* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's value range propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
@ 2021-11-04 15:25 ` marxin at gcc dot gnu.org
2021-11-04 15:32 ` jamborm at gcc dot gnu.org
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-11-04 15:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Wrong code due to ipa-cp's |[10/11/12 Regression] Wrong
|value range propagation |code due to ipa-cp's value
| |range propagation since
| |r10-5538-gc7ac9a0c7e3916f1
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
Last reconfirmed| |2021-11-04
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
If I see correctly, started with r10-5538-gc7ac9a0c7e3916f1.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's value range propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
2021-11-04 15:25 ` [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's value range propagation since r10-5538-gc7ac9a0c7e3916f1 marxin at gcc dot gnu.org
@ 2021-11-04 15:32 ` jamborm at gcc dot gnu.org
2021-11-05 7:23 ` rguenth at gcc dot gnu.org
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jamborm at gcc dot gnu.org @ 2021-11-04 15:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
Martin Jambor <jamborm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at gcc dot gnu.org |jamborm at gcc dot gnu.org
Status|NEW |ASSIGNED
--- Comment #2 from Martin Jambor <jamborm at gcc dot gnu.org> ---
Mine.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's value range propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
2021-11-04 15:25 ` [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's value range propagation since r10-5538-gc7ac9a0c7e3916f1 marxin at gcc dot gnu.org
2021-11-04 15:32 ` jamborm at gcc dot gnu.org
@ 2021-11-05 7:23 ` rguenth at gcc dot gnu.org
2021-11-05 17:25 ` hubicka at gcc dot gnu.org
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: rguenth at gcc dot gnu.org @ 2021-11-05 7:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |10.4
Keywords| |wrong-code
Priority|P3 |P2
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's value range propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
` (2 preceding siblings ...)
2021-11-05 7:23 ` rguenth at gcc dot gnu.org
@ 2021-11-05 17:25 ` hubicka at gcc dot gnu.org
2022-01-30 12:09 ` [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value " jamborm at gcc dot gnu.org
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: hubicka at gcc dot gnu.org @ 2021-11-05 17:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
--- Comment #3 from Jan Hubicka <hubicka at gcc dot gnu.org> ---
Just for the record, the problem is the ancestor jump function being used to
model two things - pointer plus which originates from ADDR_EXPR of component
reference and also C++ casts which checks whether parameter is NULL and does
pointer plus inly for non-NULL.
In this case the VR propgataion expects the first interpretation (without
special casing NULL) while the testcase does the second.
Honza
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
` (3 preceding siblings ...)
2021-11-05 17:25 ` hubicka at gcc dot gnu.org
@ 2022-01-30 12:09 ` jamborm at gcc dot gnu.org
2022-02-14 18:21 ` jamborm at gcc dot gnu.org
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jamborm at gcc dot gnu.org @ 2022-01-30 12:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
Martin Jambor <jamborm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[10/11/12 Regression] Wrong |[10/11/12 Regression] Wrong
|code due to ipa-cp's value |code due to ipa-cp's bits
|range propagation since |value propagation since
|r10-5538-gc7ac9a0c7e3916f1 |r10-5538-gc7ac9a0c7e3916f1
--- Comment #4 from Martin Jambor <jamborm at gcc dot gnu.org> ---
The last proposal to fix this is in
https://gcc.gnu.org/pipermail/gcc-patches/2021-November/585668.html
I will have another look, re-test and ping it soon.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
` (4 preceding siblings ...)
2022-01-30 12:09 ` [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value " jamborm at gcc dot gnu.org
@ 2022-02-14 18:21 ` jamborm at gcc dot gnu.org
2022-03-31 15:24 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jamborm at gcc dot gnu.org @ 2022-02-14 18:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
--- Comment #5 from Martin Jambor <jamborm at gcc dot gnu.org> ---
I have changed the patch a bit and re-submitted for review:
https://gcc.gnu.org/pipermail/gcc-patches/2022-February/590341.html
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
` (5 preceding siblings ...)
