[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-11-06 Thread rguenth at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

Richard Biener  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
  Known to work||9.0
 Resolution|--- |FIXED

--- Comment #10 from Richard Biener  ---
Fixed on trunk.

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-11-06 Thread rguenth at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

--- Comment #9 from Richard Biener  ---
Author: rguenth
Date: Tue Nov  6 15:46:42 2018
New Revision: 265848

URL: https://gcc.gnu.org/viewcvs?rev=265848=gcc=rev
Log:
2018-11-06  Richard Biener  

PR tree-optimization/86850
* vec.h (vec::splice): Check src.length ()
instead of src.m_vec.

Modified:
trunk/gcc/ChangeLog
trunk/gcc/vec.h

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-11-06 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

--- Comment #8 from Martin Liška  ---
> diff --git a/gcc/vec.h b/gcc/vec.h
> index f8c039754d2..407269c5ad3 100644
> --- a/gcc/vec.h
> +++ b/gcc/vec.h
> @@ -1688,7 +1688,7 @@ template
>  inline void
>  vec::splice (const vec )
>  {
> -  if (src.m_vec)
> +  if (src.length ())
>  m_vec->splice (*(src.m_vec));
>  }

I can confirm that ubsan GCC is not happy and no run-time error is reported.

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-11-06 Thread rguenth at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

Richard Biener  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Assignee|unassigned at gcc dot gnu.org  |rguenth at gcc dot 
gnu.org

--- Comment #7 from Richard Biener  ---
So the suggested assert is bogus.  But indeed the issue is that
vect_create_new_slp_node eventually uses .create (0) which does nothing
and then splice does

template
inline void
vec::splice (const vec )
{
  if (src.m_vec)
m_vec->splice (*(src.m_vec));
}

which for m_vec == NULL is doing the reported.  I guess replacing
if (src.m_vec) with if (src.length ()) would fix this.

diff --git a/gcc/vec.h b/gcc/vec.h
index f8c039754d2..407269c5ad3 100644
--- a/gcc/vec.h
+++ b/gcc/vec.h
@@ -1688,7 +1688,7 @@ template
 inline void
 vec::splice (const vec )
 {
-  if (src.m_vec)
+  if (src.length ())
 m_vec->splice (*(src.m_vec));
 }

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-11-06 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

Martin Liška  changed:

   What|Removed |Added

 Status|WAITING |NEW

--- Comment #6 from Martin Liška  ---
Richi can you please assign that?

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-11-05 Thread dcb314 at hotmail dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

--- Comment #5 from David Binderman  ---
Original problem still exists a couple of months later.

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-08-31 Thread dcb314 at hotmail dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

--- Comment #4 from David Binderman  ---
I tried out your suggestion and got this:

$ ~/gcc/results.264011.dcb.ubsan/bin/gcc -c -O3 -std=c89 -w bug453.c
during GIMPLE pass: slp
src/rate.c: In function ‘od_enc_rc_reset’:
src/rate.c:365:13: internal compiler error: in vect_build_slp_tree_2, at
tree-vect-slp.c:1492
0x676275 vect_build_slp_tree_2
../../trunk/gcc/tree-vect-slp.c:1492
0x2c3a7d6 vect_build_slp_tree
../../trunk/gcc/tree-vect-slp.c:1105
0x2c3e793 vect_build_slp_tree_2
../../trunk/gcc/tree-vect-slp.c:1257
0x2c3a7d6 vect_build_slp_tree
../../trunk/gcc/tree-vect-slp.c:1105

I used revision 264011 as a baseline.

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-08-21 Thread rguenther at suse dot de 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

--- Comment #3 from rguenther at suse dot de  ---
On Tue, 21 Aug 2018, dcb314 at hotmail dot com wrote:

> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850
> 
> --- Comment #2 from David Binderman  ---
> Indeed it does look like vectorizer code. Here are 20 frames,
> found by using the UBSAN_OPTIONS=print_stacktrace=1 option:

OK, I suppose we're creating a SLP node for a PHI where there are zero
operands and thus no children and

SLP_TREE_CHILDREN (node).create (nops);

will not create a vector but a splice of an empty vector will barf
when splicing into it.

