public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/114206] New: GCC generates wrong-code
@ 2024-03-02 9:06 congli at smail dot nju.edu.cn
2024-03-02 9:13 ` [Bug tree-optimization/114206] " pinskia at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: congli at smail dot nju.edu.cn @ 2024-03-02 9:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
Bug ID: 114206
Summary: GCC generates wrong-code
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: congli at smail dot nju.edu.cn
Target Milestone: ---
The program shown below presents a wrong code bug, where the correct results
should be "f(0, NULL) = 0" while `-Os -fno-tree-ccp -fno-tree-copy-prop
-fno-tree-forwprop -fno-tree-fre -fno-tree-vrp` prints "f(0, NULL) = 1".
```
#include <stdio.h>
int f(int t, const int *a) {
const int b[4] = {0};
if (t == 0) {
return f(1, b);
} else {
return b == a;
}
}
int main(void) {
printf("f(0, NULL) = %d\n", f(0, NULL));
}
```
Compiler Explorer: https://gcc.godbolt.org/z/W164xWMrP
We checked the assembly, finding that it is weird that the compiler generates a
`cmove` instruction. See explanations below:
```
f:
leaq -16(%rsp), %rax -> RAX = RSP-16
testl %edi, %edi -> we called f(0, NULL); %edi = 0, ZF = 1
cmove %rax, %rsi -> condition fulfilled; RSI=RAX=RSP-16; weird
generation
cmpq %rax, %rsi -> RSI=RAX; ZF=1
sete %al -> AL = 1
movzbl %al, %eax -> EAX = 1 (error)
ret
```
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/114206] GCC generates wrong-code
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
@ 2024-03-02 9:13 ` pinskia at gcc dot gnu.org
2024-03-02 9:27 ` [Bug tree-optimization/114206] recursive function call vs local variable addresses congli at smail dot nju.edu.cn
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-03-02 9:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|c |tree-optimization
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
I think both 0 and 1 are correct here.
The question becomes does the address of b need to be different between
different calls of f. I am not 100% convinced it needs to be different.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/114206] recursive function call vs local variable addresses
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
2024-03-02 9:13 ` [Bug tree-optimization/114206] " pinskia at gcc dot gnu.org
@ 2024-03-02 9:27 ` congli at smail dot nju.edu.cn
2024-03-02 9:36 ` congli at smail dot nju.edu.cn
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: congli at smail dot nju.edu.cn @ 2024-03-02 9:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
--- Comment #2 from congli <congli at smail dot nju.edu.cn> ---
That's correct. But I think it is not that reasonable if we treat the `b` like
`b` is a `static const` variable rather than a `const` variable? Any documents
telling this?
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/114206] recursive function call vs local variable addresses
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
2024-03-02 9:13 ` [Bug tree-optimization/114206] " pinskia at gcc dot gnu.org
2024-03-02 9:27 ` [Bug tree-optimization/114206] recursive function call vs local variable addresses congli at smail dot nju.edu.cn
@ 2024-03-02 9:36 ` congli at smail dot nju.edu.cn
2024-03-02 11:06 ` xry111 at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: congli at smail dot nju.edu.cn @ 2024-03-02 9:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
--- Comment #3 from congli <congli at smail dot nju.edu.cn> ---
How about this one: https://gcc.godbolt.org/z/Wvhddb7nf?
We ensured the two `b`s are different at each f() call.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/114206] recursive function call vs local variable addresses
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
` (2 preceding siblings ...)
2024-03-02 9:36 ` congli at smail dot nju.edu.cn
@ 2024-03-02 11:06 ` xry111 at gcc dot gnu.org
2024-03-02 15:15 ` arsen at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: xry111 at gcc dot gnu.org @ 2024-03-02 11:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
Xi Ruoyao <xry111 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
CC| |xry111 at gcc dot gnu.org
--- Comment #4 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #1)
> I think both 0 and 1 are correct here.
>
> The question becomes does the address of b need to be different between
> different calls of f. I am not 100% convinced it needs to be different.
It looks like they needs to be different as they refer different objects and
the lifetime of both object has still not ended when comparing them.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/114206] recursive function call vs local variable addresses
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
` (3 preceding siblings ...)