2022-02-14 18:21 ` jamborm at gcc dot gnu.org
@ 2022-03-31 15:24 ` cvs-commit at gcc dot gnu.org
2022-04-04 17:32 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-03-31 15:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Martin Jambor <jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:7ea3a73c195a79e6740ae594ee1a14c8bf7a938d
commit r12-7939-g7ea3a73c195a79e6740ae594ee1a14c8bf7a938d
Author: Martin Jambor <mjambor@suse.cz>
Date: Thu Mar 31 17:22:34 2022 +0200
ipa: Careful processing ANCESTOR jump functions and NULL pointers (PR
103083)
IPA_JF_ANCESTOR jump functions are constructed also when the formal
parameter of the caller is first checked whether it is NULL and left
as it is if it is NULL, to accommodate C++ casts to an ancestor class.
The jump function type was invented for devirtualization and IPA-CP
propagation of tree constants is also careful to apply it only to
existing DECLs(*) but as PR 103083 shows, the part propagating "known
bits" was not careful about this, which can lead to miscompilations.
This patch introduces a flag to the ancestor jump functions which
tells whether a NULL-check was elided when creating it and makes the
bits propagation behave accordingly, masking any bits otherwise would
be known to be one. This should safely preserve alignment info, which
is the primary ifnormation that we keep in bits for pointers.
(*) There still may remain problems when a DECL resides on address
zero (with -fno-delete-null-pointer-checks ...I hope it cannot happen
otherwise). I am looking into that now but I think it will be easier
for everyone if I do so in a follow-up patch.
gcc/ChangeLog:
2022-02-11 Martin Jambor <mjambor@suse.cz>
PR ipa/103083
* ipa-prop.h (ipa_ancestor_jf_data): New flag keep_null;
(ipa_get_jf_ancestor_keep_null): New function.
* ipa-prop.cc (ipa_set_ancestor_jf): Initialize keep_null field of
the
ancestor function.
(compute_complex_assign_jump_func): Pass false to keep_null
parameter of ipa_set_ancestor_jf.
(compute_complex_ancestor_jump_func): Pass true to keep_null
parameter of ipa_set_ancestor_jf.
(update_jump_functions_after_inlining): Carry over keep_null from
the
original ancestor jump-function or merge them.
(ipa_write_jump_function): Stream keep_null flag.
(ipa_read_jump_function): Likewise.
(ipa_print_node_jump_functions_for_edge): Print the new flag.
* ipa-cp.cc (class ipcp_bits_lattice): Make various getters const.
New
member function known_nonzero_p.
(ipcp_bits_lattice::known_nonzero_p): New.
(ipcp_bits_lattice::meet_with_1): New parameter drop_all_ones,
observe it.
(ipcp_bits_lattice::meet_with): Likewise.
(propagate_bits_across_jump_function): Simplify. Pass true in
drop_all_ones when it is necessary.
(propagate_aggs_across_jump_function): Take care of keep_null
flag.
(ipa_get_jf_ancestor_result): Propagate NULL accross keep_null
jump functions.
gcc/testsuite/ChangeLog:
2021-11-25 Martin Jambor <mjambor@suse.cz>
* gcc.dg/ipa/pr103083-1.c: New test.
* gcc.dg/ipa/pr103083-2.c: Likewise.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
` (6 preceding siblings ...)
2022-03-31 15:24 ` cvs-commit at gcc dot gnu.org
@ 2022-04-04 17:32 ` cvs-commit at gcc dot gnu.org
2022-04-05 9:20 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-04 17:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Martin Jambor
<jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:4f939ac1e295f38624c82fa75fa798e83d825232
commit r11-9775-g4f939ac1e295f38624c82fa75fa798e83d825232
Author: Martin Jambor <mjambor@suse.cz>
Date: Mon Apr 4 19:31:42 2022 +0200
ipa: Careful processing ANCESTOR jump functions and NULL pointers (PR
103083)
IPA_JF_ANCESTOR jump functions are constructed also when the formal
parameter of the caller is first checked whether it is NULL and left
as it is if it is NULL, to accommodate C++ casts to an ancestor class.
