public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug tree-optimization/111422] New: Wrong code at -O3 on x86_64-linux-gnu
@ 2023-09-15 7:42 shaohua.li at inf dot ethz.ch
2023-09-15 12:20 ` [Bug tree-optimization/111422] " rguenth at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: shaohua.li at inf dot ethz.ch @ 2023-09-15 7:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111422
Bug ID: 111422
Summary: Wrong code at -O3 on x86_64-linux-gnu
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: shaohua.li at inf dot ethz.ch
Target Milestone: ---
gcc at -O3 produced the wrong code.
Compiler explorer: https://godbolt.org/z/3b4v478TG
$ cat a.c
int printf(const char *, ...);
int a, b;
int *c = &b;
unsigned d;
char e;
int f=1;
int i(int k, char *l) {
if (k < 6)
return a;
l[0] = l[1] = l[k - 1] = 8;
return 0;
}
int m(int k) {
char g[11];
int h = i(k, g);
return h;
}
int main() {
for (; b < 8; b = b + 1)
;
int j;
int *n[8];
j = 0;
for (;18446744073709551608U + m(*c) + *c + j < 2; j++){
n[j] = &f;
}
for (; e <= 4; e++)
d = *n[0] == f;
printf("%d\n", d);
}
$
$ gcc -O0 a.c && ./a.out
1
$ gcc -O3 a.c && ./a.out
Segmentation fault
$ gcc -O3 -fwrapv a.c && ./a.out
Segmentation fault
$ gcc -fsanitize=address,undefined a.c && ./a.out
1
$
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug tree-optimization/111422] Wrong code at -O3 on x86_64-linux-gnu
2023-09-15 7:42 [Bug tree-optimization/111422] New: Wrong code at -O3 on x86_64-linux-gnu shaohua.li at inf dot ethz.ch
@ 2023-09-15 12:20 ` rguenth at gcc dot gnu.org
2023-09-15 12:26 ` rguenth at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-09-15 12:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111422
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
CC| |rguenth at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Keywords| |needs-bisection, wrong-code
Last reconfirmed| |2023-09-15
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
Confirmed. We segfault at *n[0], also happens with -O2 -funswitch-loops,
still happens with -O3 -fno-unswitch-loops.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug tree-optimization/111422] Wrong code at -O3 on x86_64-linux-gnu
2023-09-15 7:42 [Bug tree-optimization/111422] New: Wrong code at -O3 on x86_64-linux-gnu shaohua.li at inf dot ethz.ch
2023-09-15 12:20 ` [Bug tree-optimization/111422] " rguenth at gcc dot gnu.org
@ 2023-09-15 12:26 ` rguenth at gcc dot gnu.org
2023-09-15 12:35 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-09-15 12:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111422
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to fail| |10.4.0, 12.3.1, 7.5.0
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
Hmm, -fstack-reuse=none helps...
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug tree-optimization/111422] Wrong code at -O3 on x86_64-linux-gnu
2023-09-15 7:42 [Bug tree-optimization/111422] New: Wrong code at -O3 on x86_64-linux-gnu shaohua.li at inf dot ethz.ch
2023-09-15 12:20 ` [Bug tree-optimization/111422] " rguenth at gcc dot gnu.org
2023-09-15 12:26 ` rguenth at gcc dot gnu.org
@ 2023-09-15 12:35 ` rguenth at gcc dot gnu.org
2024-01-16 10:51 ` [Bug middle-end/111422] " cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-09-15 12:35 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111422
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |missed-optimization
--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
There's a missed optimization. We have
# PT = { D.2843 }
_44 = &g + _43;
...
*_44 = 8;
g ={v} {CLOBBER(eol)};
...
*_44 = 8;
g ={v} {CLOBBER(eol)};
...
*_44 = 8;
g ={v} {CLOBBER(eol)};
I guess the clobber doesn't kill the ref according to stmt_kills_ref_p,
we'd have to special-case singleton points-to sets here. Optimizing the
stores would avoid the bogus sharing of g and n.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug middle-end/111422] Wrong code at -O3 on x86_64-linux-gnu
2023-09-15 7:42 [Bug tree-optimization/111422] New: Wrong code at -O3 on x86_64-linux-gnu shaohua.li at inf dot ethz.ch
` (2 preceding siblings ...)
2023-09-15 12:35 ` rguenth at gcc dot gnu.org
@ 2024-01-16 10:51 ` cvs-commit at gcc dot gnu.org
2024-03-02 0:38 ` cvs-commit at gcc dot gnu.org
2024-05-15 16:13 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-01-16 10:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111422
--- Comment #4 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:1251d3957de04dc9b023a23c09400217e13deadb
commit r14-7274-g1251d3957de04dc9b023a23c09400217e13deadb
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Jan 16 11:49:34 2024 +0100
cfgexpand: Workaround CSE of ADDR_EXPRs in VAR_DECL partitioning [PR113372]
The following patch adds a quick workaround to bugs in VAR_DECL
partitioning.
