From patchwork Sun Jul  2 22:26:32 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom de Vries <Tom_deVries@mentor.com>
X-Patchwork-Id: 783245
Return-Path: 
 <gcc-patches-return-457392-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3x14ct6z2hz9sNh
	for <incoming@patchwork.ozlabs.org>;
	Mon,  3 Jul 2017 08:26:54 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b="XXtXR5Bm"; dkim-atps=neutral
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:subject:to:cc:message-id:date:mime-version:content-type; q=dns;
	s=default; b=sKXwghQYNalmAdBIdrE+PuMggOI6Xwlavft4BPbpPO0XCUTjM4
	7qhlXOEvq8xy2jT5mjCvVQj90FHPLgWOwfgmMYymfiodxlAN6d80x0/Cz5PCfQN8
	g50j2tsZ5ruYxN1tXuzvB6iUiyaljDPwm+sEG0n0RgakkQfB5DE/TPbEE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:subject:to:cc:message-id:date:mime-version:content-type; s=
	default; bh=IXqPb5CVHMM9R9W6IZd1Gogj/r8=; b=XXtXR5BmI0W0BFN1uy3D
	UT62mBp0X8o4gDoWGRU2qgysHYQO/TQlqjzWbgjeKVxppLgNFzxTOZEgpCqqbMWu
	fQAohgL+8VLgGRRHsaWQKacUkw5v4qDy2S4D0LAmYJClEGI6B2RQQcKa9fF6RW4E
	eQImOET6XwoMuvpuKkvqGCE=
Received: (qmail 109503 invoked by alias); 2 Jul 2017 22:26:46 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 109488 invoked by uid 89); 2 Jul 2017 22:26:45 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-24.5 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	RCVD_IN_DNSWL_NONE, SPF_PASS,
	URIBL_RED autolearn=ham version=3.3.2 spammy=Trying
X-HELO: relay1.mentorg.com
Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131)
	by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with
	ESMTP; Sun, 02 Jul 2017 22:26:43 +0000
Received: from nat-ies.mentorg.com ([192.94.31.2]
	helo=SVR-IES-MBX-04.mgc.mentorg.com)	by relay1.mentorg.com
	with esmtp id 1dRnKC-0005t3-7Z from Tom_deVries@mentor.com ;
	Sun, 02 Jul 2017 15:26:40 -0700
Received: from [127.0.0.1] (137.202.0.87) by SVR-IES-MBX-04.mgc.mentorg.com
	(139.181.222.4) with Microsoft SMTP Server (TLS) id
	15.0.1263.5; Sun, 2 Jul 2017 23:26:36 +0100
From: Tom de Vries <Tom_deVries@mentor.com>
Subject: [PATCH, PR81192] Fix sigsegv in find_same_succ_bb
To: Richard Biener <rguenther@suse.de>
CC: GCC Patches <gcc-patches@gcc.gnu.org>
Message-ID: <ab707fcb-816a-4948-a76b-379268404822@mentor.com>
Date: Mon, 3 Jul 2017 00:26:32 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
X-ClientProxiedBy: svr-ies-mbx-01.mgc.mentorg.com (139.181.222.1) To
	SVR-IES-MBX-04.mgc.mentorg.com (139.181.222.4)

[ Trying again with before.svg instead of before.pdf ]

Hi,

consider this test-case:
...
unsigned a;
int b, c;

static int
fn1 (int p1, int p2)
{
   return p1 > 2147483647 - p2 ? p1 : p1 + p2;
}

void
fn2 (void)
{
   int j;
   a = 30;
   for (; a;)
     for (; c; b = fn1 (j, 1))
       ;
}
...

When compiling the test-case with -Os, just before tail-merge it looks 
as in before.svg.

During tail-merge, it runs into a sigsegv.

What happens is the following:
- tail-merge decides to merge blocks 4 and 6, and removes block 6.
- bb8, a predecessor of block 6, is marked as member of
   deleted_bb_preds.
- during update_worklist, same_succ_flush_bb is called for bb8
- same_succ_flush_bb runs into a sigsegv because
   BB_SAME_SUCC (bb8) == NULL
- the reason that BB_SAME_SUCC (bb8) == NULL, is because it hit the
   bb->loop_father->latch == bb clause in find_same_succ_bb at the start
   of the tail-merge pass.

This patch fixes the sigsegv by doing an early-out in same_succ_flush_bb 
if BB_SAME_SUCC () == NULL.

Bootstrapped and reg-tested on x86_64.

OK for trunk and gcc-[567]-branch?

Thanks,
- Tom

Fix sigsegv in find_same_succ_bb

2017-06-30  Tom de Vries  <tom@codesourcery.com>

	PR tree-optimization/81192
	* tree-ssa-tail-merge.c (same_succ_flush_bb): Handle
	BB_SAME_SUCC (bb) == NULL.

	* gcc.dg/pr81192.c: New test.

---
 gcc/testsuite/gcc.dg/pr81192.c | 22 ++++++++++++++++++++++
 gcc/tree-ssa-tail-merge.c      |  3 +++
 2 files changed, 25 insertions(+)

diff --git a/gcc/testsuite/gcc.dg/pr81192.c b/gcc/testsuite/gcc.dg/pr81192.c
new file mode 100644
index 0000000..57eb478
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/pr81192.c
@@ -0,0 +1,22 @@
+/* { dg-options "-Os -fdump-tree-pre-details" } */
+
+unsigned a;
+int b, c;
+
+static int
+fn1 (int p1, int p2)
+{
+  return p1 > 2147483647 - p2 ? p1 : p1 + p2;
+}
+
+void
+fn2 (void)
+{
+  int j;
+  a = 30;
+  for (; a;)
+    for (; c; b = fn1 (j, 1))
+      ;
+}
+
+/* { dg-final { scan-tree-dump-times "(?n)find_duplicates: <bb .*> duplicate of <bb .*>" 1 "pre" } } */
diff --git a/gcc/tree-ssa-tail-merge.c b/gcc/tree-ssa-tail-merge.c
index f6c9878..bb8a308 100644
--- a/gcc/tree-ssa-tail-merge.c
+++ b/gcc/tree-ssa-tail-merge.c
@@ -809,6 +809,9 @@ static void
 same_succ_flush_bb (basic_block bb)
 {
   same_succ *same = BB_SAME_SUCC (bb);
+  if (! same)
+    return;
+
   BB_SAME_SUCC (bb) = NULL;
   if (bitmap_single_bit_set_p (same->bbs))
     same_succ_htab->remove_elt_with_hash (same, same->hashval);