| Message ID | ri6va45e61v.fsf@suse.cz |
|---|---|
| State | New |
| Headers | show |
| Series | [PR,88214] Check that an argument is pointer before attempting agg jf construction from it | expand |
On Fri, Dec 7, 2018 at 3:59 PM Martin Jambor <mjambor@suse.cz> wrote: > > Hi, > > ICE in PR 88214 happens because a type-mismatch in K&R C code makes > IPA-CP analysis call ao_ref_init_from_ptr_and_size on an integer > SSA_NAME, this function in turn constructs a temporary MEM_REF based on > that integer SSA_NAME and then later on call_may_clobber_ref_p_1 treats > the MEM_REF base as a pointer, gets its SSA_NAME_PTR_INFO and tries to > work with bitmaps there. But because the SSA_NAME is an integer, there > is no SSA_NAME_PTR_INFO, there is range info instead and this leads to a > crash. > > On a related note, would people object to adding the following assert, > which would have made this bug much more straightforward to find? That's fine with me. > index 85a5de7..66cf2f2 100644 > --- a/gcc/tree-ssa-alias.c > +++ b/gcc/tree-ssa-alias.c > @@ -710,6 +710,7 @@ ao_ref_init_from_ptr_and_size (ao_ref *ref, tree ptr, tree size) > } > else > { > + gcc_assert (POINTER_TYPE_P (TREE_TYPE (ptr))); > ref->base = build2 (MEM_REF, char_type_node, > ptr, null_pointer_node); > ref->offset = 0; > > > The bug itself can be fixed with the patch below. I have verified it > avoids the ICE on powerpc64-linux and did a full bootstrap and test on > an x86_64-linux. The patch is simple enough that I believe that is good > enough. OK. Richard. > > 2018-12-06 Martin Jambor <mjambor@suse.cz> > > PR ipa/88214 > * ipa-prop.c (determine_locally_known_aggregate_parts): Make sure > we check pointers against pointers. > > testsuite/ > * gcc.dg/ipa/pr88214.c: New test. > --- > gcc/ipa-prop.c | 3 ++- > gcc/testsuite/gcc.dg/ipa/pr88214.c | 10 ++++++++++ > 2 files changed, 12 insertions(+), 1 deletion(-) > create mode 100644 gcc/testsuite/gcc.dg/ipa/pr88214.c > > diff --git a/gcc/ipa-prop.c b/gcc/ipa-prop.c > index 74052350ac1..4dbe26829e3 100644 > --- a/gcc/ipa-prop.c > +++ b/gcc/ipa-prop.c > @@ -1569,7 +1569,8 @@ determine_locally_known_aggregate_parts (gcall *call, tree arg, > if (TREE_CODE (arg) == SSA_NAME) > { > tree type_size; > - if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type)))) > + if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type))) > + || !POINTER_TYPE_P (TREE_TYPE (arg))) > return; > check_ref = true; > arg_base = arg; > diff --git a/gcc/testsuite/gcc.dg/ipa/pr88214.c b/gcc/testsuite/gcc.dg/ipa/pr88214.c > new file mode 100644 > index 00000000000..4daa9829e75 > --- /dev/null > +++ b/gcc/testsuite/gcc.dg/ipa/pr88214.c > @@ -0,0 +1,10 @@ > +/* { dg-do compile } */ > +/* { dg-options "-O2" } */ > + > +void i(); > + short a; > + void b(e) char * e; > + { > + i(); > + b(a); > + } > -- > 2.19.1 > > >
Hi, On Mon, Dec 10 2018, Richard Biener wrote: > On Fri, Dec 7, 2018 at 3:59 PM Martin Jambor <mjambor@suse.cz> wrote: >> ... >> >> On a related note, would people object to adding the following assert, >> which would have made this bug much more straightforward to find? > > That's fine with me. Thanks, I have just committed the following as r267298 after bootstrapping and testing it on x86_64-linux. Martin 2018-12-20 Martin Jambor <mjambor@suse.cz> PR ipa/88214 * tree-ssa-alias.c (ao_ref_init_from_ptr_and_size): Assert that ptr is a pointer. --- gcc/tree-ssa-alias.c | 1 + 1 file changed, 1 insertion(+) diff --git a/gcc/tree-ssa-alias.c b/gcc/tree-ssa-alias.c index 85a5de7ce05..66cf2f2c669 100644 --- a/gcc/tree-ssa-alias.c +++ b/gcc/tree-ssa-alias.c @@ -710,6 +710,7 @@ ao_ref_init_from_ptr_and_size (ao_ref *ref, tree ptr, tree size) } else { + gcc_assert (POINTER_TYPE_P (TREE_TYPE (ptr))); ref->base = build2 (MEM_REF, char_type_node, ptr, null_pointer_node); ref->offset = 0;
