Bug #618684 “ICE when building ziproxy” : Bugs : Linaro GCC

Revision history for this message

In GCC Bugzilla #36466, Aurelien Jarno (aurelien-aurel32) wrote on 2008-06-08:

#10

gcc fails to build the attached testcase with optimization levels above -O0. The problem occurs with all versions from the gcc 4.x branch. Versions gcc 3.x do not expose the problem. Note that the ICE occurs on both old-ABI and EABI.

Using built-in specs.
Target: arm-linux-gnueabi
Configured with: ../src/configure -v --with-pkgversion='Debian 4.3.0-5' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --disable-libssp --disable-sjlj-exceptions --enable-checking=release --build=arm-linux-gnueabi --host=arm-linux-gnueabi --target=arm-linux-gnueabi
Thread model: posix
gcc version 4.3.1 20080523 (prerelease) (Debian 4.3.0-5)

Revision history for this message

In GCC Bugzilla #36466, Aurelien Jarno (aurelien-aurel32) wrote on 2008-06-08:

#11

Created attachment 15731
reduced testcase

Revision history for this message

In GCC Bugzilla #36466, Laurent GUERBY (laurent-guerby) wrote on 2009-01-02:

#12

Confirmed with gcc-4.3.2-1 Debian gnueabi:
$ gcc -c -O1 pr36466.c
pr36466.c: In function ‘ReadCfgFile’:
pr36466.c:19: internal compiler error: in choose_reload_regs, at reload1.c:6190

And on trunk rev 142984:
pr36466.c: In function 'ReadCfgFile':
pr36466.c:19: internal compiler error: in choose_reload_regs, at reload1.c:6470

Revision history for this message

In GCC Bugzilla #36466, Laurent GUERBY (laurent-guerby) wrote on 2009-01-02:

#13

backtrace on trunk:

(gdb) bt
#0 fancy_abort (file=0x786084 "../../trunk/gcc/reload1.c", line=6470, function=0x785f8c "choose_reload_regs") at ../../trunk/gcc/diagnostic.c:712
#1 0x002ba378 in choose_reload_regs (chain=<value optimized out>) at ../../trunk/gcc/reload1.c:6470
#2 0x002baf08 in reload_as_needed (live_known=<value optimized out>) at ../../trunk/gcc/reload1.c:4240
#3 0x002bf868 in reload (first=<value optimized out>, global=<value optimized out>) at ../../trunk/gcc/reload1.c:1169
#4 0x0068815c in rest_of_handle_ira () at ../../trunk/gcc/ira.c:2018
#5 0x0026ebc8 in execute_one_pass (pass=0x91fa54) at ../../trunk/gcc/passes.c:1279
#6 0x0026ee34 in execute_pass_list (pass=0x91fa54) at ../../trunk/gcc/passes.c:1328
#7 0x0026ee4c in execute_pass_list (pass=0x91a390) at ../../trunk/gcc/passes.c:1329
#8 0x003726f4 in tree_rest_of_compilation (fndecl=0x40232780) at ../../trunk/gcc/tree-optimize.c:419
#9 0x004e92d4 in cgraph_expand_function (node=0x401b0900) at ../../trunk/gcc/cgraphunit.c:1047
#10 0x004eb35c in cgraph_optimize () at ../../trunk/gcc/cgraphunit.c:1106
#11 0x0001cabc in c_write_global_declarations () at ../../trunk/gcc/c-decl.c:8074
#12 0x0031e58c in toplev_main (argc=<value optimized out>, argv=<value optimized out>) at ../../trunk/gcc/toplev.c:981
#13 0x40095dfc in __libc_start_main () from /lib/libc.so.6
#14 0x0000aa7c in _start ()

Revision history for this message

In GCC Bugzilla #36466, Nospamnoham (nospamnoham) wrote on 2009-08-04:

#14

I see the same problem when I try to compile transmission release 1.73. The error happens with file libtransmission/fdlimit.c. Works till -O1 but fails with -O2 or -O3. Seeing this error with gcc 4.21.

