[Bug c/43456] New: gcc -O code generation error

[Bug c/43456] New: gcc -O code generation error

[gccbug at dworkin dot nl]

gcc configuration:

Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.4.3-3ubuntu3'
--with-bugurl=file:///usr/share/doc/gcc-4.4/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared
--enable-multiarch --enable-linker-build-id --with-system-zlib
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.4 --program-suffix=-4.4 --enable-nls
--enable-clocale=gnu --enable-libstdcxx-debug --enable-plugin --enable-objc-gc
--enable-targets=all --disable-werror --with-arch-32=i486 --with-tune=generic
--enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu
--target=i486-linux-gnu
Thread model: posix
gcc version 4.4.3 (Ubuntu 4.4.3-3ubuntu3) 

The bug occurs with all gcc 4.x versions I tried (4.0.1 on OS X, 4.2.1 on OS X,
4.3.3 on OpenSolaris,
4.4.1 on Ubuntu 9.10) but NOT with gcc 3.4.3 on Solaris 10. I have reproduced
it on i386 and PPC platforms.

To reproduce, compile the code below.  The bug occurs in generating the code
for foo(). Without -O, the begin and end values are identical; with -O, they
are not.  I'm sorry if the code is a bit hard to read, it was compiled to C
from a different language.

Regards,
Felix Croes


# include <stdio.h>

typedef int Int;
typedef unsigned int Uint;

typedef char bool;
typedef struct _string_ string;
typedef struct _array_ array;
typedef struct _object_ object;
typedef struct _value_ value;
typedef struct _control_ control;
typedef struct _dataplane_ dataplane;
typedef struct _dataspace_ dataspace;
typedef struct _frame_ frame;
typedef unsigned short uindex;
typedef uindex sector;
typedef unsigned short ssizet;
typedef char eindex;

typedef struct _rlinfo_ {
    Int maxdepth;
    Int ticks;
    bool nodepth;
    bool noticks;
    struct _rlinfo_ *next;
} rlinfo;
struct _frame_ {
    frame *prev;
    uindex oindex;
    array *lwobj;
    control *ctrl;
    dataspace *data;
    control *p_ctrl;
    unsigned short p_index;
    unsigned short nargs;
    bool external;
    bool sos;
    uindex foffset;
    struct _dfuncdef_ *func;
    char *prog;
    char *pc;
    value *stack;
    value *sp;
    value *lip;
    value *argp;
    value *fp;
    Int depth;
    rlinfo *rlim;
    Int level;
    bool atomic;
};
struct _value_ {
    char type;
    bool modified;
    uindex oindex;
    union {
 Int number;
 Uint objcnt;
 string *string;
 array *array;
 value *lval;
    } u;
};

extern void i_push_value (frame*, value*);
extern void i_index (frame*);
extern void i_funcall (frame*, object*, array*, int, int, int);

void foo(f)
register frame *f;
{
register Int ivar3 = 0;
register Int ivar10 = 1;
register Int ivar11 = 2;

(ivar11 |= (((i_push_value(f, (f->fp - 1)),
(--f->sp)->type = 0x01, f->sp->u.number = ((Int) 0x1L), i_index(f),
(--f->sp)->type = 0x01, f->sp->u.number = ((Int) 0x8L), kf_and(f),
(f->sp++)->u.number) ? ((Int) 0x1L) : ((Int) 0x0L)) | (((--f->sp)->type = 0x01,
f->sp->u.number = ivar10,
(f->argp + 3)->u.number = ivar3,
i_funcall(f, (object *) ((void *)0), (array *) ((void *)0), 0, 5 , 1),
(f->sp++)->u.number) ? ((Int) 0x4L) : ((Int) 0x0L))));
}

void i_push_value(f, v)
frame *f;
value *v;
{
    --f->sp;
}

void i_index(f)
frame *f;
{
    f->sp++;
}

int kf_and(f)
frame *f;
{
    f->sp++;
}

void i_funcall(f, obj, arr, a, b, c)
frame *f;
object *obj;
array *arr;
int a, b, c;
{
}

main()
{
    frame f;
    value stack[100];

    f.sp = f.argp = stack + 50;
    printf("begin %08x\n", f.sp);
    foo(&f);
    printf("end %08x\n", f.sp);
}


-- 
           Summary: gcc -O code generation error
           Product: gcc
           Version: 4.4.3
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: gccbug at dworkin dot nl
 GCC build triplet: Linux ubuntu 2.6.32-16-generic #25-Ubuntu SMP Tue Mar 9
                    16:33:52
  GCC host triplet: Linux ubuntu 2.6.32-16-generic #25-Ubuntu SMP Tue Mar 9
                    16:33:52
GCC target triplet: Linux ubuntu 2.6.32-16-generic #25-Ubuntu SMP Tue Mar 9
                    16:33:52


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[pinskia at gcc dot gnu dot org]

------- Comment #1 from pinskia at gcc dot gnu dot org  2010-03-20 20:40 -------
(f->sp++)->u.number) ? ((Int) 0x1L) : ((Int) 0x0L)) | (((--f->sp)->type = 0x01,
f->sp->u.number = ivar10,
(f->argp + 3)->u.number = ivar3,
i_funcall(f, (object *) ((void *)0), (array *) ((void *)0), 0, 5 , 1),
(f->sp++)->u.number) ? ((Int) 0x4L) : ((Int) 0x0L))));


I almost want to say there is no sequence point between the modifications of
f->sp in the above code. I cannot remember the rules for ?: and sequence points
right now.  If there is none, then this code is undefined and the bug is
invalid.  Otherwise we are missing that point of the sequence point.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[rguenth at gcc dot gnu dot org]

