[Bug ipa/100994] New: wrong code with "-O1 -finline-small-functions -fipa-cp"

[Bug ipa/100994] New: wrong code with "-O1 -finline-small-functions -fipa-cp"

[suochenyao at 163 dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

            Bug ID: 100994
           Summary: wrong code with "-O1 -finline-small-functions
                    -fipa-cp"
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: ipa
          Assignee: unassigned at gcc dot gnu.org
          Reporter: suochenyao at 163 dot com
                CC: marxin at gcc dot gnu.org
  Target Milestone: ---

*******************************************************************************
OS and Platform:
CentOS Linux release 7.8.2003 (Core), x86_64 GNU/Linux
*******************************************************************************
Program:
struct a {
  unsigned b : 4;
  unsigned c : 9;
} const d;
int e, f, g;
char h;
short i;
static int(j)() { return 0; }
static int k(const struct a l) {
  for (; g; j() & l.c)
    ;
  e = 1;
  i = e + 6;
  for (; e != 7; e = i)
    h = f || l.b;
  int m = l.c;
  return 0;
}
void main() { k(d); }
*******************************************************************************
gcc version:
$ gcc -v
Using built-in specs.
COLLECT_GCC=/data/bin/gcc-dev/bin/gcc
COLLECT_LTO_WRAPPER=/data/bin/gcc-dev/libexec/gcc/x86_64-pc-linux-gnu/12.0.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../configure --prefix=/data/bin/gcc-dev --disable-multilib
--enable-languages=c,c++
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.0.0 20210608 (experimental) (GCC)

git version: 1afa4facb9348cac0349ff9c30066aa25a3608f7
*******************************************************************************
Command Lines:
$ gcc -O1 -finline-small-functions -fipa-cp -Wall -Wextra -fno-strict-aliasing
-fwrapv a.c -o a1.out
a.c: In function ‘k’:
a.c:10:17: warning: value computed is not used [-Wunused-value]
   10 |   for (; g; j() & l.c)
      |             ~~~~^~~~~
a.c:16:7: warning: unused variable ‘m’ [-Wunused-variable]
   16 |   int m = l.c;
      |       ^
a.c: At top level:
a.c:19:6: warning: return type of ‘main’ is not ‘int’ [-Wmain]
   19 | void main() { k(d); }
      |      ^~~~
$ /data/bin/gcc-dev/bin/gcc a.c -o a2.out
$ ./a1.out
Segmentation fault (core dumped)
$ ./a2.out
$

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
            Summary|wrong code with "-O1        |[12 Regression] wrong code
                   |-finline-small-functions    |with "-O1
                   |-fipa-cp"                   |-finline-small-functions
                   |                            |-fipa-cp"
                 CC|                            |ebotcazou at gcc dot gnu.org,
                   |                            |jakub at gcc dot gnu.org
   Target Milestone|---                         |12.0
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2021-06-09

--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
That void main should have been int main.
Anyway, started with
r12-434-g93f8cb4965cebee125f96376367f05e18ee5749b

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The difference after IPA between r12-433 and r12-434 is:
--- pr100994.c.092t.fixup_cfg3_ 2021-06-09 14:26:08.000000000 -0400
+++ pr100994.c.092t.fixup_cfg3  2021-06-09 14:26:28.000000000 -0400
@@ -3,7 +3,6 @@

 int main ()
 {
-  const struct a l;
   const <unnamed-unsigned:9> l$c;
   int g.0_4;
   int f.3_5;
@@ -14,8 +13,7 @@ int main ()
   int e.5_10;

   <bb 2> [local count: 1073741824]:
-  l = d;
-  l$c_3 = l.c;
+  l$c_3 = 0;

   <bb 3> [local count: 9761289362]:
   g.0_4 = g;
@@ -37,8 +35,8 @@ int main ()
     goto <bb 6>; [50.00%]

   <bb 6> [local count: 4343773769]:
-  l.c = l$c_3;
-  _6 = BIT_FIELD_REF <l, 8, 0>;
+  d.c = l$c_3;
+  _6 = 0;
   _7 = _6 & 15;
   if (_7 != 0)
     goto <bb 8>; [50.00%]

Note, d is a TREE_STATIC const variable where both members are 0,
so I guess l$c_3 = 0; is ok, but the l.c = l$c_3 to d.c = l$c_3; change is not,
that is what segfaults there.

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jamborm at gcc dot gnu.org

--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The
  MEM[(struct a *)&l].c = l$c_24;
in the function to be inlined is there since esra.  Arguably it is strange that
esra stores back into the parameter when it is const.
In C/C++ one can cast away the const, but if the parm isn't addressable and
there are no stores to it it shouldn't be modified.

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Though, SRA isn't really needed, consider following testcase with
-O2 -fno-early-inlining -fno-tree-sra -fno-tree-fre

struct S { unsigned b : 4; unsigned c : 9; } const d;
__attribute__((noipa)) void foo (void) {}
static int bar (const struct S l) {
  ((struct S *)&l)->b += 2;
  ((struct S *)&l)->c += 4;
  foo ();
  return l.b + l.c;
}
int main () { bar (d); return 0; }

This also worked fine with r12-433 and segfaults with r12-434 because it will
store to d.b and d.c (instead of modifying an automatic variable).
But even if it doesn't bind to a static .rodata variable where stores will
segfault, but binds to caller's automatic variable, this binding might change
the caller's variable.

Perhaps the tree-inline.c change is fine for Ada, but it doesn't seem to be
safe for C/C++.

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Consider with the same -O2 -fno-early-inlining -fno-tree-sra -fno-tree-fre
flags:

const struct S { unsigned b : 4; unsigned c : 9; } d;
__attribute__((noipa)) void foo (void) {}
static int bar (const struct S l) {
  ((struct S *)&l)->b += 2;
  ((struct S *)&l)->c += 4;
  foo ();
  return l.b + l.c;
}
__attribute__((noipa)) int baz (void) { return 2; }
int main () { const struct S d = { 1, baz () }; bar (d); return d.b - 1; }

This used to exit with 0 in r12-433 but exits with 2 in r12-434.

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msebor at gcc dot gnu.org

--- Comment #6 from Martin Sebor <msebor at gcc dot gnu.org> ---
The test cases in comment #4 and comment #5 aren't valid, either in C++ or in
C: it's undefined to modify const-qualified object.

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

--- Comment #7 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
> Perhaps the tree-inline.c change is fine for Ada, but it doesn't seem to be
> safe for C/C++.

You're casting away the const qualifier though, how can this valid C++?

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

--- Comment #8 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
> The
>   MEM[(struct a *)&l].c = l$c_24;
> in the function to be inlined is there since esra.  Arguably it is strange
> that esra stores back into the parameter when it is const.

Right, it's a duplicate of PR optimization/100453; SRA should not generate
writes  into TREE_READONLY objects.

[Bug ipa/100994] [12 Regression] wrong code with "-O1 -finline-small-functions -fipa-cp"

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100994

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #9 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup of bug 100453 then.

*** This bug has been marked as a duplicate of bug 100453 ***