Transmission was configured with:
./configure --host=arm-none-linux-gnueabi --target=arm-none-linux-gnueabi \
                        --build=i686-pc-linux \
                        --disable-gtk --disable-nls \
                        --prefix=/usr/local \
                        CFLAGS="-I/home/user/proj/syno-packager/precomp/88f6281/arm-none-linux-gnueabi/include -I/home/user/proj/syno-packager/out/88f6281/temproot/usr/local/include -I/home/user/proj/syno-packager/out/88f6281/root/usr/local/include" LDFLAGS="-L/home/user/proj/syno-packager/precomp/88f6281/arm-none-linux-gnueabi/lib -L/home/user/proj/syno-packager/out/88f6281/temproot/usr/local/lib -L/home/user/proj/syno-packager/out/88f6281/root/usr/local/lib"

Transmission needs openssl and curl to compile. So if you want to reproduce this issue, you might have to compile them first.

Please email me if you need further data.

Thanks,
SK

Revision history for this message

In GCC Bugzilla #36466, Mikpe (mikpe) wrote on 2009-08-04:

#15

Confirmed with gcc-4.3-20090802, gcc-4.4-20090728, and gcc-4.5-20090730. Passing -mtune=xscale to gcc prevents the ICE.

Revision history for this message

In GCC Bugzilla #36466, Mikpe (mikpe) wrote on 2009-08-04:

#16

Hang on, the test case looks invalid:

> ReadCfgFile (char *cfg_file)
> {
> void *conf_handler;
> int i;
> struct sockaddr_in nsaddr_list[0];
> char *nserver_str;
> qp_getconf_array_str (conf_handler, "Nameservers", i, &nserver_str, 0);
> (*__res_state ()).nsaddr_list[(*__res_state ()).nscount++] = nsaddr_list[0];
> }

This has a zero-element array as a local variable, which it then fetches an element from. That's clearly invalid. Changing it as follows

- struct sockaddr_in nsaddr_list[0];
+ struct sockaddr_in nsaddr_list[1];

makes the test case work for me, even without -mtune=xscale.

Revision history for this message

In GCC Bugzilla #36466, Ramana-gcc (ramana-gcc) wrote on 2009-08-05:

#17

Invalid testcase as per comment #6.

(In reply to comment #4)
> I see the same problem when I try to compile transmission release 1.73. The
> error happens with file libtransmission/fdlimit.c. Works till -O1 but fails
> with -O2 or -O3. Seeing this error with gcc 4.21.
>

Please file a separate bug report about this as per http://gcc.gnu.org/bugs.html if you can reproduce this for trunk or any of the current release branches.

Revision history for this message

Loïc Minier (lool) wrote on 2010-08-16:

#1

Martin Michlmayr (tbm) from Debian fame pointed at the referenced upstream bug PR36466 when discussing the Debian build log.

Revision history for this message

Loïc Minier (lool) wrote on 2010-08-16:

#2

Note that the upstream bug mentions that the source code might be invalid, but nevertheless gcc shouldn't segfault.

Revision history for this message

Loïc Minier (lool) wrote on 2010-08-16:

#3

Debian are discussing changes to ziproxy at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591417 so I've added a bug watch in bug #539874.

tags:

added: armel toolchain

Bug Watch Updater (bug-watch-updater) on 2010-08-16

Changed in gcc:
status:	Unknown → Invalid

Revision history for this message

In GCC Bugzilla #36466, Loïc Minier (lool) wrote on 2010-08-16:

#18

I'm not sure how the .i ends up with a zero-length array; resolv.h has:
# define MAXNS 3 /* max # name servers we'll track */
[...]
struct __res_state {
[...]
struct sockaddr_in
nsaddr_list[MAXNS]; /* address of name server */

so it should be [3], but it's [0] in the .i file attached here.

Revision history for this message

In GCC Bugzilla #36466, Loïc Minier (lool) wrote on 2010-08-16:

#19

Also, even if it's invalid input, I guess gcc should never SEGV, but rather throw an error out?

Revision history for this message

In GCC Bugzilla #36466, Tbm-8 (tbm-8) wrote on 2010-08-16:

#20

Reopening since GCC should not ICE, even if the code is invalid.

Revision history for this message

In GCC Bugzilla #36466, Tbm-8 (tbm-8) wrote on 2010-08-16:

#21

Reopening.

