[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #10 from David Malcolm --- Thanks. Marking this as RESOLVED then.
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 --- Comment #9 from Jeffrey A. Law --- It does!
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 --- Comment #8 from Jeffrey A. Law --- I was just about to test it... Results shortly :-)
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 --- Comment #7 from David Malcolm --- Should be fixed by r246044. Jeff: does this fix the issue you mentioned in comment #2?
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 --- Comment #6 from David Malcolm --- Author: dmalcolm Date: Fri Mar 10 18:39:52 2017 New Revision: 246044 URL: https://gcc.gnu.org/viewcvs?rev=246044=gcc=rev Log: Fix out-of-bounds write in RTL function reader (PR bootstrap/79952) gcc/ChangeLog: PR bootstrap/79952 * read-rtl-function.c (function_reader::read_rtx_operand): Update x with result of extra_parsing_for_operand_code_0. (function_reader::extra_parsing_for_operand_code_0): Convert return type from void to rtx, returning x. When reading SYMBOL_REF with SYMBOL_FLAG_HAS_BLOCK_INFO, reallocate x to the larger size containing struct block_symbol. Modified: trunk/gcc/ChangeLog trunk/gcc/read-rtl-function.c
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 Richard Biener changed: What|Removed |Added Priority|P3 |P1
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 --- Comment #5 from David Malcolm --- Candidate patch: https://gcc.gnu.org/ml/gcc-patches/2017-03/msg00454.html
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 --- Comment #4 from David Malcolm --- Root cause of the crash in comment #0 is an out-of-bounds memory write in the RTL dump reader when handling SYMBOL_REFs with SYMBOL_FLAG_HAS_BLOCK_INFO set. What's happening is that gcc/read-rtl-function.c:selftest::test_loading_symbol_ref loads SRCDIR "/gcc/testsuite/selftests/symbol-ref.rtl" which contains a "(symbol_ref)" with flags with SYMBOL_FLAG_HAS_BLOCK_INFO set. Such SYMBOL_REFs are normally created by varasm.c:create_block_symbol, which has: /* Create the extended SYMBOL_REF. */ size = RTX_HDR_SIZE + sizeof (struct block_symbol); A normal SYMBOL_REF has the RTX_HDR_SIZE plus two rtunion (which on a x86_64 host is 8 + (2 * 8) = 24 bytes), whereas a SYMBOL_REF with SYMBOL_REF_HAS_BLOCK_INFO_P () has RTX_HDR_SIZE + sizeof (struct block_symbol); (which on a x86_64 host is 8 + 32 = 40 bytes) So the reader allocates a 24-byte symbol_ref, and then this line: 1142SYMBOL_REF_BLOCK (x) = NULL; implicitly assumes we have a 40-byte allocation, and writes zeros to whatever is in memory after the 24-byte allocation. In my tests, this happened to hit a cached INTEGER_CST for the "int" type, converting its code to 0 (ERROR_MARK), and hence chaos ensues; in particular, this leads to a crash in the garbage-collector when the pointer-walking visits the corrupted tree, and attempts to access fields for the wrong TREE_CODE. I'm testing a fix.
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2017-03-08 CC||dmalcolm at gcc dot gnu.org Assignee|unassigned at gcc dot gnu.org |dmalcolm at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #3 from David Malcolm --- I'm able to reproduce the issue seen in comment #0; am investigating.
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 Jeffrey A. Law changed: What|Removed |Added CC||law at redhat dot com --- Comment #2 from Jeffrey A. Law --- Note that arm-netbsdelf is failing selftest due to a GC issue as well.
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 Richard Biener changed: What|Removed |Added Target Milestone|--- |7.0
[Bug bootstrap/79952] [7 Regression] ICE in test_loading_cfg in read-rtl-function.c:2016 targeting hppa2.0w-hp-hpux11.11
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79952 --- Comment #1 from Martin Sebor --- Removing --enable-checking=all from the set of configure options or replacing it with --enable-checking=release allows the build to complete.