The jump function type was invented for devirtualization and IPA-CP
propagation of tree constants is also careful to apply it only to
existing DECLs(*) but as PR 103083 shows, the part propagating "known
bits" was not careful about this, which can lead to miscompilations.
This patch introduces a flag to the ancestor jump functions which
tells whether a NULL-check was elided when creating it and makes the
bits propagation behave accordingly, masking any bits otherwise would
be known to be one. This should safely preserve alignment info, which
is the primary ifnormation that we keep in bits for pointers.
(*) There still may remain problems when a DECL resides on address
zero (with -fno-delete-null-pointer-checks ...I hope it cannot happen
otherwise). I am looking into that now but I think it will be easier
for everyone if I do so in a follow-up patch.
gcc/ChangeLog:
2022-02-11 Martin Jambor <mjambor@suse.cz>
PR ipa/103083
* ipa-prop.h (ipa_ancestor_jf_data): New flag keep_null;
(ipa_get_jf_ancestor_keep_null): New function.
* ipa-prop.c (ipa_set_ancestor_jf): Initialize keep_null field of
the
ancestor function.
(compute_complex_assign_jump_func): Pass false to keep_null
parameter of ipa_set_ancestor_jf.
(compute_complex_ancestor_jump_func): Pass true to keep_null
parameter of ipa_set_ancestor_jf.
(update_jump_functions_after_inlining): Carry over keep_null from
the
original ancestor jump-function or merge them.
(ipa_write_jump_function): Stream keep_null flag.
(ipa_read_jump_function): Likewise.
(ipa_print_node_jump_functions_for_edge): Print the new flag.
* ipa-cp.c (class ipcp_bits_lattice): Make various getters const.
New
member function known_nonzero_p.
(ipcp_bits_lattice::known_nonzero_p): New.
(ipcp_bits_lattice::meet_with_1): New parameter drop_all_ones,
observe it.
(ipcp_bits_lattice::meet_with): Likewise.
(propagate_bits_across_jump_function): Simplify. Pass true in
drop_all_ones when it is necessary.
(propagate_aggs_across_jump_function): Take care of keep_null
flag.
(ipa_get_jf_ancestor_result): Propagate NULL accross keep_null
jump functions.
gcc/testsuite/ChangeLog:
2021-11-25 Martin Jambor <mjambor@suse.cz>
* gcc.dg/ipa/pr103083-1.c: New test.
* gcc.dg/ipa/pr103083-2.c: Likewise.
(cherry picked from commit 7ea3a73c195a79e6740ae594ee1a14c8bf7a938d)
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
` (7 preceding siblings ...)
2022-04-04 17:32 ` cvs-commit at gcc dot gnu.org
@ 2022-04-05 9:20 ` cvs-commit at gcc dot gnu.org
2022-04-15 10:22 ` mikpelinux at gmail dot com
2022-04-15 20:11 ` hubicka at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-04-05 9:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Martin Jambor
<jamborm@gcc.gnu.org>:
https://gcc.gnu.org/g:8c3e60933fa56dba47e75c88757395a73d38b04d
commit r10-10523-g8c3e60933fa56dba47e75c88757395a73d38b04d
Author: Martin Jambor <mjambor@suse.cz>
Date: Tue Apr 5 11:19:49 2022 +0200
ipa: Careful processing ANCESTOR jump functions and NULL pointers (PR
103083)
IPA_JF_ANCESTOR jump functions are constructed also when the formal
parameter of the caller is first checked whether it is NULL and left
as it is if it is NULL, to accommodate C++ casts to an ancestor class.