Revision history for this message

Loïc Minier (lool) wrote on 2010-08-16:

#4

Low prio since it's bogus source code to start with.

Changed in gcc-linaro:
importance:	Undecided → Low
Changed in gcc-4.4 (Ubuntu):
importance:	Undecided → Low

Revision history for this message

In GCC Bugzilla #36466, Loïc Minier (lool) wrote on 2010-08-16:

#22

Ok, it's [0] because ziproxy uses "nsaddr" as an identifier for a local variable which conflicts with a compatibility #define in glibc resolv.h. Renaming to "nsaddress" for instance fixes the build, so clearly bogus source code.

Bug Watch Updater (bug-watch-updater) on 2010-08-17

Changed in gcc:
status:	Invalid → Confirmed

Michael Hope (michaelh1) on 2010-09-28

tags:

added: ice

Revision history for this message

Michael Hope (michaelh1) wrote on 2010-11-19:

#5

Test case Edit (461 bytes, text/plain)

Confirmed on ARM in gcc-linaro-4.5-2010.11-0

michaelh@pavo1:~/linaro/bugs$ ~/toolchains/gcc-linaro-4.5-2010.11-0-armv7l-maverick-cbuild14-pavo3/bin/gcc -c -O2 lp618684.c
lp618684.c: In function 'ReadCfgFile':
lp618684.c:19:1: internal compiler error: in choose_reload_regs, at reload1.c:6844

Will attempt to fix. If the investigation takes too long then we'll defer.

Attachment is from GCC bugzilla.

Changed in gcc-linaro:
status:	New → Triaged
milestone:	none → 4.5-2010.12-0

Revision history for this message

Chung-Lin Tang (cltang) wrote on 2010-11-19:

#6

This is not currently reproducible on latest Linaro 4.5 trunk.

Revision history for this message

Michael Hope (michaelh1) wrote on 2010-11-21:

#7

Confirmed that trunk passes:
michaelh@pavo1:~/linaro/bugs$ ~/toolchains/gcc-linaro-4.5+bzr99435-armv7l-maverick-cbuild17-pavo3/bin/gcc -c -O2 lp618684.c

and also at -O0, -O1, and -O3. But why?

Revision history for this message

Richard Sandiford (rsandifo) wrote on 2010-11-23:

#8

Download full text (4.3 KiB)

This is an instance of the bug that Bernd fixed here:

http://gcc.gnu.org/ml/gcc-patches/2010-03/msg01161.html

We're trying to reload the following ldmsi3 insn:

[insn A]
(insn 28 22 25 2 /home/richards/lp618684.c:18 (parallel [
            (set (reg:SI 0 r0)
                (mem/s:SI (reg/f:SI 25 sfp) [4 nsaddr_list+0 S4 A64]))
            (set (reg:SI 1 r1)
                (mem/s:SI (plus:SI (reg/f:SI 25 sfp)
                        (const_int 4 [0x4])) [4 nsaddr_list+4 S4 A32]))
            (set (reg:SI 2 r2)
                (mem/s:SI (plus:SI (reg/f:SI 25 sfp)
                        (const_int 8 [0x8])) [4 nsaddr_list+8 S4 A64]))
        ]) 189 {*ldmsi3} (nil))

The calculate_needs_all_insns pass tries to determine which reloads
are needed by each instruction. In order to do this, it must have
access to the eliminated form of the instruction, in which things
like the soft frame pointer (sfp) have been replaced by their
"real" sp- or fp-based values. However, the eliminations (and in
particular the elimination offsets) are not final at this stage,
so reload cannot simply replace sfp in-place. It needs to create
a temporary insn:

[insn B]
(insn 28 22 25 2 /home/richards/lp618684.c:18 (parallel [
            (set (reg:SI 0 r0)
                (mem/s:SI (plus:SI (reg/f:SI 13 sp)
                        (const_int 16 [0x10])) [4 nsaddr_list+0 S4 A64]))
            (set (reg:SI 1 r1)
                (mem/s:SI (plus:SI (plus:SI (reg/f:SI 13 sp)
                            (const_int 16 [0x10]))
                        (const_int 4 [0x4])) [4 nsaddr_list+4 S4 A32]))
            (set (reg:SI 2 r2)
                (mem/s:SI (plus:SI (plus:SI (reg/f:SI 13 sp)
                            (const_int 16 [0x10]))
                        (const_int 8 [0x8])) [4 nsaddr_list+8 S4 A64]))
        ]) 189 {*ldmsi3} (nil))

in order to analyse the reloads, then switch back to the original
form before moving to the next instruction.

