[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access

2024-02-03 Thread sjames at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588

Sam James  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #7 from Sam James  ---
done, I think

[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access

2024-02-02 Thread cvs-commit at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588

--- Comment #6 from GCC Commits  ---
The master branch has been updated by Tamar Christina :

https://gcc.gnu.org/g:85094e2aa6dba7908f053046f02dd443e8f65d72

commit r14-8768-g85094e2aa6dba7908f053046f02dd443e8f65d72
Author: Tamar Christina 
Date:   Fri Feb 2 23:52:27 2024 +

middle-end: check memory accesses in the destination block [PR113588].

When analyzing loads for early break it was always the intention that for
the
exit where things get moved to we only check the loads that can be reached
from
the condition.

However the main loop checks all loads and we skip the destination BB.  As
such
we never actually check the loads reachable from the COND in the last BB
unless
this BB was also the exit chosen by the vectorizer.

This leads us to incorrectly vectorize the loop in the PR and in doing so
access
out of bounds.

gcc/ChangeLog:

PR tree-optimization/113588
PR tree-optimization/113467
* tree-vect-data-refs.cc
(vect_analyze_data_ref_dependence):  Choose correct dest and fix
checks.
(vect_analyze_early_break_dependences): Update comments.

gcc/testsuite/ChangeLog:

PR tree-optimization/113588
PR tree-optimization/113467
* gcc.dg/vect/vect-early-break_108-pr113588.c: New test.
* gcc.dg/vect/vect-early-break_109-pr113588.c: New test.

[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access

2024-01-29 Thread tnfchris at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588

Tamar Christina  changed:

   What|Removed |Added

 CC||acoplan at gcc dot gnu.org

--- Comment #5 from Tamar Christina  ---
*** Bug 113661 has been marked as a duplicate of this bug. ***

[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access

2024-01-25 Thread tnfchris at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588

--- Comment #4 from Tamar Christina  ---
The change Richi made this morning to only allow may_be_zero  for the last exit
makes it not rotate this loop anymore.

However the bug is simply that if the final exit has a memory access it should
be checked as well.  I'll fix the underlying issue.

[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access

2024-01-25 Thread tnfchris at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588

Tamar Christina  changed:

   What|Removed |Added

   Assignee|unassigned at gcc dot gnu.org  |tnfchris at gcc dot 
gnu.org
 Status|NEW |ASSIGNED

--- Comment #3 from Tamar Christina  ---
hmm that shouldn't have vectorized. the read is from a buffer of unknown size.

I think (need to verify) it's because the read ends up on the normal loop latch
connected exit which we don't validate.

[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access

2024-01-24 Thread jakub at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588

Jakub Jelinek  changed:

   What|Removed |Added

 CC||jakub at gcc dot gnu.org,
   ||tnfchris at gcc dot gnu.org
   Priority|P3  |P1

--- Comment #2 from Jakub Jelinek  ---
Started to ICE with r14-7194-g6cb155a6cf314232248a12bdd395ed4151ae5a28
and since r14-7196-g99c0a540d6689ede068f9ba98af6f38c3cd71362 #c1 no longer ICEs
but
segfaults.  In r14-7193 it passed.

[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access

2024-01-24 Thread pinskia at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588

Andrew Pinski  changed:

   What|Removed |Added

   Target Milestone|--- |14.0
   Last reconfirmed||2024-01-24
Summary|The vectorizer is   |[14 Regression] The
   |introducing out-of-bounds   |vectorizer is introducing
   |memory access   |out-of-bounds memory access
 Ever confirmed|0   |1
 Status|UNCONFIRMED |NEW

--- Comment #1 from Andrew Pinski  ---
Confirmed, runable testcase:
```
#include 
#include 

__attribute__((noipa))
int foo (const char *s, unsigned long n)
{
 unsigned long len = 0;
 while (*s++ && n--)
   ++len;
 return len;
}

int main()
{
  long pgsz = sysconf (_SC_PAGESIZE);
  void *p = mmap (NULL, pgsz * 3, PROT_READ|PROT_WRITE,
 MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
  if (p == MAP_FAILED)
return 0;
  mprotect (p, pgsz, PROT_NONE);
  mprotect (p+2*pgsz, pgsz, PROT_NONE);
  char *p1 = p + pgsz;
  p1[0] = 1;
  p1[1] = 0;
  foo (p1, 1000);
  p1 = p + 2*pgsz - 2;
  p1[0] = 1;
  p1[1] = 0;
  foo (p1, 1000);
  return 0;
}
```