[Bug tree-optimization/93134] New: [graphite] ICE: Segmentation fault in ISL
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93134
Bug ID: 93134
Summary: [graphite] ICE: Segmentation fault in ISL
Product: gcc
Version: 9.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: drfiemost at email dot it
Target Milestone: ---
Getting a crash with snapshots gcc-9-20191221/gcc-8-20191220 and isl-0.22 on
x86_64-linux compiling the following reduced code using "-O2 -floop-block"
flags:
typedef struct {
int a[128]
} b;
b c;
d, e, f, g;
h() {
int i;
for (; g < e; g++) {
i = 1;
for (; i < d; i++)
c.a[f + i * 16 + g] = c.a[6 + g];
}
}
root [ /mnt/devel/build/gcc/gcc-9-20191221/build ]# LANG=C gcc/cc1 -O2
-floop-block /usr/src/gcc_ice.c
/usr/src/gcc_ice.c:3:1: warning: no semicolon at end of struct or union
3 | } b;
| ^
/usr/src/gcc_ice.c:5:1: warning: data definition has no type or storage class
5 | d, e, f, g;
| ^
/usr/src/gcc_ice.c:5:1: warning: type defaults to 'int' in declaration of 'd'
[-Wimplicit-int]
/usr/src/gcc_ice.c:5:4: warning: type defaults to 'int' in declaration of 'e'
[-Wimplicit-int]
5 | d, e, f, g;
|^
/usr/src/gcc_ice.c:5:7: warning: type defaults to 'int' in declaration of 'f'
[-Wimplicit-int]
5 | d, e, f, g;
| ^
/usr/src/gcc_ice.c:5:10: warning: type defaults to 'int' in declaration of 'g'
[-Wimplicit-int]
5 | d, e, f, g;
| ^
h
/usr/src/gcc_ice.c:6:1: warning: return type defaults to 'int' [-Wimplicit-int]
6 | h() {
| ^
Analyzing compilation unit
Performing interprocedural optimizations
<*free_lang_data>
Streaming LTO
Assembling
functions:
hduring GIMPLE pass: graphite
/usr/src/gcc_ice.c: In function 'h':
/usr/src/gcc_ice.c:6:1: internal compiler error: Segmentation fault
0x1128de4 crash_signal
../../gcc/toplev.c:326
0x7f9145e857bf ???
/mnt/devel/build/glibc/glibc-2.30/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0x21433a8 isl_basic_map_underlying_set
../../isl/isl_map.c:5515
0x20ec8ea equalities_in_underlying_set
../../isl/isl_affine_hull.c:860
0x20ecae4 isl_basic_map_detect_equalities
../../isl/isl_affine_hull.c:919
0x20ecc9b isl_basic_set_detect_equalities
../../isl/isl_affine_hull.c:952
0x21611ff uset_gist
../../isl/isl_map_simplify.c:2702
0x2162008 isl_basic_map_gist
../../isl/isl_map_simplify.c:3176
0x21622d1 isl_map_gist_basic_map
../../isl/isl_map_simplify.c:3234
0x2162dca map_gist
../../isl/isl_map_simplify.c:3601
0x2139072 isl_map_align_params_map_map_and
../../isl/isl_map.c:1531
0x2162e20 isl_map_gist
../../isl/isl_map_simplify.c:3611
0x2162ffe isl_map_gist_domain
../../isl/isl_map_simplify.c:3661
0x21ed605 bin_add_pair
../../isl/isl_union_map.c:872
0x21ed88e gen_bin_entry
../../isl/isl_union_map.c:957
0x2125f7e isl_hash_table_foreach
../../isl/isl_hash.c:207
0x21ed985 gen_bin_op
../../isl/isl_union_map.c:982
0x21ee560 union_map_gist_domain
../../isl/isl_union_map.c:1390
0x21ee5aa isl_union_map_gist_domain
../../isl/isl_union_map.c:1403
0x1e77f5a optimize_isl
../../gcc/graphite-optimize-isl.c:128
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
The original non-reduced code crashes only on gcc 9 with the same backtrace and
not on gcc 8, can add the preprocessed source if required.
