Re: [COMMITTED] Fix debug/60438 -- i686 stack vs fp operations
OK if bootstrap succeeds? With testing of the bootstrap build of the patch, I ran into the following regression compared to a reference bootstrap build without the patch: ... FAIL: g++.dg/tsan/cond_race.C -O2 output pattern test, is ==3087==WARNING: Program is run with unlimited stack size, which wouldn't work with Threa\ dSanitizer. ==3087==Re-execing with stack size limited to 33554432 bytes. == WARNING: ThreadSanitizer: heap-use-after-free (pid=3087) Read of size 8 at 0x7d18efc8 by thread T1: #0 pthread_cond_signal /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.i\ nc:2266 (libtsan.so.0+0x00039b21) #1 thr(void*) /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/gcc/testsuite/g++.dg/tsan/cond_race.C:20 (cond_race.exe+0x1033\ ) Previous write of size 8 at 0x7d18efc8 by main thread: #0 operator delete(void*) /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/libsanitizer/tsan/tsan_interceptors.cc:592 (libtsan.so.0+0\ x000494b0) #1 main /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/gcc/testsuite/g++.dg/tsan/cond_race.C:34 (cond_race.exe+0x0ea0) Location is heap block of size 96 at 0x7d18efa0 allocated by main thread: #0 operator new(unsigned long) /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/libsanitizer/tsan/tsan_interceptors.cc:560 (libtsan.s\ o.0+0x000496f2) #1 main /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/gcc/testsuite/g++.dg/tsan/cond_race.C:25 (cond_race.exe+0x0e12) Thread T1 (tid=3101, running) created by main thread at: #0 pthread_create /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/libsanitizer/tsan/tsan_interceptors.cc:877 (libtsan.so.0+0x000\ 47c23) #1 main /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/gcc/testsuite/g++.dg/tsan/cond_race.C:29 (cond_race.exe+0x0e5a) SUMMARY: ThreadSanitizer: heap-use-after-free /home/vries/gcc_versions/data/test-fix-expand-ldexp/with/src/gcc/testsuite/g++.dg/tsan/cond_race.C:20 t\ hr(void*) == ThreadSanitizer: reported 1 warnings , should match ThreadSanitizer: data race.*pthread_cond_signal.* ... I've found the same failure here: http://gcc.gnu.org/ml/gcc-testresults/2014-01/msg00127.html, so I'm assuming it's a spurious failure. I've committed to trunk and 4.9. Thanks, - Tom
Re: [COMMITTED] Fix debug/60438 -- i686 stack vs fp operations
On Sat, Apr 26, 2014 at 11:27 AM, Tom de Vries wrote: > On 13-03-14 21:49, Richard Henderson wrote: >> >> (define_expand "ldexpxf3" >> - [(set (match_dup 3) >> - (float:XF (match_operand:SI 2 "register_operand"))) >> - (parallel [(set (match_operand:XF 0 " register_operand") >> - (unspec:XF [(match_operand:XF 1 "register_operand") >> - (match_dup 3)] >> - UNSPEC_FSCALE_FRACT)) >> - (set (match_dup 4) >> - (unspec:XF [(match_dup 1) (match_dup 3)] >> - UNSPEC_FSCALE_EXP))])] >> + [(match_operand:XF 0 "register_operand") >> + (match_operand:XF 1 "register_operand") >> + (match_operand:SI 2 "register_operand")] >> "TARGET_USE_FANCY_MATH_387 >> && flag_unsafe_math_optimizations" >> { >> @@ -14808,6 +14633,11 @@ >> >> operands[3] = gen_reg_rtx (XFmode); >> operands[4] = gen_reg_rtx (XFmode); >> + >> + emit_insn (gen_floatsixf2 (operands[3], operands[2])); >> + emit_insn (gen_fscalexf4_i387 (operands[0], operands[4], >> + operands[1], operands[3])); >> + DONE; >> }) > > > Richard, > > For a non-bootstrap x86_64 build, gcc.dg/builtins-34.c fails for me with a > sigsegv. > > I've traced it back to this code in insn-emit.c: > ... > rtx > gen_ldexpxf3 (rtx operand0, > rtx operand1, > rtx operand2) > { > rtx _val = 0; > start_sequence (); > { > rtx operands[3]; > operands[0] = operand0; > operands[1] = operand1; > operands[2] = operand2; > > { > if (optimize_insn_for_size_p ()) > FAIL; > > operands[3] = gen_reg_rtx (XFmode); > operands[4] = gen_reg_rtx (XFmode); > ... > > operands is declared with size 3, and operands[3,4] accesses are out of > bounds. > > I've done a minimal build with attached patch, and reran the test-case, > which passes now. > > OK if bootstrap succeeds? > > 2014-04-26 Tom de Vries > > * config/i386/i386.md (define_expand "ldexpxf3"): Fix out-of-bounds > array accesses. OK for mainline and 4.9 branch. Thanks, Uros.
