From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id E6B8D38133E2; Tue,  7 Jun 2022 14:45:40 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E6B8D38133E2
From: "tnfchris at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug middle-end/105874] New: [13 Regression] Incorrect codegen and
 ICE since g:ed6fd2aed58f2cca99f15331bf68999c0e6df370
Date: Tue, 07 Jun 2022 14:45:40 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: middle-end
X-Bugzilla-Version: 13.0
X-Bugzilla-Keywords: ice-on-valid-code, wrong-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: tnfchris at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 keywords bug_severity priority component assigned_to reporter cc
 target_milestone cf_gcctarget
Message-ID: <bug-105874-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2022 14:45:41 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105874

            Bug ID: 105874
           Summary: [13 Regression] Incorrect codegen and ICE since
                    g:ed6fd2aed58f2cca99f15331bf68999c0e6df370
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Keywords: ice-on-valid-code, wrong-code
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: tnfchris at gcc dot gnu.org
                CC: sayle at gcc dot gnu.org
  Target Milestone: ---
            Target: aarch64*

In SPECCPU 2017 Leela no longer terminates since
g:ed6fd2aed58f2cca99f15331bf68999c0e6df370

Looking at the differences in the code, there seems to be a lot of addition=
al
useless calculation around functions such as _ZN9FastBoard6is_eyeEii

Filtering through them it looks like the change is causing loads from
uninitialize d stack space.

Before the change the code generated

```
_ZN9FastBoard6is_eyeEii:
adrp    x3, <<diffable>>
mov     x4, #0x1ba4                     // #7076
add     x4, x0, x4
add     x3, x3, #0xb20
ldrh    w4, [x4, w2, sxtw #1]
ldr     w3, [x3, w1, sxtw #2]
tst     w4, w3
```

So it loaded from a fixed anchor into rdata.  After the change

```
_ZN9FastBoard6is_eyeEii:
sub     sp, sp, #0x20
mov     x4, #0x1ba4
add     x5, x0, x4
add     x4, sp, #0x8
ldrh    w5, [x5, w2, sxtw #1]
ldr     w4, [x4, w1, sxtw #2]
tst     w5, w4
```

So it allocated 32 bytes of stack and then decides to load from uninitializ=
ed
space at sp+0x8.

I tried to create a minimal reproducer but the compiler ICEs as you get clo=
se.
e.g. even the example from the ticket PR95126

struct small{ short a,b; signed char c; };
extern int func(struct small X);
void call_func(void)
{
    static struct small const s =3D { 1, 2, 0 };
    func(s);
}

ICEs at -O2 with:

during RTL pass: expand
../borked.c: In function 'call_func':
../borked.c:6:5: internal compiler error: in emit_move_insn, at expr.cc:4011
    6 |     func(s);
      |     ^~~~~~~
0x909253 emit_move_insn(rtx_def*, rtx_def*)
        /ci/work/5c94c4ced6ebfcd0/gcc/expr.cc:4011
0x7eda3f load_register_parameters
        /ci/work/5c94c4ced6ebfcd0/gcc/calls.cc:2192
0x7f2183 expand_call(tree_node*, rtx_def*, int)
        /ci/work/5c94c4ced6ebfcd0/gcc/calls.cc:3593
0x905ccb expand_expr_real_1(tree_node*, rtx_def*, machine_mode,
expand_modifier, rtx_def**, bool)
        /ci/work/5c94c4ced6ebfcd0/gcc/expr.cc:11621
0x8057e3 expand_expr
        /ci/work/5c94c4ced6ebfcd0/gcc/expr.h:301
0x8057e3 expand_call_stmt
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:2831
0x8057e3 expand_gimple_stmt_1
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:3869
0x8057e3 expand_gimple_stmt
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:4033
0x80a44b expand_gimple_tailcall
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:4079
0x80a44b expand_gimple_basic_block
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:6059
0x80cbbf execute
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:6811

So I can't really reduce it at this point.=