Maybe related to bug 90004
[Bug tree-optimization/71824] [6/7 Regression] ICE when compiling libiberty with Graphite loop optimizations
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71824
--- Comment #7 from Leandro Nini ---
Reduced testcase, ICEs with gcc -O2 -floop-interchange:
int a, b, d;
int **c;
int fn1() {
while (a)
if (d) {
int e = -d;
for (; b < e; b++)
c[b] = &a;
} else {
for (; b; b++)
c[b] = &b;
d = 0;
}
}
[Bug tree-optimization/71824] [6 Regression] ICE when compiling libiberty with Graphite loop optimizations
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71824
--- Comment #13 from Leandro Nini ---
I've applied the patch to the 6.3.1 20170202 snapshot and the former test
compiles but this one triggers the same error:
typedef struct { float x1; } bx;
typedef struct {
int w;
short o;
} T2P;
T2P a;
int b;
void fn2();
void fn3(bx*,short);
void fn1() {
unsigned i = 0;
int c;
bx *d;
bx **h;
if (b == 0) {
fn2();
return;
}
for (; c; c++)
for (; i < 100; i++) {
d = h[i];
d->x1 = a.w;
}
for (; i < 100; i++) {
d = h[i];
d->x1 = a.w;
}
if (a.o)
for (; b;)
fn3(d, a.o);
}
/opt/gcc/bin/gcc -O2 -floop-interchange bug71824_v2.c
bug71824_v2.c: In function ‘fn1’:
bug71824_v2.c:10:6: internal compiler error: in add_loop_constraints, at
graphite-sese-to-poly.c:931
void fn1() {
^~~
0x17540ea add_loop_constraints
../../gcc/graphite-sese-to-poly.c:931
0x1754538 build_iteration_domains
../../gcc/graphite-sese-to-poly.c:1001
0x17546b5 build_iteration_domains
../../gcc/graphite-sese-to-poly.c:1040
0x17553ae build_poly_scop(scop*)
../../gcc/graphite-sese-to-poly.c:1364
0x1739ee5 graphite_transform_loops()
../../gcc/graphite.c:319
0x1739f87 graphite_transforms
../../gcc/graphite.c:356
0x173a0ad execute
../../gcc/graphite.c:433
[Bug c/62113] New: [graphite] ICE using -floop-parallelize-all
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62113 Bug ID: 62113 Summary: [graphite] ICE using -floop-parallelize-all Product: gcc Version: 4.9.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: drfiemost at email dot it Created attachment 33304 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33304&action=edit Preprocessed source gcc -O2 -floop-parallelize-all -c rdft.i ends up eating all memory (8Gb) and then dies: gcc: internal compiler error: Killed (program cc1) Reproduced with both 4.8 and 4.9: Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-unknown-linux-gnu/4.8.4/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: ../gcc-4.8-20140807/configure --prefix=/usr --enable-shared --disable-static --disable-dependency-tracking --enable-languages=c,c++ --disable-multilib --with-system-zlib --disable-bootstrap Thread model: posix gcc version 4.8.4 20140807 (prerelease) (GCC) Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-unknown-linux-gnu/4.9.1/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: ../gcc-4.9.1/configure --prefix=/usr --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-languages=c,c++ --disable-multilib --disable-bootstrap --with-system-zlib --disable-static --disable-dependency-tracking Thread model: posix gcc version 4.9.1 (GCC)
[Bug c/62114] New: [graphite] ICE using -floop-parallelize-all and -ffast-math
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62114 Bug ID: 62114 Summary: [graphite] ICE using -floop-parallelize-all and -ffast-math Product: gcc Version: 4.9.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: drfiemost at email dot it Created attachment 33305 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33305&action=edit Preprocessed source gcc -O2 -floop-parallelize-all -ffast-math -c cvt.i cvt.c: In function ‘Pobsopen’: cvt.c:62:12: internal compiler error: Segmentation fault Reproduced with both 4.8 and 4.9: Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-unknown-linux-gnu/4.8.4/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: ../gcc-4.8-20140807/configure --prefix=/usr --enable-shared --disable-static --disable-dependency-tracking --enable-languages=c,c++ --disable-multilib --with-system-zlib --disable-bootstrap Thread model: posix gcc version 4.8.4 20140807 (prerelease) (GCC) Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-unknown-linux-gnu/4.9.1/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: ../gcc-4.9.1/configure --prefix=/usr --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-languages=c,c++ --disable-multilib --disable-bootstrap --with-system-zlib --disable-static --disable-dependency-tracking Thread model: posix gcc version 4.9.1 (GCC)
[Bug tree-optimization/62114] [graphite] ICE using -floop-parallelize-all and -ffast-math