The problem is that there is no dependency between ADDR_EXPRs of local
decls and CLOBBERs of those vars, so VN can CSE uses of ADDR_EXPRs
(including ivopts integral variants thereof), which can break
add_scope_conflicts discovery of what variables are actually used
in certain region.
E.g. we can have
ivtmp.40_3 = (unsigned long) &MEM <unsigned long[100]> [(void *)&bitint.6
+ 8B];
...
uses of ivtmp.40_3
...
bitint.6 ={v} {CLOBBER(eos)};
...
ivtmp.28_43 = (unsigned long) &MEM <unsigned long[100]> [(void
*)&bitint.6 + 8B];
...
uses of ivtmp.28_43
before VN (such as dom3), which the add_scope_conflicts code identifies as
2
independent uses of bitint.6 variable (which is correct), but then VN
determines ivtmp.28_43 is the same as ivtmp.40_3 and just uses ivtmp.40_3
even in the second region; at that point add_scope_conflict thinks the
bitint.6 variable is not used in that region anymore.
The following patch does a simple single def-stmt check for such ADDR_EXPRs
(rather than say trying to do a full propagation of what SSA_NAMEs can
contain ADDR_EXPRs of local variables), which seems to workaround all 4
PRs.
In addition to this patch I've used the attached one to gather statistics
on the total size of all variable partitions in a function and seems
besides
the new testcases nothing is really affected compared to no patch (I've
actually just modified the patch to == OMP_SCAN instead of == ADDR_EXPR, so
it looks the same except that it never triggers). The comparison wasn't
perfect because I've only gathered BITS_PER_WORD, main_input_filename (did
some replacement of build directories and /tmp/ccXXXXXX names of LTO to
make
it more similar between the two bootstraps/regtests), current_function_name
and the total size of all variable partitions if any, because I didn't
record e.g. the optimization options and so e.g. torture tests which
iterate
over options could have different partition sizes even in one compiler when
BITS_PER_WORD, main_input_filename and current_function_name are all equal.
So had to write an awk script to check if the first triple in the second
build appeared in the first one and the quadruple in the second build
appeared in the first one too, otherwise print result and that only
triggered in the new tests.
Also, the cc1plus binary according to objdump -dr is identical between the
two builds except for the ADDR_EXPR vs. OMP_SCAN constant in the two spots.
2024-01-16 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/113372
PR middle-end/90348
PR middle-end/110115
PR middle-end/111422
* cfgexpand.cc (add_scope_conflicts_2): New function.
(add_scope_conflicts_1): Use it.
* gcc.dg/torture/bitint-49.c: New test.
* gcc.c-torture/execute/pr90348.c: New test.
* gcc.c-torture/execute/pr110115.c: New test.
* gcc.c-torture/execute/pr111422.c: New test.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug middle-end/111422] Wrong code at -O3 on x86_64-linux-gnu
2023-09-15 7:42 [Bug tree-optimization/111422] New: Wrong code at -O3 on x86_64-linux-gnu shaohua.li at inf dot ethz.ch
` (3 preceding siblings ...)
2024-01-16 10:51 ` [Bug middle-end/111422] " cvs-commit at gcc dot gnu.org
@ 2024-03-02 0:38 ` cvs-commit at gcc dot gnu.org
2024-05-15 16:13 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-03-02 0:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111422
--- Comment #5 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-13 branch has been updated by Jakub Jelinek
<jakub@gcc.gnu.org>:
https://gcc.gnu.org/g:432708c306838fe1444da0df7d629a60468c0c73
commit r13-8383-g432708c306838fe1444da0df7d629a60468c0c73
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Jan 16 11:49:34 2024 +0100
cfgexpand: Workaround CSE of ADDR_EXPRs in VAR_DECL partitioning [PR113372]
The following patch adds a quick workaround to bugs in VAR_DECL
partitioning.
The problem is that there is no dependency between ADDR_EXPRs of local
decls and CLOBBERs of those vars, so VN can CSE uses of ADDR_EXPRs
(including ivopts integral variants thereof), which can break
add_scope_conflicts discovery of what variables are actually used
in certain region.