Re: [COMMITTED] Fix debug/60438 -- i686 stack vs fp operations
On 13-03-14 21:49, Richard Henderson wrote: (define_expand "ldexpxf3" - [(set (match_dup 3) - (float:XF (match_operand:SI 2 "register_operand"))) - (parallel [(set (match_operand:XF 0 " register_operand") - (unspec:XF [(match_operand:XF 1 "register_operand") - (match_dup 3)] - UNSPEC_FSCALE_FRACT)) - (set (match_dup 4) - (unspec:XF [(match_dup 1) (match_dup 3)] - UNSPEC_FSCALE_EXP))])] + [(match_operand:XF 0 "register_operand") + (match_operand:XF 1 "register_operand") + (match_operand:SI 2 "register_operand")] "TARGET_USE_FANCY_MATH_387 && flag_unsafe_math_optimizations" { @@ -14808,6 +14633,11 @@ operands[3] = gen_reg_rtx (XFmode); operands[4] = gen_reg_rtx (XFmode); + + emit_insn (gen_floatsixf2 (operands[3], operands[2])); + emit_insn (gen_fscalexf4_i387 (operands[0], operands[4], + operands[1], operands[3])); + DONE; }) Richard, For a non-bootstrap x86_64 build, gcc.dg/builtins-34.c fails for me with a sigsegv. I've traced it back to this code in insn-emit.c: ... rtx gen_ldexpxf3 (rtx operand0, rtx operand1, rtx operand2) { rtx _val = 0; start_sequence (); { rtx operands[3]; operands[0] = operand0; operands[1] = operand1; operands[2] = operand2; { if (optimize_insn_for_size_p ()) FAIL; operands[3] = gen_reg_rtx (XFmode); operands[4] = gen_reg_rtx (XFmode); ... operands is declared with size 3, and operands[3,4] accesses are out of bounds. I've done a minimal build with attached patch, and reran the test-case, which passes now. OK if bootstrap succeeds? Thanks, - Tom 2014-04-26 Tom de Vries * config/i386/i386.md (define_expand "ldexpxf3"): Fix out-of-bounds array accesses. --- gcc/config/i386/i386.md | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/gcc/config/i386/i386.md b/gcc/config/i386/i386.md index 25e2e93..9f103cf 100644 --- a/gcc/config/i386/i386.md +++ b/gcc/config/i386/i386.md @@ -14427,15 +14427,16 @@ "TARGET_USE_FANCY_MATH_387 && flag_unsafe_math_optimizations" { + rtx tmp1, tmp2; if (optimize_insn_for_size_p ()) FAIL; - operands[3] = gen_reg_rtx (XFmode); - operands[4] = gen_reg_rtx (XFmode); + tmp1 = gen_reg_rtx (XFmode); + tmp2 = gen_reg_rtx (XFmode); - emit_insn (gen_floatsixf2 (operands[3], operands[2])); - emit_insn (gen_fscalexf4_i387 (operands[0], operands[4], - operands[1], operands[3])); + emit_insn (gen_floatsixf2 (tmp1, operands[2])); + emit_insn (gen_fscalexf4_i387 (operands[0], tmp2, + operands[1], tmp1)); DONE; }) -- 1.8.3.2