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62114 --- Comment #1 from Leandro Nini --- Backtrace generated with gcc version 4.9.2 20140813 (prerelease) # LANG=C gcc/cc1 -O2 -floop-parallelize-all -ffast-math /mnt/doc/cvt.i vprintf getchar fgetc_unlocked getc_unlocked getchar_unlocked putchar fputc_unlocked putc_unlocked putchar_unlocked feof_unlocked ferror_unlocked __signbitf __signbit __signbitl lgamma lgammaf lgammal gamma gammaf gammal tgamma tgammaf tgammal __bswap_32 __bswap_64 atoi atol atoll gnu_dev_major gnu_dev_minor gnu_dev_makedev bsearch atof mymalloc Pobsopen Pobsclose Pobspath Pobsbarriers addpt Bezier append_bezier Analyzing compilation unit Performing interprocedural optimizations <*free_lang_data> <*free_inline_summary> Assembling functions: Pobsopen cvt.c: In function 'Pobsopen': cvt.c:62:12: internal compiler error: Segmentation fault 0xb2a43e crash_signal ../../gcc-4.9-20140813/gcc/toplev.c:337 0x7f12fad2098f ??? /usr/src/glibc/glibc-2.19/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0 0x1201529 subtract_commutative_associative_deps ../../gcc-4.9-20140813/gcc/graphite-dependences.c:430 0x1201927 compute_deps(scop*, vec, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**, isl_union_map**) ../../gcc-4.9-20140813/gcc/graphite-dependences.c:502 0x1201b99 loop_level_carries_dependences ../../gcc-4.9-20140813/gcc/graphite-dependences.c:566 0x1201d07 loop_is_parallel_p(loop*, hash_table, int) ../../gcc-4.9-20140813/gcc/graphite-dependences.c:598 0x11fe45d translate_clast_for_loop ../../gcc-4.9-20140813/gcc/graphite-clast-to-gimple.c:1200 0x11fe512 translate_clast_for ../../gcc-4.9-20140813/gcc/graphite-clast-to-gimple.c:1224 0x11fe792 translate_clast ../../gcc-4.9-20140813/gcc/graphite-clast-to-gimple.c:1307 0x11fe886 translate_clast ../../gcc-4.9-20140813/gcc/graphite-clast-to-gimple.c:1327 0x11ff3b6 gloog(scop*, hash_table) ../../gcc-4.9-20140813/gcc/graphite-clast-to-gimple.c:1712 0x11fb371 graphite_transform_loops() ../../gcc-4.9-20140813/gcc/graphite.c:304 0x11fb406 graphite_transforms ../../gcc-4.9-20140813/gcc/graphite.c:332 0x11fb534 execute ../../gcc-4.9-20140813/gcc/graphite.c:416
[Bug tree-optimization/62113] [graphite] ICE using -floop-parallelize-all
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62113 --- Comment #1 from Leandro Nini --- Created attachment 33322 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33322&action=edit Reduced source
[Bug tree-optimization/62114] [graphite] ICE using -floop-parallelize-all and -ffast-math
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62114 --- Comment #5 from Leandro Nini --- Backporting the commit r212122 from trunk fixes the error both in 4.8 and 4.9
[Bug tree-optimization/98444] New: [10 Regression] compile error with -ftracer and -Werror=format-overflow
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98444 Bug ID: 98444 Summary: [10 Regression] compile error with -ftracer and -Werror=format-overflow Product: gcc Version: 10.2.1 URL: https://github.com/elogind/elogind/issues/189 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: drfiemost at email dot it Target Milestone: --- Created attachment 49843 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49843&action=edit Preprocessed source I get the following error compiling the attached code with gcc-10 (gcc version 10.2.1 20201205): $ gcc -O2 -ftracer -Werror=format-overflow -c pam_elogind.i ../src/login/pam_elogind.c: In function ‘export_legacy_dbus_address’: ../src/login/pam_elogind.c:315:13: error: ‘%s’ directive argument is null [-Werror=format-overflow=] cc1: some warnings being treated as errors According to upstream [1] the variable is asserted before calling the function so it will never be null. The code compiles fine with gcc-9 and even with gcc-10 when removing the -ftracer flag. I can't tell if it's a regression in gcc-10, just a false positive or what so I'm reporting it here. [1] https://github.com/elogind/elogind/issues/189
[Bug middle-end/106776] New: Unexpected use-after-free warning
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106776
Bug ID: 106776
Summary: Unexpected use-after-free warning
Product: gcc
Version: 12.2.0
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: drfiemost at email dot it
Target Milestone: ---
Created attachment 53520
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53520&action=edit
test program
When compiling the attached program with the -O2 and -Wuse-after-free flags I
get the following warning, which seems bogus as the pointer is not actually
dereferenced in case it is deleted:
$ g++ -O2 -Wuse-after-free test_ref.cpp
In member function 'unsigned int counter::decrease()',
