Miscompilation on arm64 with GCC LTO

Sam James sam at gentoo.org
Mon May 8 04:20:58 CEST 2023 

Hello,

Note that this has been reported twice before [0][1] but I think I've got a=
 more specific test case.

This was reported in Gentoo [2] as well.

gmp-6.2.1 when built with gcc 12/13/14 (trunk as of today) combined with -O2
=2Dflto or -O3 -flto is miscompiled, causing a few issues
1. `make check` for gmp fails the 't-constants' test
2. gcc itself ICEs with a trivial command [3]
```echo hi | aarch64-unknown-linux-gnu-gcc -E -dM -```
3. gcc hangs with a trivial command
```echo hi | aarch64-unknown-linux-gnu-gfortran -Werror -xf77 -v -c -```

With regard to command 1 above
```
# cat t-constants.log
Aborted (core dumped)
FAIL t-constants (exit status 134)
```

and
```
# ./t-constants
PP_INVERTED =3D=3D 21cfe6cfc938b36b, but pp_inverted_calc =3D=3D
20f8c8b59d4cb9bc

After gmp.h,
ULONG_MAX  defined
LONG_MAX   defined
UINT_MAX   defined
INT_MAX    defined
USHRT_MAX  defined
SHRT_MAX   defined

ULONG_MAX      FFFFFFFFFFFFFFFF
ULONG_HIGHBIT  8000000000000000
LONG_MAX       7FFFFFFFFFFFFFFF
LONG_MIN       8000000000000000
UINT_MAX       FFFFFFFF
UINT_HIGHBIT   80000000
INT_MAX        7FFFFFFF
INT_MIN        80000000
USHRT_MAX      FFFF
USHRT_HIGHBIT  8000
SHRT_MAX       7FFF
SHRT_MIN       FFFF8000

Bits
long           64
int            32
short          16
unsigned long  64
unsigned int   32
unsigned short 16
mp_size_t      64
Aborted (core dumped)
```

... with backtrace
```
Program received signal SIGABRT, Aborted.
0x0000fffff7df0224 in ?? () from /usr/lib64/libc.so.6
(gdb) bt
#0  0x0000fffff7df0224 in ?? () from /usr/lib64/libc.so.6
#1  0x0000fffff7daa03c in raise () from /usr/lib64/libc.so.6
#2  0x0000fffff7d96664 in abort () from /usr/lib64/libc.so.6
#3  0x0000aaaaaaaa0bd8 in main (argc=3D<optimized out>, argv=3D<optimized
out>) at /var/tmp/portage/dev-libs/gmp-6.2.1-r5/work/gmp-6.2.1/tests/t-cons=
tants.c 340
(gdb)
```

