[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588 Sam James changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #7 from Sam James --- done, I think
[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588 --- Comment #6 from GCC Commits --- The master branch has been updated by Tamar Christina : https://gcc.gnu.org/g:85094e2aa6dba7908f053046f02dd443e8f65d72 commit r14-8768-g85094e2aa6dba7908f053046f02dd443e8f65d72 Author: Tamar Christina Date: Fri Feb 2 23:52:27 2024 + middle-end: check memory accesses in the destination block [PR113588]. When analyzing loads for early break it was always the intention that for the exit where things get moved to we only check the loads that can be reached from the condition. However the main loop checks all loads and we skip the destination BB. As such we never actually check the loads reachable from the COND in the last BB unless this BB was also the exit chosen by the vectorizer. This leads us to incorrectly vectorize the loop in the PR and in doing so access out of bounds. gcc/ChangeLog: PR tree-optimization/113588 PR tree-optimization/113467 * tree-vect-data-refs.cc (vect_analyze_data_ref_dependence): Choose correct dest and fix checks. (vect_analyze_early_break_dependences): Update comments. gcc/testsuite/ChangeLog: PR tree-optimization/113588 PR tree-optimization/113467 * gcc.dg/vect/vect-early-break_108-pr113588.c: New test. * gcc.dg/vect/vect-early-break_109-pr113588.c: New test.
[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588 Tamar Christina changed: What|Removed |Added CC||acoplan at gcc dot gnu.org --- Comment #5 from Tamar Christina --- *** Bug 113661 has been marked as a duplicate of this bug. ***
[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588 --- Comment #4 from Tamar Christina --- The change Richi made this morning to only allow may_be_zero for the last exit makes it not rotate this loop anymore. However the bug is simply that if the final exit has a memory access it should be checked as well. I'll fix the underlying issue.
[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588 Tamar Christina changed: What|Removed |Added Assignee|unassigned at gcc dot gnu.org |tnfchris at gcc dot gnu.org Status|NEW |ASSIGNED --- Comment #3 from Tamar Christina --- hmm that shouldn't have vectorized. the read is from a buffer of unknown size. I think (need to verify) it's because the read ends up on the normal loop latch connected exit which we don't validate.
[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588 Jakub Jelinek changed: What|Removed |Added CC||jakub at gcc dot gnu.org, ||tnfchris at gcc dot gnu.org Priority|P3 |P1 --- Comment #2 from Jakub Jelinek --- Started to ICE with r14-7194-g6cb155a6cf314232248a12bdd395ed4151ae5a28 and since r14-7196-g99c0a540d6689ede068f9ba98af6f38c3cd71362 #c1 no longer ICEs but segfaults. In r14-7193 it passed.
[Bug tree-optimization/113588] [14 Regression] The vectorizer is introducing out-of-bounds memory access
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113588 Andrew Pinski changed: What|Removed |Added Target Milestone|--- |14.0 Last reconfirmed||2024-01-24 Summary|The vectorizer is |[14 Regression] The |introducing out-of-bounds |vectorizer is introducing |memory access |out-of-bounds memory access Ever confirmed|0 |1 Status|UNCONFIRMED |NEW --- Comment #1 from Andrew Pinski --- Confirmed, runable testcase: ``` #include #include __attribute__((noipa)) int foo (const char *s, unsigned long n) { unsigned long len = 0; while (*s++ && n--) ++len; return len; } int main() { long pgsz = sysconf (_SC_PAGESIZE); void *p = mmap (NULL, pgsz * 3, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, 0, 0); if (p == MAP_FAILED) return 0; mprotect (p, pgsz, PROT_NONE); mprotect (p+2*pgsz, pgsz, PROT_NONE); char *p1 = p + pgsz; p1[0] = 1; p1[1] = 0; foo (p1, 1000); p1 = p + 2*pgsz - 2; p1[0] = 1; p1[1] = 0; foo (p1, 1000); return 0; } ```