inlined from 'matrix_t::~matrix_t()' at test_ref.cpp:32:38,
inlined from 'matrix_t* cache(int, const char*)' at test_ref.cpp:53:1:
test_ref.cpp:14:40: warning: pointer used after 'void operator delete(void*,
std::size_t)' [-Wuse-after-free]
14 | unsigned int decrease() { return --c; }
|^
In destructor 'matrix_t::~matrix_t()',
inlined from 'std::pair::~pair()' at
C:/msys64/mingw64/include/c++/12.2.0/bits/stl_pair.h:185:12,
inlined from 'matrix_t* cache(int, const char*)' at test_ref.cpp:52:40:
test_ref.cpp:32:56: note: call to 'void operator delete(void*, std::size_t)'
here
32 | ~matrix_t() { if (count->decrease() == 0) { delete count; delete
data; } }
|^
The IL dump confirms that the pointer _1 is either accessed or deleted
:
void matrix::~matrix (struct matrix * const this)
{
struct counter * _1;
short int * _2;
unsigned int _10;
unsigned int _11;
[local count: 1073741824]:
_1 = this_5(D)->count;
_10 = _1->c;
_11 = _10 + 4294967295;
if (_11 == 0)
goto ; [33.00%]
else
goto ; [67.00%]
[local count: 719407024]:
_1->c = _11;
[local count: 884279007]:
goto ; [100.00%]
[local count: 354334800]:
operator delete (_1, 4);
_2 = this_5(D)->data;
if (_2 != 0B)
goto ; [53.47%]
else
goto ; [46.53%]
[local count: 164871983]:
goto ; [100.00%]
[local count: 189462817]:
operator delete [] (_2); [tail call]
[local count: 1073741824]:
return;
}
The warning doesn't appear when using the -O1 flag or if the variable is
decalared volatile.
If I'm not missing anything obvious the warning should not be issued at all.
[Bug middle-end/106776] Unexpected use-after-free warning
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106776 --- Comment #2 from Leandro Nini --- Oh, now I see it, it wasn't that obvious in the first test. But why is the compiler allowed to postpone the store after deleting the pointer? Is there some undefined behavior involved here or what?
[Bug c/108051] New: Missing array-bounds warning when not using -ftracer flag
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108051 Bug ID: 108051 Summary: Missing array-bounds warning when not using -ftracer flag Product: gcc Version: 12.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: drfiemost at email dot it Target Milestone: --- Created attachment 54061 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54061&action=edit test program Compiling the attached program, where the key pointer might be unreferenced when NULL, the warning only shows when using the -ftracer flag. Tested with gcc version 12.2.0 and 11.3.0. $ gcc -O2 -Wall -Werror geometry.i In function ‘HandleOverlayDef’, inlined from ‘HandleSectionBody’ at geometry.c:2789:18, inlined from ‘HandleSectionDef’ at geometry.c:2829:10, inlined from ‘HandleGeometryFile’ at geometry.c:2875:18: geometry.c:2580:9: error: ‘strncpy’ output may be truncated copying 4 bytes from a string of length 4 [-Werror=stringop-truncation] 2580 | } geometry.c:2581:9: error: ‘strncpy’ output may be truncated copying 4 bytes from a string of length 4 [-Werror=stringop-truncation] 2581 | return False; cc1: all warnings being treated as errors $ gcc -O2 -ftracer -Wall -Werror geometry.i In function ‘HandleOverlayDef’, inlined from ‘HandleSectionBody’ at geometry.c:2789:18, inlined from ‘HandleSectionDef’ at geometry.c:2829:10, inlined from ‘HandleGeometryFile’ at geometry.c:2875:18: geometry.c:2580:9: error: ‘strncpy’ output may be truncated copying 4 bytes from a string of length 4 [-Werror=stringop-truncation] 2580 | } geometry.c:2581:9: error: ‘strncpy’ output may be truncated copying 4 bytes from a string of length 4 [-Werror=stringop-truncation] 2581 | return False; geometry.c:2580:9: error: ‘strncpy’ offset [0, 3] is out of the bounds [0, 0] [-Werror=array-bounds] 2580 | } geometry.c:2581:9: error: ‘strncpy’ offset [0, 3] is out of the bounds [0, 0] [-Werror=array-bounds] 2581 | return False; cc1: all warnings being treated as errors As a side note the warning message is also a bit cryptic, as the out of bound would happen only in case the pointer is NULL and not in normal conditions, but sure is better than no message at all. See https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/issues/21 for reference.
[Bug tree-optimization/108051] Missing array-bounds warning when not using -ftracer flag
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108051 Leandro Nini changed: What|Removed |Added CC||drfiemost at email dot it --- Comment #1 from Leandro Nini --- Created attachment 54064 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54064&action=edit test-bz108051.c Reduced testcase, it doesn't error out if the -ftracer flag is omitted $ gcc -O2 -ftracer -Wall -Werror=array-bounds test-bz108051.c
