public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "avi at scylladb dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/109053] New: [missed optimization] value-range tracking fails in simple case with __builtin_unreachable
Date: Tue, 07 Mar 2023 14:14:33 +0000 [thread overview]
Message-ID: <bug-109053-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109053
Bug ID: 109053
Summary: [missed optimization] value-range tracking fails in
simple case with __builtin_unreachable
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: avi at scylladb dot com
Target Milestone: ---
I'm trying to use __builtin_unreachable() to inject assumptions about values of
variables into this code. In this case, the fact that a reference count must be
one or greater.
Consider the code:
struct refcounted {
int* p;
refcounted() : p(new int(1)) {}
~refcounted() {
assume_stuff();
if (!--*p) {
delete p;
}
}
refcounted(const refcounted& x) : p(x.p) {
assume_stuff();
++*p;
assume_stuff();
}
refcounted& operator=(const refcounted& x) {
assume_stuff();
x.assume_stuff();
if (this != &x) {
++*x.p;
if (!--*p) {
delete p;
}
p = x.p;
}
assume_stuff();
x.assume_stuff();
return *this;
}
void assume_stuff() const {
if (*p <= 0) {
__builtin_unreachable();
}
}
};
refcounted assign(refcounted& a, refcounted& b) {
auto x = a;
a = b;
return x;
}
In the assign() function, although we assign to `a`, we also return it (as
`x`), so there's never a reason to call operator delete. Yet the code does.
assign(refcounted&, refcounted&):
mov %rdi,%rax
mov (%rsi),%rdi
mov %rdi,(%rax)
addl $0x1,(%rdi)
; gcc now knows that (%rdi) is 2 or greater
cmp %rdx,%rsi
je 68 <assign(refcounted&, refcounted&)+0x68>
push %rbp
mov %rdx,%rbp
push %rbx
mov %rsi,%rbx
sub $0x18,%rsp
mov (%rdx),%rcx
addl $0x1,(%rcx)
mov (%rdi),%edx
sub $0x1,%edx
; gcc now knows that (%rdi) is 1 or greater
je 40 <assign(refcounted&, refcounted&)+0x40>
; so how can it be zero?
; if gcc tracked the ranges correctly, it would have eliminated the branch and
made assign() a leaf function
mov %edx,(%rdi)
mov %rcx,(%rbx)
add $0x18,%rsp
pop %rbx
pop %rbp
ret
cs nopw 0x0(%rax,%rax,1)
mov $0x4,%esi
mov %rax,0x8(%rsp)
call 4f <assign(refcounted&, refcounted&)+0x4f>
R_X86_64_PLT32 operator delete(void*, unsigned long)-0x4
mov 0x0(%rbp),%rcx
mov 0x8(%rsp),%rax
mov %rcx,(%rbx)
add $0x18,%rsp
pop %rbx
pop %rbp
ret
nopw 0x0(%rax,%rax,1)
ret
Also on: https://godbolt.org/z/Tnehj86hc
next reply other threads:[~2023-03-07 14:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-07 14:14 avi at scylladb dot com [this message]
2023-03-07 22:00 ` [Bug tree-optimization/109053] " pinskia at gcc dot gnu.org
2023-03-07 22:14 ` pinskia at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-109053-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).