E.g. we can have
ivtmp.40_3 = (unsigned long) &MEM <unsigned long[100]> [(void *)&bitint.6
+ 8B];
...
uses of ivtmp.40_3
...
bitint.6 ={v} {CLOBBER(eos)};
...
ivtmp.28_43 = (unsigned long) &MEM <unsigned long[100]> [(void
*)&bitint.6 + 8B];
...
uses of ivtmp.28_43
before VN (such as dom3), which the add_scope_conflicts code identifies as
2
independent uses of bitint.6 variable (which is correct), but then VN
determines ivtmp.28_43 is the same as ivtmp.40_3 and just uses ivtmp.40_3
even in the second region; at that point add_scope_conflict thinks the
bitint.6 variable is not used in that region anymore.
The following patch does a simple single def-stmt check for such ADDR_EXPRs
(rather than say trying to do a full propagation of what SSA_NAMEs can
contain ADDR_EXPRs of local variables), which seems to workaround all 4
PRs.
In addition to this patch I've used the attached one to gather statistics
on the total size of all variable partitions in a function and seems
besides
the new testcases nothing is really affected compared to no patch (I've
actually just modified the patch to == OMP_SCAN instead of == ADDR_EXPR, so
it looks the same except that it never triggers). The comparison wasn't
perfect because I've only gathered BITS_PER_WORD, main_input_filename (did
some replacement of build directories and /tmp/ccXXXXXX names of LTO to
make
it more similar between the two bootstraps/regtests), current_function_name
and the total size of all variable partitions if any, because I didn't
record e.g. the optimization options and so e.g. torture tests which
iterate
over options could have different partition sizes even in one compiler when
BITS_PER_WORD, main_input_filename and current_function_name are all equal.
So had to write an awk script to check if the first triple in the second
build appeared in the first one and the quadruple in the second build
appeared in the first one too, otherwise print result and that only
triggered in the new tests.
Also, the cc1plus binary according to objdump -dr is identical between the
two builds except for the ADDR_EXPR vs. OMP_SCAN constant in the two spots.
2024-01-16 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/113372
PR middle-end/90348
PR middle-end/110115
PR middle-end/111422
* cfgexpand.cc (add_scope_conflicts_2): New function.
(add_scope_conflicts_1): Use it.
* gcc.c-torture/execute/pr90348.c: New test.
* gcc.c-torture/execute/pr110115.c: New test.
* gcc.c-torture/execute/pr111422.c: New test.
(cherry picked from commit 1251d3957de04dc9b023a23c09400217e13deadb)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug middle-end/111422] Wrong code at -O3 on x86_64-linux-gnu
2023-09-15 7:42 [Bug tree-optimization/111422] New: Wrong code at -O3 on x86_64-linux-gnu shaohua.li at inf dot ethz.ch
` (4 preceding siblings ...)
2024-03-02 0:38 ` cvs-commit at gcc dot gnu.org
@ 2024-05-15 16:13 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-05-15 16:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111422
--- Comment #6 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Richard Biener <rguenth@gcc.gnu.org>:
https://gcc.gnu.org/g:ab25eef36400e8c1d28e3ed059c5f95a38b45f17
commit r15-517-gab25eef36400e8c1d28e3ed059c5f95a38b45f17
Author: Richard Biener <rguenther@suse.de>
Date: Wed May 15 13:06:30 2024 +0200
middle-end/111422 - wrong stack var coalescing, handle PHIs
The gcc.c-torture/execute/pr111422.c testcase after installing the
sink pass improvement reveals that we also need to handle
_65 = &g + _58; _44 = &g + _43;
# _59 = PHI <_65, _44>
*_59 = 8;
g = {v} {CLOBBER(eos)};
...
n[0] = &f;
*_59 = 8;
g = {v} {CLOBBER(eos)};
where we fail to see the conflict between n and g after the first
clobber of g. Before the sinking improvement there was a conflict
recorded on a path where _65/_44 are unused, so the real conflict
was missed but the fake one avoided the miscompile.
The following handles PHI defs in add_scope_conflicts_2 which
fixes the issue.
PR middle-end/111422
* cfgexpand.cc (add_scope_conflicts_2): Handle PHIs
by recursing to their arguments.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-05-15 16:13 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-15 7:42 [Bug tree-optimization/111422] New: Wrong code at -O3 on x86_64-linux-gnu shaohua.li at inf dot ethz.ch
2023-09-15 12:20 ` [Bug tree-optimization/111422] " rguenth at gcc dot gnu.org
2023-09-15 12:26 ` rguenth at gcc dot gnu.org
2023-09-15 12:35 ` rguenth at gcc dot gnu.org
2024-01-16 10:51 ` [Bug middle-end/111422] " cvs-commit at gcc dot gnu.org
2024-03-02 0:38 ` cvs-commit at gcc dot gnu.org
2024-05-15 16:13 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).