------- Comment #2 from rguenth at gcc dot gnu dot org  2010-03-20 20:53 -------
(In reply to comment #1)
> (f->sp++)->u.number) ? ((Int) 0x1L) : ((Int) 0x0L)) | (((--f->sp)->type = 0x01,
> f->sp->u.number = ivar10,
> (f->argp + 3)->u.number = ivar3,
> i_funcall(f, (object *) ((void *)0), (array *) ((void *)0), 0, 5 , 1),
> (f->sp++)->u.number) ? ((Int) 0x4L) : ((Int) 0x0L))));
> 
> 
> I almost want to say there is no sequence point between the modifications of
> f->sp in the above code. I cannot remember the rules for ?: and sequence points
> right now.  If there is none, then this code is undefined and the bug is
> invalid.  Otherwise we are missing that point of the sequence point.

There's a sequence point after evaluating the first operand.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[pinskia at gcc dot gnu dot org]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 443 bytes --]



------- Comment #3 from pinskia at gcc dot gnu dot org  2010-03-20 20:59 -------
>There's a sequence point after evaluating the first operand.

With -W -Wall, I get:
t.c:79:58: warning: operation on ‘f->sp’ may be undefined

Looks like that is the issue.
So there might be still an missing sequence point.  I am going to reformat that
line to see if there is one missing.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[rguenth at gcc dot gnu dot org]

------- Comment #4 from rguenth at gcc dot gnu dot org  2010-03-20 21:01 -------
Seems to be the simple-minded CSE that gimplification performs, of f->sp.


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |wrong-code
      Known to fail|                            |4.5.0


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[pinskia at gcc dot gnu dot org]

------- Comment #5 from pinskia at gcc dot gnu dot org  2010-03-20 21:16 -------
I cannot follow the () correctly.  There is no sequence point here because it
is a | separating the modifications of f->sp.  So this is not a bug in GCC but
a bug in your code.


-- 

pinskia at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |INVALID


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[pinskia at gcc dot gnu dot org]

------- Comment #6 from pinskia at gcc dot gnu dot org  2010-03-20 21:18 -------
Just to clarify we have:
((i_push_value(f, (f->fp - 1)),
(--f->sp)->type = 0x01, f->sp->u.number = ((Int) 0x1L), i_index(f),
(--f->sp)->type = 0x01, f->sp->u.number = ((Int) 0x8L), kf_and(f),

(f->sp++)->u.number) ? ((Int) 0x1L) : ((Int) 0x0L))

Followed by:
(((--f->sp)->type = 0x01, f->sp->u.number = ivar10, (f->argp + 3)->u.number =
ivar3, i_funcall(f, (object *) ((void *)0), (array *) ((void *)0), 0, 5 , 1),
(f->sp++)->u.number) ? ((Int) 0x4L) : ((Int) 0x0L))

And those are combined with a | so we don't have a sequence point between those
expressions so the warning is correct and GCC is correct for -O0 and -O1
because of the missing sequence point.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[gccbug at dworkin dot nl]

------- Comment #7 from gccbug at dworkin dot nl  2010-03-20 21:51 -------
Subject: Re:  gcc -O code generation error

To clarify even further, we have

(..., (f->sp++)->u.number [SEQUENCE POINT] ? 1 : 0) |
(..., (f->sp++)->u.number [SEQUENCE POINT] ? 4 : 0)

So the modifications of f->sp are before the sequence point.  If
gcc -W -Wall warns about this part of the expression, that warning is
wrong, as well.

Regards,
Felix Croes


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[pinskia at gcc dot gnu dot org]

------- Comment #8 from pinskia at gcc dot gnu dot org  2010-03-20 21:54 -------
(In reply to comment #7)
> Subject: Re:  gcc -O code generation error
> 
> To clarify even further, we have
> 
> (..., (f->sp++)->u.number [SEQUENCE POINT] ? 1 : 0) |
> (..., (f->sp++)->u.number [SEQUENCE POINT] ? 4 : 0)
> 
> So the modifications of f->sp are before the sequence point.  If
> gcc -W -Wall warns about this part of the expression, that warning is
> wrong, as well.

No, we have a | b.  There is an order inside a and b but no order between a and
b. 


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[gccbug at dworkin dot nl]

------- Comment #9 from gccbug at dworkin dot nl  2010-03-20 23:14 -------
Subject: Re:  gcc -O code generation error

> No, we have a | b.  There is an order inside a and b but no order between a and
> b. 

That's depressing.  C99 says in 5.1.2.3:

    Evaluation of an expression may produce side effects. At certain
    specified points in the execution sequence called sequence points,
    all side effects of previous evaluations shall be complete and no
    side effects of subsequent evaluations shall have taken place.

I had taken this to mean a full ordering, not a partial one.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[pinskia at gcc dot gnu dot org]

------- Comment #10 from pinskia at gcc dot gnu dot org  2010-03-20 23:19 -------
Oh yes the partial vs full order issue.
There is a nice paper about this:
http://www.open-std.org/JTC1/SC22/wg14/www/docs/n926.htm
12.3 is the part which I think explains it all.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456

[Bug c/43456] gcc -O code generation error

[joseph at codesourcery dot com]

------- Comment #11 from joseph at codesourcery dot com  2010-03-20 23:46 -------
Subject: Re:  gcc -O code generation error

I advise referring to
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1252.htm
which is what has been integrated in C1X.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43456