[Bug tree-optimization/64034] New: [5 regression] cc1 stack-overflow with -O2 -fsanitize=undefined

Sun, 23 Nov 2014 11:09:06 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64034

            Bug ID: 64034
           Summary: [5 regression] cc1 stack-overflow with -O2
                    -fsanitize=undefined
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sirl at gcc dot gnu.org

Created attachment 34080
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34080&action=edit
testcase to reproduce the bug

The attached testcase segfaults (valgrind says stack-overflow) when compiled
for x86_64 with -O2 -fsanitize=undefined. gcc-4.9.2 compiles the testcase
without problems.

gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000bf990c in copy<generic_wide_int<wide_int_storage>,
generic_wide_int<wide_int_ref_storage<false> > > (y=..., x=...) at
../../gcc/wide-int.h:1660
1660        xval[i] = yval[i];
(gdb) bt
#0  0x0000000000bf990c in copy<generic_wide_int<wide_int_storage>,
generic_wide_int<wide_int_ref_storage<false> > > (y=..., x=...) at
../../gcc/wide-int.h:1660
#1  zext<generic_wide_int<wide_int_ref_storage<false> > > (offset=1023, x=...)
at ../../gcc/wide-int.h:2067
#2  wi::fits_to_tree_p<generic_wide_int<wide_int_ref_storage<false> > > (x=...,
type=type@entry=0x7ffff6931d20) at ../../gcc/tree.h:4760
#3  0x0000000000bec36f in force_fit_type (type=0x7ffff6931d20, cst=...,
overflowable=1, overflowed=<optimized out>) at ../../gcc/tree.c:1237
#4  0x00000000006c2dbf in fold_negate_const (arg0=arg0@entry=0x7ffff695c4f8,
type=type@entry=0x7ffff6931d20) at ../../gcc/fold-const.c:15423
#5  0x00000000006f76eb in fold_negate_expr (loc=loc@entry=0,
t=t@entry=0x7ffff695c4f8) at ../../gcc/fold-const.c:555
#6  0x00000000006f8d28 in negate_expr (t=0x7ffff695c4f8) at
../../gcc/fold-const.c:775
#7  0x00000000006da1bc in fold_binary_loc (loc=loc@entry=0,
code=code@entry=MINUS_EXPR, type=type@entry=0x7ffff6931d20,
op0=op0@entry=0x7ffff624d8c0, op1=op1@entry=0x7ffff695c4f8)
    at ../../gcc/fold-const.c:10450
#8  0x00000000006eaafb in fold_build2_stat_loc (loc=0, code=MINUS_EXPR,
type=0x7ffff6931d20, op0=0x7ffff624d8c0, op1=0x7ffff695c4f8) at
../../gcc/fold-const.c:14231
#9  0x00000000007786a9 in generic_simplify (loc=0, code=<optimized out>,
type=0x7ffff6931d20, op0=0x7ffff624d8a0, op1=<optimized out>) at
generic-match.c:3194
#10 0x00000000006d6852 in fold_binary_loc (loc=loc@entry=0,
code=code@entry=PLUS_EXPR, type=type@entry=0x7ffff6931d20,
op0=op0@entry=0x7ffff624d8a0, op1=op1@entry=0x7ffff624d880)
    at ../../gcc/fold-const.c:9729
#11 0x00000000006eaafb in fold_build2_stat_loc (loc=loc@entry=0,
code=code@entry=PLUS_EXPR, type=type@entry=0x7ffff6931d20, op0=0x7ffff624d8a0,
op1=op1@entry=0x7ffff624d880)
    at ../../gcc/fold-const.c:14231
#12 0x00000000006da203 in fold_binary_loc (loc=loc@entry=0,
code=code@entry=MINUS_EXPR, type=type@entry=0x7ffff6931d20,
op0=op0@entry=0x7ffff624d860, op1=op1@entry=0x7ffff695c4f8)
    at ../../gcc/fold-const.c:10450
#13 0x00000000006eaafb in fold_build2_stat_loc (loc=0, code=MINUS_EXPR,
type=0x7ffff6931d20, op0=0x7ffff624d860, op1=0x7ffff695c4f8) at
../../gcc/fold-const.c:14231
#14 0x00000000007786a9 in generic_simplify (loc=0, code=<optimized out>,
type=0x7ffff6931d20, op0=0x7ffff624d840, op1=<optimized out>) at
generic-match.c:3194
#15 0x00000000006d6852 in fold_binary_loc (loc=loc@entry=0,
code=code@entry=PLUS_EXPR, type=type@entry=0x7ffff6931d20,
op0=op0@entry=0x7ffff624d840, op1=op1@entry=0x7ffff624d820)
    at ../../gcc/fold-const.c:9729
#16 0x00000000006eaafb in fold_build2_stat_loc (loc=loc@entry=0,
code=code@entry=PLUS_EXPR, type=type@entry=0x7ffff6931d20, op0=0x7ffff624d840,
op1=op1@entry=0x7ffff624d820)
    at ../../gcc/fold-const.c:14231
... a lot similar frames follow, seems like a folding recursion.

$ gcc-5 -v
Using built-in specs.
COLLECT_GCC=gcc-5
COLLECT_LTO_WRAPPER=/usr/lib64/gcc/x86_64-suse-linux/5/lto-wrapper
Target: x86_64-suse-linux
Configured with: ../configure --prefix=/usr --infodir=/usr/share/info
--mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64
--enable-languages=c,c++,fortran --with-gxx-include-dir=/usr/include/c++/5
--enable-ssp --disable-libssp --disable-libvtv --disable-plugin
--with-bugurl=http://bugs.opensuse.org/ --with-pkgversion='SUSE Linux'
--disable-libgcj --with-slibdir=/lib64 --with-system-zlib --enable-__cxa_atexit
--enable-libstdcxx-allocator=new --disable-libstdcxx-pch
--enable-version-specific-runtime-libs --enable-linker-build-id
--enable-linux-futex --program-suffix=-5 --without-system-libunwind
--enable-multilib --with-arch-32=i586 --with-tune=generic
--build=x86_64-suse-linux --host=x86_64-suse-linux
Thread model: posix
gcc version 5.0.0 20141118 (experimental) [trunk revision 217715] (SUSE Linux)


Might be related to bug 63879, but the backtrace looks totally different.

Reply via email to