The jump function type was invented for devirtualization and IPA-CP
propagation of tree constants is also careful to apply it only to
existing DECLs(*) but as PR 103083 shows, the part propagating "known
bits" was not careful about this, which can lead to miscompilations.
This patch introduces a flag to the ancestor jump functions which
tells whether a NULL-check was elided when creating it and makes the
bits propagation behave accordingly, masking any bits otherwise would
be known to be one. This should safely preserve alignment info, which
is the primary ifnormation that we keep in bits for pointers.
(*) There still may remain problems when a DECL resides on address
zero (with -fno-delete-null-pointer-checks ...I hope it cannot happen
otherwise). I am looking into that now but I think it will be easier
for everyone if I do so in a follow-up patch.
gcc/ChangeLog:
2022-02-11 Martin Jambor <mjambor@suse.cz>
PR ipa/103083
* ipa-prop.h (ipa_ancestor_jf_data): New flag keep_null;
(ipa_get_jf_ancestor_keep_null): New function.
* ipa-prop.c (ipa_set_ancestor_jf): Initialize keep_null field of
the
ancestor function.
(compute_complex_assign_jump_func): Pass false to keep_null
parameter of ipa_set_ancestor_jf.
(compute_complex_ancestor_jump_func): Pass true to keep_null
parameter of ipa_set_ancestor_jf.
(update_jump_functions_after_inlining): Carry over keep_null from
the
original ancestor jump-function or merge them.
(ipa_write_jump_function): Stream keep_null flag.
(ipa_read_jump_function): Likewise.
(ipa_print_node_jump_functions_for_edge): Print the new flag.
* ipa-cp.c (class ipcp_bits_lattice): Make various getters const.
New
member function known_nonzero_p.
(ipcp_bits_lattice::known_nonzero_p): New.
(ipcp_bits_lattice::meet_with_1): New parameter drop_all_ones,
observe it.
(ipcp_bits_lattice::meet_with): Likewise.
(propagate_bits_across_jump_function): Simplify. Pass true in
drop_all_ones when it is necessary.
(propagate_aggs_across_jump_function): Take care of keep_null
flag.
(ipa_get_jf_ancestor_result): Propagate NULL accross keep_null
jump functions.
gcc/testsuite/ChangeLog:
2021-11-25 Martin Jambor <mjambor@suse.cz>
* gcc.dg/ipa/pr103083-1.c: New test.
* gcc.dg/ipa/pr103083-2.c: Likewise.
(cherry picked from commit 7ea3a73c195a79e6740ae594ee1a14c8bf7a938d)
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
` (8 preceding siblings ...)
2022-04-05 9:20 ` cvs-commit at gcc dot gnu.org
@ 2022-04-15 10:22 ` mikpelinux at gmail dot com
2022-04-15 20:11 ` hubicka at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: mikpelinux at gmail dot com @ 2022-04-15 10:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
Mikael Pettersson <mikpelinux at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mikpelinux at gmail dot com
--- Comment #9 from Mikael Pettersson <mikpelinux at gmail dot com> ---
Can this be closed now? I cannot reproduce the abort at -O2 for the original
test case with current gcc-10/11 branch snapshots (but I can with snapshots
from March).
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug ipa/103083] [10/11/12 Regression] Wrong code due to ipa-cp's bits value propagation since r10-5538-gc7ac9a0c7e3916f1
2021-11-04 15:19 [Bug ipa/103083] New: Wrong code due to ipa-cp's value range propagation hubicka at gcc dot gnu.org
` (9 preceding siblings ...)
2022-04-15 10:22 ` mikpelinux at gmail dot com
@ 2022-04-15 20:11 ` hubicka at gcc dot gnu.org
10 siblings, 0 replies; 12+ messages in thread
From: hubicka at gcc dot gnu.org @ 2022-04-15 20:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103083
Jan Hubicka <hubicka at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #10 from Jan Hubicka <hubicka at gcc dot gnu.org> ---
Fixed.
^ permalink raw reply [flat|nested] 12+ messages in thread