https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105431
Bug ID: 105431
Summary: ICE: SIGSEGV in powi_as_mults_1
(tree-ssa-math-opts.cc:1512) with -Ofast and
__builtin_pow()
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
Target Milestone: ---
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Created attachment 52903
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52903&action=edit
reduced testcase
This might be related to PR105368; on 11-branch and older, the other PR is
triggered. The failing address is also very similar to the other PR.
This fails for me only with a bootstrapped compiler; there might be another UB
that is exploited only when bootstrapping.
$ x86_64-pc-linux-gnu-gcc -Ofast testcase.c -wrapper valgrind,-q
==24694== Invalid read of size 1
==24694== at 0x158683D: powi_as_mults_1(gimple_stmt_iterator*, unsigned int,
tree_node*, long, tree_node**) (tree-ssa-math-opts.cc:1512)
==24694== by 0x158B56E: powi_as_mults(gimple_stmt_iterator*, unsigned int,
tree_node*, long) (tree-ssa-math-opts.cc:1551)
==24694== by 0x158C8B1: gimple_expand_builtin_pow(gimple_stmt_iterator*,
unsigned int, tree_node*, tree_node*) (tree-ssa-math-opts.cc:2049)
==24694== by 0x158CF59: (anonymous
namespace)::pass_cse_sincos::execute(function*) (tree-ssa-math-opts.cc:2317)
==24694== by 0x12EB49A: execute_one_pass(opt_pass*) (passes.cc:2638)
==24694== by 0x12EBD5F: execute_pass_list_1(opt_pass*) (passes.cc:2738)
==24694== by 0x12EBD71: execute_pass_list_1(opt_pass*) (passes.cc:2739)
==24694== by 0x12EBD98: execute_pass_list(function*, opt_pass*)
(passes.cc:2749)
==24694== by 0xF15F75: expand (cgraphunit.cc:1835)
==24694== by 0xF15F75: cgraph_node::expand() (cgraphunit.cc:1788)
==24694== by 0xF17536: expand_all_functions (cgraphunit.cc:1999)
==24694== by 0xF17536: symbol_table::compile() [clone .part.0]
(cgraphunit.cc:2349)
==24694== by 0xF1A117: compile (cgraphunit.cc:2262)
==24694== by 0xF1A117: symbol_table::finalize_compilation_unit()
(cgraphunit.cc:2530)
==24694== by 0x13F3E1F: compile_file() (toplev.cc:479)
==24694== Address 0x80000000028ce240 is not stack'd, malloc'd or (recently)
free'd
==24694==
during GIMPLE pass: sincos
testcase.c: In function 'foo':
testcase.c:2:1: internal compiler error: Segmentation fault
2 | foo (int i)
| ^~~
0x13f3b5f crash_signal
/repo/gcc-trunk/gcc/toplev.cc:322
0x158683d powi_as_mults_1
/repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:1512
0x158b56e powi_as_mults(gimple_stmt_iterator*, unsigned int, tree_node*, long)
/repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:1551
0x158c8b1 gimple_expand_builtin_pow
/repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:2049
0x158cf59 execute
/repo/gcc-trunk/gcc/tree-ssa-math-opts.cc:2317
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
$ x86_64-pc-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-trunk-r13-21-20220428204650-g9ae8b993cd3-checking-yes-rtl-df-extra-amd64/bin/x86_64-pc-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r13-21-20220428204650-g9ae8b993cd3-checking-yes-rtl-df-extra-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/13.0.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu
--with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r13-21-20220428204650-g9ae8b993cd3-checking-yes-rtl-df-extra-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 13.0.0 20220428 (experimental) (GCC)
