[Bug tree-optimization/97556] [11 Regression] ICE at -O2 and -O3 in 32-bit mode on x86_64-pc-linux-gnu in size_remaining, at builtins.c:235 since r11-3827
jakub at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Mon Oct 26 10:28:14 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97556
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
I think the problem is that compute_objsize doesn't bother to check for any
kind of overflow on any arithmetics it does.
E.g. in:
4815 offset_int sz = wi::to_offset (tpsize);
4816 orng[0] *= sz;
4817 orng[1] *= sz;
when orng[0] is 1000000000 and orng[1] is -1 and sz is 3, everything is
multiplied by 3, so we end up with 3000000000 and -3. Later on the upper bound
is set to
311 offset_int maxoff = wi::to_offset (TYPE_MAX_VALUE
(ptrdiff_type_node));
312 offrng[1] = maxoff;
and size_remaining then asserts something that the computation can't really
guarantee.
Adjusted testcase that ICEs with -O2 -m64 the same way:
char a[1][3];
int b;
void f () {
unsigned long long c = 7000000000000000000ULL;
if (b)
goto L;
while (b) {
c = ~0ULL;
L:
a[c][0] = 0;
}
}
More information about the Gcc-bugs
mailing list