Hi, On Mon, Dec 10 2018, Richard Biener wrote: > On Fri, Dec 7, 2018 at 3:59 PM Martin Jambor <mjambor@suse.cz> wrote: >> >> Hi, >> >> ICE in PR 88214 happens because a type-mismatch in K&R C code makes >> IPA-CP analysis call ao_ref_init_from_ptr_and_size on an integer >> SSA_NAME, this function in turn constructs a temporary MEM_REF based on >> that integer SSA_NAME and then later on call_may_clobber_ref_p_1 treats >> the MEM_REF base as a pointer, gets its SSA_NAME_PTR_INFO and tries to >> work with bitmaps there. But because the SSA_NAME is an integer, there >> is no SSA_NAME_PTR_INFO, there is range info instead and this leads to a >> crash. >> ... >> The bug itself can be fixed with the patch below. I have verified it >> avoids the ICE on powerpc64-linux and did a full bootstrap and test on >> an x86_64-linux. The patch is simple enough that I believe that is good >> enough. > > OK. > > Richard. I have bootstrapped the patch on gcc-8 an gcc-7 branches too and will commit it there in a few moments too. Thanks, Martin > >> >> 2018-12-06 Martin Jambor <mjambor@suse.cz> >> >> PR ipa/88214 >> * ipa-prop.c (determine_locally_known_aggregate_parts): Make sure >> we check pointers against pointers. >> >> testsuite/ >> * gcc.dg/ipa/pr88214.c: New test. >> --- >> gcc/ipa-prop.c | 3 ++- >> gcc/testsuite/gcc.dg/ipa/pr88214.c | 10 ++++++++++ >> 2 files changed, 12 insertions(+), 1 deletion(-) >> create mode 100644 gcc/testsuite/gcc.dg/ipa/pr88214.c >> >> diff --git a/gcc/ipa-prop.c b/gcc/ipa-prop.c >> index 74052350ac1..4dbe26829e3 100644 >> --- a/gcc/ipa-prop.c >> +++ b/gcc/ipa-prop.c >> @@ -1569,7 +1569,8 @@ determine_locally_known_aggregate_parts (gcall *call, tree arg, >> if (TREE_CODE (arg) == SSA_NAME) >> { >> tree type_size; >> - if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type)))) >> + if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type))) >> + || !POINTER_TYPE_P (TREE_TYPE (arg))) >> return; >> check_ref = true; >> arg_base = arg; >> diff --git a/gcc/testsuite/gcc.dg/ipa/pr88214.c b/gcc/testsuite/gcc.dg/ipa/pr88214.c >> new file mode 100644 >> index 00000000000..4daa9829e75 >> --- /dev/null >> +++ b/gcc/testsuite/gcc.dg/ipa/pr88214.c >> @@ -0,0 +1,10 @@ >> +/* { dg-do compile } */ >> +/* { dg-options "-O2" } */ >> + >> +void i(); >> + short a; >> + void b(e) char * e; >> + { >> + i(); >> + b(a); >> + } >> -- >> 2.19.1 >> >> >>
--- a/gcc/tree-ssa-alias.c +++ b/gcc/tree-ssa-alias.c @@ -710,6 +710,7 @@ ao_ref_init_from_ptr_and_size (ao_ref *ref, tree ptr, tree size) } else { + gcc_assert (POINTER_TYPE_P (TREE_TYPE (ptr))); ref->base = build2 (MEM_REF, char_type_node, ptr, null_pointer_node); ref->offset = 0; The bug itself can be fixed with the patch below. I have verified it avoids the ICE on powerpc64-linux and did a full bootstrap and test on an x86_64-linux. The patch is simple enough that I believe that is good enough. 2018-12-06 Martin Jambor <mjambor@suse.cz> PR ipa/88214 * ipa-prop.c (determine_locally_known_aggregate_parts): Make sure we check pointers against pointers. testsuite/ * gcc.dg/ipa/pr88214.c: New test. --- gcc/ipa-prop.c | 3 ++- gcc/testsuite/gcc.dg/ipa/pr88214.c | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/gcc.dg/ipa/pr88214.c diff --git a/gcc/ipa-prop.c b/gcc/ipa-prop.c index 74052350ac1..4dbe26829e3 100644 --- a/gcc/ipa-prop.c +++ b/gcc/ipa-prop.c @@ -1569,7 +1569,8 @@ determine_locally_known_aggregate_parts (gcall *call, tree arg, if (TREE_CODE (arg) == SSA_NAME) { tree type_size; - if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type)))) + if (!tree_fits_uhwi_p (TYPE_SIZE (TREE_TYPE (arg_type))) + || !POINTER_TYPE_P (TREE_TYPE (arg))) return; check_ref = true; arg_base = arg; diff --git a/gcc/testsuite/gcc.dg/ipa/pr88214.c b/gcc/testsuite/gcc.dg/ipa/pr88214.c new file mode 100644 index 00000000000..4daa9829e75 --- /dev/null +++ b/gcc/testsuite/gcc.dg/ipa/pr88214.c @@ -0,0 +1,10 @@ +/* { dg-do compile } */ +/* { dg-options "-O2" } */ + +void i(); + short a; + void b(e) char * e; + { + i(); + b(a); + }