 -fsanitize=signed-integer-overflow bug.ii 
bug.ii: In function ‘void foo(int, int)’:
bug.ii:4:22: internal compiler error: in expand_expr_real_1, at expr.c:9484
   volatile int k = j + i;
                      ^
0x107c1d2f expand_expr_real_1(tree_node*, rtx_def*, machine_mode,
expand_modifier, rtx_def**)
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/expr.c:9484
0x107b9d57 expand_expr_real(tree_node*, rtx_def*, machine_mode,
expand_modifier, rtx_def**)
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/expr.c:7927
0x109590af expand_expr
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/expr.h:453
0x1095a383 ubsan_expand_si_overflow_addsub_check(tree_code,
gimple_statement_base*)
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/internal-fn.c:182
0x1095b30f expand_UBSAN_CHECK_ADD
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/internal-fn.c:436
0x1095b467 expand_internal_call(gimple_statement_base*)
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/internal-fn.c:476
0x106071ab expand_call_stmt
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/cfgexpand.c:2185
0x1060b9d3 expand_gimple_stmt_1
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/cfgexpand.c:3154
0x1060c20f expand_gimple_stmt
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/cfgexpand.c:3306
0x106149eb expand_gimple_basic_block
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/cfgexpand.c:5146
0x106170db gimple_expand_cfg
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/cfgexpand.c:5712
0x10617aff execute
    /home/bergner/gcc/gcc-fsf-mainline-base/gcc/cfgexpand.c:5932

We're dying in the gcc_assert below:

          /* Get the signedness to be used for this variable.  Ensure we get
             the same mode we got when the variable was declared.  */
          if (code == SSA_NAME
              && (g = SSA_NAME_DEF_STMT (ssa_name))
              && gimple_code (g) == GIMPLE_CALL)
            {
              gcc_assert (!gimple_call_internal_p (g));
              pmode = promote_function_mode (type, mode, &unsignedp,
                                             gimple_call_fntype (g),
                                             2);
            }

The debugger shows g to be:

(gdb) p *g
$1 = {code = GIMPLE_CALL, no_warning = 0, visited = 0, nontemporal_move = 0,
plf = 0, modified = 0, 
  has_volatile_ops = 0, subcode = 64, uid = 0, location = 2147483648, num_ops =
5, bb = 0xfffb0070208, 
  next = 0xfffb00a00a0, prev = 0xfffb00a00a0}

More information about the Gcc-bugs mailing list