[Bug target/97054] New: [r10-3559 Regression] Runtime segfault with attached test code

Mon, 14 Sep 2020 21:08:42 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97054

            Bug ID: 97054
           Summary: [r10-3559 Regression] Runtime segfault with attached
                    test code
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: skpgkp2 at gmail dot com
                CC: crazylht at gmail dot com, hjl.tools at gmail dot com
  Target Milestone: ---

Created attachment 49218
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=49218&action=edit
reproducer test case.

Test case attached.

How to reproduce:

$g++ -fno-strict-aliasing -msse4.2 -mfpmath=sse  -gdwarf-2 -Wall
-Wwrite-strings -fPIC -Wformat-security -fstack-protector-strong -O2
-Wfatal-errors  -Wformat -Werror -Wundef  repro.cc && ./a.out
Segmentation fault (core dumped)

(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /local/skpandey/gccwork/toolwork/a.out 

Program received signal SIGSEGV, Segmentation fault.
0x00000000004011b0 in p2_ep_REBIND_IPC () at repro.cc:55
55              cur_pro->pc_RIP.i64 = code_lin_to_log(cur_pro,
int2linaddr(cur_pro, ipc));
(gdb) disass
Dump of assembler code for function p2_ep_REBIND_IPC():
   0x0000000000401180 <+0>:     push   %r15
   0x0000000000401182 <+2>:     push   %r12
   0x0000000000401184 <+4>:     mov    %rbp,%r12
   0x0000000000401187 <+7>:     mov    %r12,%rdi
   0x000000000040118a <+10>:    sub    $0x18,%rsp
   0x000000000040118e <+14>:    mov    $0x4040a0,%r15
   0x0000000000401195 <+21>:    mov    0x10(%rbp),%rbp
   0x0000000000401199 <+25>:    mov    (%r15),%rsi
   0x000000000040119c <+28>:    mov    %rbp,0x8(%rsp)
   0x00000000004011a1 <+33>:    mov    %rsi,0x30(%r12)
   0x00000000004011a6 <+38>:    mov    %rsi,0x8(%r12)
   0x00000000004011ab <+43>:    callq  0x401150 <int2linaddr(processor_t*,
p2_icode_t const*)>
=> 0x00000000004011b0 <+48>:    movq   $0x0,0x10(%rbp)
   0x00000000004011b8 <+56>:    mov    %rbp,%rdi
   0x00000000004011bb <+59>:    callq  0x401160 <turbo_clear(processor*)>
   0x00000000004011c0 <+64>:    mov    %rbp,%rdi
   0x00000000004011c3 <+67>:    mov    0x8(%rsp),%rbp
   0x00000000004011c8 <+72>:    mov    %rbp,%rsi
   0x00000000004011cb <+75>:    callq  0x401170
<x86_log_to_icode_exec(processor_t*, la_t)>
   0x00000000004011d0 <+80>:    addq   $0x4,(%r15)
   0x00000000004011d4 <+84>:    xor    %edx,%edx
   0x00000000004011d6 <+86>:    mov    %rax,0x30(%r12)
   0x00000000004011db <+91>:    subl   $0x1,0x4(%rbp)
   0x00000000004011df <+95>:    mov    0x4(%rbp),%eax
   0x00000000004011e2 <+98>:    test   %eax,%eax
   0x00000000004011e4 <+100>:   movsbl 0x0(%rbp),%eax
   0x00000000004011e8 <+104>:   setle  %dl
   0x00000000004011eb <+107>:   or     %eax,%edx
   0x00000000004011ed <+109>:   jne    0x4011f5 <p2_ep_REBIND_IPC()+117>
   0x00000000004011ef <+111>:   mov    (%r15),%rax
   0x00000000004011f2 <+114>:   mov    (%rax),%r13d
   0x00000000004011f5 <+117>:   add    $0x18,%rsp
   0x00000000004011f9 <+121>:   xor    %eax,%eax
   0x00000000004011fb <+123>:   pop    %r12
   0x00000000004011fd <+125>:   pop    %r15
   0x00000000004011ff <+127>:   retq   
End of assembler dump.



Configured with: ../../gcc/configure
--prefix=/local/skpandey/gccwork/toolwork/gcc-bisect-master/master/r10-3559/usr
--enable-clocale=gnu --with-system-zlib --with-demangler-in-ld
--with-fpmath=sse --disable-libsanitizer --enable-languages=c,c++,fortran
--enable-cet --without-isl --enable-libmpx --disable-bootstrap

1bcb4c4faa4bd6b1c917c75b100d618faf9e628c is the first bad commit
commit 1bcb4c4faa4bd6b1c917c75b100d618faf9e628c
Author: Richard Sandiford <richard.sandif...@arm.com>
Date:   Wed Oct 2 07:37:10 2019 +0000

    [LRA] Don't make eliminable registers live (PR91957)

    One effect of https://gcc.gnu.org/ml/gcc-patches/2019-09/msg00802.html
    was to strengthen the sanity check in lra_assigns so that it checks
    whether reg_renumber is consistent with the whole conflict set.
    This duly tripped on csky for a pseudo that had been allocated
    to the eliminated frame pointer.  (csky doesn't have a separate
    hard frame pointer.)

    lra-lives uses:

    /* Set of hard regs (except eliminable ones) currently live.  */
    static HARD_REG_SET hard_regs_live;

    to track the set of live directly-referenced hard registers, and it
    correctly implements the exclusion when setting up the initial set:

      hard_regs_live &= ~eliminable_regset;

    But later calls to make_hard_regno_live and make_hard_regno_dead
    would process eliminable registers like other registers, recording
    conflicts for them and potentially making them live.  (Note that
    after r266086, make_hard_regno_dead adds conflicts for registers
    that are already marked dead.)  I think this would have had the
    effect of pessimising targets without a separate hard frame pointer.

    2019-10-02  Richard Sandiford  <richard.sandif...@arm.com>

    gcc/
            PR middle-end/91957
            * lra-lives.c (make_hard_regno_dead): Don't record conflicts for
            eliminable registers.
            (make_hard_regno_live): Likewise, and don't make them live.

    From-SVN: r276440

 gcc/ChangeLog   | 7 +++++++
 gcc/lra-lives.c | 6 +++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

Reply via email to