[Bug tree-optimization/100487] New: A possible divide by zero bug in jump_table_cluster::emit

2021-05-08 Thread yguoaz at cse dot ust.hk via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100487

Bug ID: 100487
   Summary: A possible divide by zero bug in
jump_table_cluster::emit
   Product: gcc
   Version: 11.0
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: tree-optimization
  Assignee: unassigned at gcc dot gnu.org
  Reporter: yguoaz at cse dot ust.hk
  Target Milestone: ---

In the file tree-switch-conversion.c, the function jump_table_cluster::emit has
the following code (link to the code location:
https://github.com/gcc-mirror/gcc/blob/releases/gcc-11/gcc/tree-switch-conversion.c#L1118):

void
jump_table_cluster::emit (tree index_expr, tree,
  tree default_label_expr, basic_block default_bb,
  location_t loc) {
  unsigned HOST_WIDE_INT range = get_range (get_low (), get_high ());
  ...
  case_edge->probability
= profile_probability::always ().apply_scale ((intptr_t)case_edge->aux,
  range);
}

/* Return *THIS * NUM / DEN.  */
profile_probability apply_scale (int64_t num, int64_t den) const
{
  ...
  safe_scale_64bit (m_val, num, den, &tmp);
  ...
}

Since get_range may return 0, this will lead to a potential divide by zero
following the call sequence:

apply_scale (num, den) -> safe_scale_64bit (m_val, num, den, &tmp)-> using den
as divisor in the function safe_scale_64bit.

I think we should check range's value against 0 or add an explicit assertion to
the function "profile_probability apply_scale (int64_t num, int64_t den)". 

Notice that another similar function "profile_count apply_scale (int64_t num,
int64_t den) const" has explicitly asserted that den>0.

[Bug tree-optimization/100503] New: A possible divide by zero problem in function do_rpo_vn

2021-05-10 Thread yguoaz at cse dot ust.hk via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100503

Bug ID: 100503
   Summary: A possible divide by zero problem in function
do_rpo_vn
   Product: gcc
   Version: 11.0
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: tree-optimization
  Assignee: unassigned at gcc dot gnu.org
  Reporter: yguoaz at cse dot ust.hk
  Target Milestone: ---

In gcc/tree-ssa-sccvn.c, the function do_rpo_vn has the following code (link to
the code location:
https://github.com/gcc-mirror/gcc/blob/releases/gcc-11/gcc/tree-ssa-sccvn.c#L7815-#L7842)

static unsigned
do_rpo_vn (function *fn, edge entry, bitmap exit_bbs,
   bool iterate, bool eliminate) {
...
int nex = 0;
...
for (int i = 0; i < n; ++i) {
basic_block bb = BASIC_BLOCK_FOR_FN (fn, rpo[i]);
if (bb->flags & BB_EXECUTABLE)
nex++;
}
...
statistics_histogram_event (cfun, "RPO iterations", 10*nblk / nex);
}

In the loop, the code counts the number of basic blocks with BB_EXECUTABLE flag
in variable nex and use it as divisor after exiting the loop. If no basic block
has such flag, then we will have a divide by zero problem. Is this possible ?
Or we must have at least one bb with the flag BB_EXECUTABLE ?