2024-03-02 11:06 ` xry111 at gcc dot gnu.org
@ 2024-03-02 15:15 ` arsen at gcc dot gnu.org
2024-03-04 9:54 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: arsen at gcc dot gnu.org @ 2024-03-02 15:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
Arsen Arsenović <arsen at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |arsen at gcc dot gnu.org
--- Comment #5 from Arsen Arsenović <arsen at gcc dot gnu.org> ---
(In reply to Xi Ruoyao from comment #4)
> It looks like they needs to be different as they refer different objects and
> the lifetime of both object has still not ended when comparing them.
this seems the case to me also
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/114206] recursive function call vs local variable addresses
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
` (4 preceding siblings ...)
2024-03-02 15:15 ` arsen at gcc dot gnu.org
@ 2024-03-04 9:54 ` rguenth at gcc dot gnu.org
2024-03-04 17:31 ` [Bug tree-optimization/114206] [11/12/13/14 Regression] " pinskia at gcc dot gnu.org
2024-03-05 12:14 ` jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-03-04 9:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Last reconfirmed| |2024-03-04
--- Comment #6 from Richard Biener <rguenth at gcc dot gnu.org> ---
So we simplify this and RTL expand from
int f (int t, const int * a)
{
const int b[4];
_Bool _1;
int _8;
<bb 2> [local count: 1073741824]:
if (t_3(D) == 0)
goto <bb 3>; [49.25%]
else
goto <bb 4>; [50.75%]
<bb 3> [local count: 528857912]:
<bb 4> [local count: 1073741824]:
# a_11 = PHI <a_5(D)(2), &b(3)>
_1 = &b == a_11;
_8 = (int) _1;
b ={v} {CLOBBER(eos)};
return _8;
We apply tail-recursion optimization here which coalescs both slots which
are used just by their address. IIRC tail-recursion analysis uses alias
analysis to be able to handle some cases where TREE_ADDRESSABLE vars are
passed.
We miss considering variables live that are passed by reference (but otherwise
are "unused").
As you needed to cut off quite some optimizations to early simplify the
b == a compare this is a bit academic or needs much more obfuscation of the
compare to actually matter.
But yes, it's a bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/114206] [11/12/13/14 Regression] recursive function call vs local variable addresses
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
` (5 preceding siblings ...)
2024-03-04 9:54 ` rguenth at gcc dot gnu.org
@ 2024-03-04 17:31 ` pinskia at gcc dot gnu.org
2024-03-05 12:14 ` jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-03-04 17:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to work| |4.5.3
Summary|recursive function call vs |[11/12/13/14 Regression]
|local variable addresses |recursive function call vs
| |local variable addresses
Target Milestone|--- |11.5
Known to fail| |4.6.3, 4.7.3, 5.1.0
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug tree-optimization/114206] [11/12/13/14 Regression] recursive function call vs local variable addresses
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
` (6 preceding siblings ...)
2024-03-04 17:31 ` [Bug tree-optimization/114206] [11/12/13/14 Regression] " pinskia at gcc dot gnu.org
@ 2024-03-05 12:14 ` jakub at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-03-05 12:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114206
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hubicka at gcc dot gnu.org,
| |jakub at gcc dot gnu.org
Priority|P3 |P2
--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Started with r0-92161-g33977f81620a3e495be87d0381544f8ad26b2782
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-03-05 12:14 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-02 9:06 [Bug c/114206] New: GCC generates wrong-code congli at smail dot nju.edu.cn
2024-03-02 9:13 ` [Bug tree-optimization/114206] " pinskia at gcc dot gnu.org
2024-03-02 9:27 ` [Bug tree-optimization/114206] recursive function call vs local variable addresses congli at smail dot nju.edu.cn
2024-03-02 9:36 ` congli at smail dot nju.edu.cn
2024-03-02 11:06 ` xry111 at gcc dot gnu.org
2024-03-02 15:15 ` arsen at gcc dot gnu.org
2024-03-04 9:54 ` rguenth at gcc dot gnu.org
2024-03-04 17:31 ` [Bug tree-optimization/114206] [11/12/13/14 Regression] " pinskia at gcc dot gnu.org
2024-03-05 12:14 ` jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).