The task of going from A to B lies with eliminate_regs_in_insn. It:

  1. records the original form of each operand
  2. applies eliminations to each operand
  3. creates a copy (new_body) of the new instruction body
  4. sets the insn's pattern to new_body
  5. restores each operand to its original form, undoing the
     substitutions in 2

Reload can then go from B back to A by setting PATTERN (insn) to
its original value, undoing step 4.

The problem is that, for ldmsi3 instructions, operand 0 comes from
a match_parallel, so is actually the whole instruction body
(PATTERN (insn)). Restoring the original operand 0 in step 5
therefore undoes step 4, and eliminate_regs_in_insn leaves the
insn in its original uneliminated form:

(insn 28 22 25 2 /home/richards/lp618684.c:18 (parallel [
            (set (reg:SI 0 r0)
                (mem/s:SI (reg/f:SI 25 sfp) [4 nsaddr_list+0 S4 A64]))
            (set (reg:SI 1 r1)
                (mem/s:SI (plus:SI (reg/f:SI 25 sfp)
                        (const_int 4 [0x4])) [4 nsaddr_list+4 S4 A32]))
            (set (reg:SI 2 r2)
                (mem/s:SI (plus:SI (reg/f:SI 25 sfp)
                        (const_int 8 [0x8])) [4 nsaddr_list+8 S4 A64]))
        ]) 189 {*ldmsi3} ...

This is an instance of the bug that Bernd fixed here:

http://gcc.gnu.org/ml/gcc-patches/2010-03/msg01161.html

We're trying to reload the following ldmsi3 insn:

[insn A]
(insn 28 22 25 2 /home/richards/lp618684.c:18 (parallel [
            (set (reg:SI 0 r0)
                (mem/s:SI (reg/f:SI 25 sfp) [4 nsaddr_list+0 S4 A64]))
            (set (reg:SI 1 r1)
                (mem/s:SI (plus:SI (reg/f:SI 25 sfp)
                        (const_int 4 [0x4])) [4 nsaddr_list+4 S4 A32]))
            (set (reg:SI 2 r2)
                (mem/s:SI (plus:SI (reg/f:SI 25 sfp)
                        (const_int 8 [0x8])) [4 nsaddr_list+8 S4 A64]))
        ]) 189 {*ldmsi3} (nil))

The calculate_needs_all_insns pass tries to determine which reloads
are needed by each instruction.  In order to do this, it must have
access to the eliminated form of the instruction, in which things
like the soft frame pointer (sfp) have been replaced by their
"real" sp- or fp-based values.  However, the eliminations (and in
particular the elimination offsets) are not final at this stage,
so reload cannot simply replace sfp in-place.  It needs to create
a temporary insn:

[insn B]
(insn 28 22 25 2 /home/richards/lp618684.c:18 (parallel [
            (set (reg:SI 0 r0)
                (mem/s:SI (plus:SI (reg/f:SI 13 sp)
                        (const_int 16 [0x10])) [4 nsaddr_list+0 S4 A64]))
            (set (reg:SI 1 r1)
                (mem/s:SI (plus:SI (plus:SI (reg/f:SI 13 sp)
                            (const_int 16 [0x10]))
                        (const_int 4 [0x4])) [4 nsaddr_list+4 S4 A32]))
            (set (reg:SI 2 r2)
                (mem/s:SI (plus:SI (plus:SI (reg/f:SI 13 sp)
                            (const_int 16 [0x10]))
                        (const_int 8 [0x8])) [4 nsaddr_list+8 S4 A64]))
        ]) 189 {*ldmsi3} (nil))

in order to analyse the reloads, then switch back to the original
form before moving to the next instruction.

