subject:"\[Bug middle\-end\/83185\] \[8 Regression\] ICE with \-fsanitize=address in build_simple_mem_ref

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

2017-11-29 Thread jakub at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83185

--- Comment #6 from Jakub Jelinek  ---
Started with r250031 btw.

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

2017-11-29 Thread jakub at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83185

Jakub Jelinek  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #5 from Jakub Jelinek  ---
Fixed.

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

2017-11-29 Thread jakub at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83185

--- Comment #4 from Jakub Jelinek  ---
Author: jakub
Date: Wed Nov 29 10:33:06 2017
New Revision: 255229

URL: https://gcc.gnu.org/viewcvs?rev=255229=gcc=rev
Log:
PR middle-end/83185
* tree.c (build_simple_mem_ref_loc): Handle
get_addr_base_and_unit_offset returning a MEM_REF.

* gcc.dg/asan/pr83185.c: New test.

Added:
trunk/gcc/testsuite/gcc.dg/asan/pr83185.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/testsuite/ChangeLog
trunk/gcc/tree.c

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

2017-11-28 Thread jakub at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83185

Jakub Jelinek  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Assignee|unassigned at gcc dot gnu.org  |jakub at gcc dot gnu.org

--- Comment #3 from Jakub Jelinek  ---
Created attachment 42736
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=42736=edit
gcc8-pr83185.patch

Untested fix.

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

2017-11-28 Thread jakub at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83185

Jakub Jelinek  changed:

   What|Removed |Added

 CC||jakub at gcc dot gnu.org

--- Comment #2 from Jakub Jelinek  ---
So, the ICE is because without -fsanitize=address we have:
  struct [0:D.1901][1] * aps.0;
  struct [1] * _7;
  aps.0_10 = __builtin_alloca_with_align (_8, 64);
  _7 = &*aps.0_10[4];
  __builtin_va_start (_7, 0);
but with -fsanitize=address
  struct [1] * _7;
  struct [0:D.2257][1] * _17;
  struct [0:D.2257][1] * _18;
  _17 = __builtin_alloca_with_align (_16, 256);
  _18 = _17 + 32;
  __builtin___asan_alloca_poison (_18, _8);
  _7 = [(struct [0:D.2257][1] *)_17 + 32B][4];
  __builtin_va_start (_7, 0);
Now, tree-cfg.c verification is happy about this, in both
&*aps.0_10[4]
as well as
[(struct [0:D.2257][1] *)_17 + 32B][4]
but when the backend feeds that to build_simple_mem_ref_loc we reach:
4687  /* For convenience allow addresses that collapse to a simple base
4688 and offset.  */
4689  if (TREE_CODE (ptr) == ADDR_EXPR
4690  && (handled_component_p (TREE_OPERAND (ptr, 0))
4691  || TREE_CODE (TREE_OPERAND (ptr, 0)) == MEM_REF))
4692{
4693  ptr = get_addr_base_and_unit_offset (TREE_OPERAND (ptr, 0),
);
4694  gcc_assert (ptr);
4695  ptr = build_fold_addr_expr (ptr);
4696  gcc_assert (is_gimple_reg (ptr) || is_gimple_min_invariant
(ptr));
4697}
which ICEs in the -fsanitize=address case, in the former case ptr after
build_fold_addr_expr is a SSA_NAME, but in the latter _REF[SSA_NAME + 32],
and because the base is SSA_NAME, not ADDR_EXPR, we don't really merge the two
offsets together.

So, is this a forwprop bug + checking bug that it created such ADDR_EXPR -
in cddce3 we still had:
  _17 = __builtin_alloca_with_align (_16, 256);
  _18 = _17 + 32;
  __builtin___asan_alloca_poison (_18, _8);
  _7 = &*_18[4];
  __builtin_va_start (_7, 0);
and then forwprop4 turns that into:
  _17 = __builtin_alloca_with_align (_16, 256);
  _18 = _17 + 32;
  __builtin___asan_alloca_poison (_18, _8);
  _7 = [(struct [0:D.2257][1] *)_17 + 32B][4];
  __builtin_va_start (_7, 0);
Or should build_simple_mem_ref_loc deal also with this case (such as seeing
that if ptr fails the above assert, but is ADDR_EXPR of a MEM_REF with SSA_NAME
base and constant, use the ptr base as the constant and add the offset to
offset)?  Or should all the backends and other spots that call
build_simple_mem_ref_loc gimplify the address instead?

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

2017-11-28 Thread rguenth at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83185

Richard Biener  changed:

   What|Removed |Added

 Status|UNCONFIRMED |NEW
   Last reconfirmed||2017-11-28
  Known to work||7.2.1
   Target Milestone|--- |8.0
Summary|ICE with -fsanitize=address |[8 Regression] ICE with
   |in  |-fsanitize=address in
   |build_simple_mem_ref_loc,   |build_simple_mem_ref_loc,
   |at tree.c:4696  |at tree.c:4696
 Ever confirmed|0   |1

--- Comment #1 from Richard Biener  ---
Confirmed.

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

[Bug middle-end/83185] [8 Regression] ICE with -fsanitize=address in build_simple_mem_ref_loc, at tree.c:4696

6 matches

Site Navigation

Mail list logo

Footer information