When GCC hangs in command 3 above, strace shows no activity & the
backtrace from attaching gdb is
```
(gdb) bt
#0  __gmpn_sub_n () at tmp-sub_n.s118
#1  0x0000ffffa4e73228 in __gmpn_toom2_sqr (pp=3D0xffffcf573070,
ap=3D0x382507f8, an=3D<optimized out>, scratch=3D0xffffcf56f8b0) at
mpn/toom2_sqr.c108
#2  0x0000ffffa4e73a04 in __gmpn_toom3_sqr (pp=3D0xffffcf572d90,
ap=3D0x38250688, an=3D<optimized out>, scratch=3D0xffffcf56f4f0) at
mpn/toom3_sqr.c182
#3  0x0000ffffa4e5c458 in __gmpn_sqr (p=3Dp at entry=3D0xffffcf572d90,
a=3Da at entry=3D0x38250688, n=3Dn at entry=3D69) at mpn/sqr.c62
#4  0x0000ffffa4e5ced8 in mpn_dc_sqrtrem (sp=3Dsp at entry=3D0x38250688,
np=3Dnp at entry=3D0xffffcf572938, n=3Dn at entry=3D139, approx=3Dapprox at entry=3D=
0,
scratch=3Dscratch at entry=3D0xffffcf5706b0) at mpn/sqrtrem.c260
#5  0x0000ffffa4e5ce40 in mpn_dc_sqrtrem (sp=3D0x38250238,
sp at entry=3D0x919883e983b01336, np=3D0xffffcf572098,
np at entry=3D0xffffcf575748,n=3Dn at entry=3D277,
approx=3Dapprox at entry=3D0,scratch=3Dscratch at entry=3D0xffffcf5706b0)    at
mpn/sqrtrem.c245
#6  0x0000ffffa4e5e864 in mpn_dc_sqrt (sp=3Dsp at entry=3D0x3824f9a0,
np=3D0x9c9a68703b29afc0, np at entry=3D0xffffcf573330, n=3Dn at entry=3D552,
nsh=3D0, odd=3Dodd at entry=3D0) at mpn/sqrtrem.c342
#7  0x0000ffffa4e5ef84 in __gmpn_sqrtrem (sp=3Dsp at entry=3D0x3824f9a0,
rp=3Drp at entry=3D0x0, np=3Dnp at entry=3D0xffffcf573330, nn=3Dnn at entry=3D1104) =
at
mpn/sqrtrem.c501
#8  0x0000ffffa4ee76d8 in mpfr_sqrt (r=3Dr at entry=3D0xffffcf575748,
u=3Du at entry=3D0xffffcf575748, rnd_mode=3Drnd_mode at entry=3DMPFR_RNDN) at
/usr/src/debug/dev-libs/mpfr-4.2.0_p4/mpfr-4.2.0/src/sqrt.c627
#9  0x0000ffffa4eeb838 in mpfr_const_pi_internal (x=3D0xffffa504f780,
rnd_mode=3DMPFR_RNDN) at
/usr/src/debug/dev-libs/mpfr-4.2.0_p4/mpfr-4.2.0/src/const_pi.c85
#10 0x0000ffffa4f08648 in mpfr_cache (dest=3D0xffffcf575968,
cache=3D0xffffa504f780, rnd=3DMPFR_RNDN) at
/usr/src/debug/dev-libs/mpfr-4.2.0_p4/mpfr-4.2.0/src/cache.c103
#11 0x0000ffffa4eddb2c in mpfr_log (r=3D0xffffcf575ad8,
a=3D0xffffcf575ad8, rnd_mode=3DMPFR_RNDD) at
/usr/src/debug/dev-libs/mpfr-4.2.0_p4/mpfr-4.2.0/src/log.c149
#12 0x0000ffffa4ef8ff4 in mpfr_log10 (r=3D0xffffcf575b48,
a=3D0xffffcf575b48, rnd_mode=3DMPFR_RNDN) at
/usr/src/debug/dev-libs/mpfr-4.2.0_p4/mpfr-4.2.0/src/log10.c117
#13 0x0000000000721cb0 in gfc_arith_init_1 () at
/usr/src/debug/sys-devel/gcc-14.0.0.9999/gcc-14.0.0.9999/gcc/fortran/arith.=
cc176
#14 0x000000000079fa1c in gfc_init_1 () at
/usr/src/debug/sys-devel/gcc-14.0.0.9999/gcc-14.0.0.9999/gcc/fortran/misc.c=
c349
#15 0x000000000081eb5c in gfc_init () at
/usr/src/debug/sys-devel/gcc-14.0.0.9999/gcc-14.0.0.9999/gcc/fortran/f95-la=
ng.cc273
#16 0x000000000071e4a4 in lang_dependent_init (name=3D0xffffcf576f90
"-") at
/usr/src/debug/sys-devel/gcc-14.0.0.9999/gcc-14.0.0.9999/gcc/toplev.cc1820
#17 do_compile (no_backend=3Dfalse) at
/usr/src/debug/sys-devel/gcc-14.0.0.9999/gcc-14.0.0.9999/gcc/toplev.cc2115
#18 toplevmain (this=3Dthis at entry=3D0xffffcf575cf0, argc=3D<optimized
out>, argc at entry=3D15, argv=3D<optimized out>,
argv at entry=3D0xffffcf575e78)
at
/usr/src/debug/sys-devel/gcc-14.0.0.9999/gcc-14.0.0.9999/gcc/toplev.cc2282
#19 0x000000000071faa8 in main (argc=3D15, argv=3D0xffffcf575e78) at
/usr/src/debug/sys-devel/gcc-14.0.0.9999/gcc-14.0.0.9999/gcc/main.cc39
(gdb)
```

Note that Jannik identified the bad commit [0] as 18082c5d0fcb06969 [4].

System information
```
$ ./config.guess
aarch64-unknown-linux-gnu
$ ./configfsf.guess
aarch64-unknown-linux-gnu
$ uname -a
Linux arm64-20230425-unstable 5.15.64-gentoo-dist #1 SMP Wed Aug 31 17571=
0 -00 2022 aarch64 GNU/Linux=20
$ gcc --version
gcc (Gentoo 13.1.0-r1 p1) 13.1.0
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPO=
SE.
```

configure output https//dev.gentoo.org/~sam/bugs/gmp/arm64-lto/configure.=
txt.

I built with ./configure --enable-assembly CFLAGS=3D"-O2 -flto"
CXXFLAGS=3D"-O2 -flto" from the gmp-6.2.1.tar.lz tarball then ran
'make' and 'make check' to reproduce.

[0] https//gmplib.org/list-archives/gmp-bugs/2020-December/004981.html
[1] https//gmplib.org/list-archives/gmp-bugs/2023-January/005223.html
[3] https//gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109765
[4] https//gmplib.org/repo/gmp/rev/c5d0fcb06969

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 377 bytes
Desc: not available
URL: <https://gmplib.org/list-archives/gmp-bugs/attachments/20230508/49fba382/attachment-0002.bin>

More information about the gmp-bugs mailing list