The task of going from A to B lies with eliminate_regs_in_insn.  It:

1. records the original form of each operand
  2. applies eliminations to each operand
  3. creates a copy (new_body) of the new instruction body
  4. sets the insn's pattern to new_body
  5. restores each operand to its original form, undoing the
     substitutions in 2

Reload can then go from B back to A by setting PATTERN (insn) to
its original value, undoing step 4.

The problem is that, for ldmsi3 instructions, operand 0 comes from
a match_parallel, so is actually the whole instruction body
(PATTERN (insn)).  Restoring the original operand 0 in step 5
therefore undoes step 4, and eliminate_regs_in_insn leaves the
insn in its original uneliminated form:

(insn 28 22 25 2 /home/richards/lp618684.c:18 (parallel [
            (set (reg:SI 0 r0)
                (mem/s:SI (reg/f:SI 25 sfp) [4 nsaddr_list+0 S4 A64]))
            (set (reg:SI 1 r1)
                (mem/s:SI (plus:SI (reg/f:SI 25 sfp)
                        (const_int 4 [0x4])) [4 nsaddr_list+4 S4 A32]))
            (set (reg:SI 2 r2)
                (mem/s:SI (plus:SI (reg/f:SI 25 sfp)
                        (const_int 8 [0x8])) [4 nsaddr_list+8 S4 A64]))
        ]) 189 {*ldmsi3} (nil))

And that's the bug: step 5 must skip operands that correspond to
PATTERN (insn).  But the failure occurs later.  Seeing this insn,
reload thought that no reloads are needed, because the ARM backend
in this release said that the soft frame pointer belongs to
CORE_REGS, and thus to BASE_REG_CLASS, even though the soft frame
pointer is an imaginary GCC-internal construct.

The upshot is that calculate_needs_all_insns thought that this
instruction (A) needs no reloads, then reload_as_needed realised
that the real instruction (B) actually did.  That's what the
assert trapped.

Julian's patch to remove the soft frame pointer from CORE_REGS
and GENERAL_REGS (which was for a different bug, and correct IMO)
has fixed this testcase too, because find_reloads can tell from even
the original sfp-based instruction that a reload is needed.  However,
find_reload should never have seen the sfp form to begin with, so in
this case, the incorrect output from eliminate_regs_in_insn really is
the underlying bug.  It could still trigger in cases where B needs
two reloads (for example because the sp offset is too large).

Bernd's patch is as safe as reload patches get, so I think we should
backport it too as a belt & braces fix.

Richard

Richard Sandiford (rsandifo) on 2010-11-23

Changed in gcc-linaro:
assignee:	nobody → Richard Sandiford (rsandifo)

Richard Sandiford (rsandifo) on 2010-11-24

Changed in gcc-linaro:
status:	Triaged → In Progress

Michael Hope (michaelh1) on 2010-12-06

Changed in gcc-linaro:
status:	In Progress → Fix Committed

Michael Hope (michaelh1) on 2010-12-14

Changed in gcc-linaro:
status:	Fix Committed → Fix Released

Revision history for this message

Matthias Klose (doko) wrote on 2010-12-14:

#9

Fixed in gcc-4.4 4.4.5-10ubuntu1 (Ubuntu natty)

Changed in gcc-4.4 (Ubuntu):
status:	New → Fix Released

Bug Watch Updater (bug-watch-updater) on 2013-03-23

Changed in gcc:
importance:	Unknown → Medium

Revision history for this message

In GCC Bugzilla #36466, Rearnsha (rearnsha) wrote on 2013-08-05:

#23

gcc-4.6 seems to compile the code without generating an ICE. However, versions of gcc older than 4.7 are no-longer being maintained.

Bug Watch Updater (bug-watch-updater) on 2013-08-06

Changed in gcc:
status:	Confirmed → Fix Released

Linaro GCC

ICE when building ziproxy

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to	Milestone
Linaro GCC	Fix Released	Low	Richard Sandiford	Linaro GCC 4.5-2010.12-0
gcc	Fix Released	Medium	gcc-bugzilla #36466
gcc-4.4 (Ubuntu)	Fix Released	Low	Unassigned