[Bug target/114492] New: Invalid use of gcc_assert (notably in gcc/config/aarch64/aarch64-ldp-fusion.cc)

[Bug target/114492] New: Invalid use of gcc_assert (notably in gcc/config/aarch64/aarch64-ldp-fusion.cc)

[hp at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114492

            Bug ID: 114492
           Summary: Invalid use of gcc_assert (notably in
                    gcc/config/aarch64/aarch64-ldp-fusion.cc)
           Product: gcc
           Version: 13.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: hp at gcc dot gnu.org
                CC: acoplan at gcc dot gnu.org
  Target Milestone: ---
            Target: aarch64

I've noticed invalid uses of gcc_assert in
gcc/config/aarch64/aarch64-ldp-fusion.cc.  Please be advised that the argument
is *not* evaluated with release checking; I believe most uses can be cured by
breaking out the call; i.e. replacing an invalid call:

gcc_assert (function_that_needs_to_be_called_but_most_certainly_returns_true())

with:

bool x = function_that_needs_to_be_called_but_most_certainly_returns_true ();
gcc_assert (x).

(Probably not the only file, just the one I've been looking at, for reasons,
and I thought better enter a bug report, just not going to fix it myself.)

Incidentally, I think "we" ought to add something to gcc that automatically
checks and warns for such invalid use.  There may be a need to implement a
builtin to check that an expression X does not have side-effects, for use both
within gcc in gcc_assert and user-visible, for implementations of assert; say
__builtin_pure_p (X).  (The name is ripe to bike-shedding, just choosing a mix
of __builtin_constant_p and the "pure" attribute.)

[Bug target/114492] Invalid use of gcc_assert (notably in gcc/config/aarch64/aarch64-ldp-fusion.cc)

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114492

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2024-03-27

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
>Please be advised that the argument is *not* evaluated with release checking

Actually it is evaluated with release checking as release checking enables
assert checking.
But it is not evaluated for `--without-checking` or `--with-checking=none`.

It has been done that way since release checking was added in
r0-61420-ge1bbfc5cc2dd04 .

Before that yes assert checking was NOT enabled for releases.



The 2 I see which might be an issue is:
  gcc_assert (crtl->ssa->verify_insn_changes (changes));

    gcc_assert (rtl_ssa::restrict_movement_ignoring (*changes[i],
is_changing));

[Bug target/114492] Invalid use of gcc_assert (notably in gcc/config/aarch64/aarch64-ldp-fusion.cc)

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114492

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://gcc.gnu.org/bugzill
                   |                            |a/show_bug.cgi?id=29862

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
PR 29862 listed at least one in the past.

[Bug target/114492] Invalid use of gcc_assert (notably in gcc/config/aarch64/aarch64-ldp-fusion.cc)

[hp at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114492

--- Comment #3 from Hans-Peter Nilsson <hp at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #1)
> >Please be advised that the argument is *not* evaluated with release checking
> 
> Actually it is evaluated with release checking as release checking enables
> assert checking.

Ah, I should have followed ENABLE_ASSERT_CHECKING.  Still worrisome.

> The 2 I see which might be an issue is:
>   gcc_assert (crtl->ssa->verify_insn_changes (changes));
> 
>     gcc_assert (rtl_ssa::restrict_movement_ignoring (*changes[i],
> is_changing));

(Four instances, two each of these two.)

[Bug target/114492] Invalid use of gcc_assert (notably in gcc/config/aarch64/aarch64-ldp-fusion.cc)

[acoplan at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114492

Alex Coplan <acoplan at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |acoplan at gcc dot gnu.org

--- Comment #4 from Alex Coplan <acoplan at gcc dot gnu.org> ---
I think these should be OK. In the case of:

  for (unsigned i = 0; i < changes.length (); i++)
    gcc_assert (rtl_ssa::restrict_movement_ignoring (*changes[i],
is_changing));

I think this is OK because the pass guarantees to have chosen a singleton move
range for the pair, so we don't rely on the call to restrict_movement_ignoring
updating the move range for any of the changes.  Other changes in the set are
either deletions or no-ops in terms of movement.  So we call this purely for
checking purposes to make sure we're not attempting something invalid.

Similarly in the case of:

  gcc_assert (crtl->ssa->verify_insn_changes (changes));

this is OK because the function doesn't have side effects (other than possibly
dumping).

Discussing this offline with Richard S he suggested asserting that we have
singleton move ranges before calling restrict_movement_ignoring to make that
case more obviously correct, so mine for that improvement (but either way I
think this should be OK).