https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98302
--- Comment #16 from Martin Liška <marxin at gcc dot gnu.org> ---
(In reply to Alex Coplan from comment #15)
> (In reply to Martin Liška from comment #11)
> > > which is miscompiled at -O2 -ftree-vectorize or -O3.
> >
> > What a great reduction, can you please share knowledge how did you achieve
> > that?!
>
> Hi Martin,
>
> Sorry for the late reply.
That's fine!
>
> Generally, when reducing a yarpgen testcase, I start by checking whether
> we can hit the bug with just one large C++ file, i.e. with:
>
> $ cat init.h func.cpp driver.cpp > combined.cc
Nice trick, I've just used that in PR98513 and it works.
>
> and then deleting the #include of "init.h" from combined.cc. For most
> issues, you should be able to reproduce the bug with the combined file.
>
> For a wrong code bug, I usually proceed with two separate reductions:
>
> 1. Reduce the C++ file without preprocessing.
> 2. Attempt to manually convert the reduced C++ testcase to a C testcase.
> 3. Preprocess the C testcase and then reduce the preprocessed file.
>
> For (2) this usually involves superficial syntax changes, using C
> headers instead of their C++ equivalents, and replacing calls to
> std::{min,max} with a C equivalent (using pointers instead of
> references).
I can confirm that one can easily replace std::min, max with the
implementation:
template<class T>
const T& min(const T& a, const T& b)
{
return (b < a) ? b : a;
}
that removes the rependency.
>
> I use a relatively beefy x86 machine for reduction, using qemu to run
> target code (aarch64, in this case). My reduction script broadly does
> the following:
>
> Sanitizer checks:
>
> * I run three separate compile+executes (2x gcc, 1x clang) on the x86
> host with sanitizer options enabled (-fsanitize=address
> -fsanitize=undefined -fno-sanitize-recover=undefined). I use the host
> GCC (7.5.0 on Ubuntu 18.04) and clang 10 for this. I run clang at -O0
> and GCC at both -O0 and -O1 -fno-common (the latter appears to be
> necessary to catch some global buffer overflows).
Heh :) In the mentioned PR, I first did only reduction with sanitizers, -O3 was
miscompiled, but later than I noticed that -O0 was crashing as well. Using
clang
is also a nice trick. Moreover, I also use -Werror -Wall -Wextra and 'timeout
X'
helps as well. It's quite common that loops iterate for ever.
>
> * We fail the interestingness test if any of these executions fail. If
> possible, I also save the results of these executions for comparison
> with the target executions.
>
> Target comparisons:
>
> * Then, using the target (aarch64) GCC, I compile+execute at various
> optimisation levels. In this case I used -O{0,1,2,s,g,3}, checking
> that the output (exit code and stdout/stderr) differs for the
> optimisation level exhibiting the bug (-O3 in this case) but is the
> same for all other cases.
>
> Finally, I run the reduced testcase through
> https://cerberus.cl.cam.ac.uk/ to check for any undefined behaviour that
> the sanitizers didn't manage to catch. More recently I've also been
> experimenting with Frama-C which works on some testcases that are too
> large for Cerberus to handle.
I see!
>
> Currently the reduction script is a simple bash script that runs
> everything serially. I've been experimenting with some python scripts
> that can run things in parallel, I might also explore generating
> make/ninja to parallelise the interestingness test at some point.
I do it also serially, in case of the mention PR, I did:
cvise -c 'g++-10 combined.cc && timeout 2 ./a.out && g++-10
-fsanitize=address,undefined -fno-sanitize-recover=all combined.cc && timeout 2
./a.out && g++ combined.cc -O3 && timeout 2 valgrind ./a.out 2>&1 | grep
"Invalid "' combined.cc
>
> I'm sure that this process could be improved, but this is what I've been
> using so far, and it seems to work. I hope this is of some use, let me
> know if you have any more specific questions or thoughts.
I may experiment next time with a paralell interestingness script. Right now,
I've been running
yarpgen for few hours a day on a AMD Epyc machine.
Anyway, thank you for sharing the knowledge. It's useful!
