From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26295 invoked by alias); 15 Oct 2010 00:53:26 -0000 Received: (qmail 26286 invoked by uid 22791); 15 Oct 2010 00:53:25 -0000 X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,MISSING_MID X-Spam-Check-By: sourceware.org Received: from localhost (HELO gcc.gnu.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 15 Oct 2010 00:53:21 +0000 From: "zsojka at seznam dot cz" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/46029] -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: zsojka at seznam dot cz X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: In-Reply-To: References: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Fri, 15 Oct 2010 00:53:00 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2010-10/txt/msg01252.txt.bz2 Message-ID: <20101015005300.ev3i-RrO2idlxTptM5YbyXPIChctxpV3Kiriy6DUBzU@z> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029 --- Comment #1 from Zdenek Sojka 2010-10-15 00:53:15 UTC --- Created attachment 22048 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=22048 hopefully reduced testcase $ g++ -O -ftree-loop-if-convert-stores pr46029.C $ ./a.out Segmentation fault In the assembly, with -ftree-loop-if-convert-stores, "nd_it.get_l_child ().get_metadata ()" in apply_update() is loaded unconditionally. 62a64 > mov esi, 0 # tmp69, 64,69c66,70 < mov rcx, QWORD PTR [rax] # D.2294, p_nd_32->m_p_left < mov edx, 0 # l_max_endpoint, < test rcx, rcx # D.2294 < je .L3 #, < mov edx, DWORD PTR [rcx+16] # l_max_endpoint, MEM[(unsigned int &)D.2294_12 + 16] < .L3: --- > mov rdx, QWORD PTR [rax] # D.2294, p_nd_32->m_p_left > mov ecx, DWORD PTR [rdx+16] # l_max_endpoint, MEM[(unsigned int &)D.2294_12 + 16] > test rdx, rdx # D.2294 > mov edx, esi # l_max_endpoint, tmp69 > cmovne edx, ecx # l_max_endpoint,, l_max_endpoint In the first case, memory is not accessed if the pointer is NULL, but in the second, "mov ecx, DWORD PTR [rdx+16]" reads invalid memory.