Index: gcc/tree-vect-slp.c
===
--- gcc/tree-vect-slp.c (revision 263656)
+++ gcc/tree-vect-slp.c (working copy)
@@ -1489,7 +1489,9 @@ fail:

   node = vect_create_new_slp_node (stmts);
   SLP_TREE_TWO_OPERATORS (node) = two_operators;
-  SLP_TREE_CHILDREN (node).splice (children);
+  gcc_assert (children.length () == nops);
+  if (!children.is_empty ())
+SLP_TREE_CHILDREN (node).splice (children);
   return node;
 }

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-08-21 Thread dcb314 at hotmail dot com 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

--- Comment #2 from David Binderman  ---
Indeed it does look like vectorizer code. Here are 20 frames,
found by using the UBSAN_OPTIONS=print_stacktrace=1 option:

../../trunk/gcc/vec.h:1688:5: runtime error: member call on null pointer of
type
 'struct vec'
#0 0x2be4a24 in vec<_slp_tree*, va_heap, vl_ptr>::splice(vec<_slp_tree*,
va_
heap, vl_ptr> const&) ../../trunk/gcc/vec.h:1688
#1 0x2be4a24 in vect_build_slp_tree_2 ../../trunk/gcc/tree-vect-slp.c:1492
#2 0x2bd779e in vect_build_slp_tree ../../trunk/gcc/tree-vect-slp.c:1105
#3 0x2bdba6c in vect_build_slp_tree_2 ../../trunk/gcc/tree-vect-slp.c:1257
#4 0x2bd779e in vect_build_slp_tree ../../trunk/gcc/tree-vect-slp.c:1105
#5 0x2bdba6c in vect_build_slp_tree_2 ../../trunk/gcc/tree-vect-slp.c:1257
#6 0x2bd779e in vect_build_slp_tree ../../trunk/gcc/tree-vect-slp.c:1105
#7 0x2bf1e80 in vect_analyze_slp_instance
../../trunk/gcc/tree-vect-slp.c:19
56
#8 0x2bfa002 in vect_analyze_slp(vec_info*, unsigned int)
../../trunk/gcc/tr
ee-vect-slp.c:2154
#9 0x2bfaf63 in vect_slp_analyze_bb_1 ../../trunk/gcc/tree-vect-slp.c:2839
#10 0x2bfaf63 in vect_slp_bb(basic_block_def*)
../../trunk/gcc/tree-vect-slp
.c:2973
#11 0x2c0d5bc in execute ../../trunk/gcc/tree-vectorizer.c:1271
#12 0x1b4e1ac in execute_one_pass(opt_pass*) ../../trunk/gcc/passes.c:2446
#13 0x1b51cf7 in execute_pass_list_1 ../../trunk/gcc/passes.c:2535
#14 0x1b51d3e in execute_pass_list_1 ../../trunk/gcc/passes.c:2536
#15 0x1b51d3e in execute_pass_list_1 ../../trunk/gcc/passes.c:2536
#16 0x1b51e18 in execute_pass_list(function*, opt_pass*)
../../trunk/gcc/pas
ses.c:2546
#17 0xc9d9da in cgraph_node::expand() ../../trunk/gcc/cgraphunit.c:2116
#18 0xca2db4 in expand_all_functions ../../trunk/gcc/cgraphunit.c:2254
#19 0xca2db4 in symbol_table::compile() ../../trunk/gcc/cgraphunit.c:2605
#20 0xcaca6a in symbol_table::finalize_compilation_unit()
../../trunk/gcc/cg
raphunit.c:2698

[Bug tree-optimization/86850] ubsan: runtime error: member call on null pointer

2018-08-21 Thread rguenth at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86850

Richard Biener  changed:

   What|Removed |Added

 Status|UNCONFIRMED |WAITING
   Last reconfirmed||2018-08-21
 CC||rguenth at gcc dot gnu.org,
   ||rsandifo at gcc dot gnu.org
 Ever confirmed|0   |1

--- Comment #1 from Richard Biener  ---
Can you post a backtrace?  Probably vectorizer code.