[Bug tree-optimization/46029] New: -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc

[Bug tree-optimization/46029] New: -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc

[zsojka at seznam dot cz]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029

           Summary: -ftree-loop-if-convert-stores causes FAIL:
                    libstdc++-v3/testsuite/ext/pb_ds/example/tree_interval
                    s.cc
           Product: gcc
           Version: 4.6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: zsojka@seznam.cz


Created attachment 22047
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=22047
preprocessed source

Output:
$ g++ -O -fstrict-aliasing -ftree-loop-if-convert-stores -std=c++0x
tree_intervalsn64.C
$ valgrind ./a.out
==26534== Invalid read of size 4
==26534==    at 0x40550D: void
some_op_sequence<__gnu_pbds::tree<std::pair<unsigned int, unsigned int>,
__gnu_pbds::null_mapped_type, std::less<std::pair<unsigned int, unsigned int>
>, __gnu_pbds::rb_tree_tag, intervals_node_update, std::allocator<char> >
>(__gnu_pbds::tree<std::pair<unsigned int, unsigned int>,
__gnu_pbds::null_mapped_type, std::less<std::pair<unsigned int, unsigned int>
>, __gnu_pbds::rb_tree_tag, intervals_node_update, std::allocator<char> >) (in
/home/smatz/gcc-bug/434/a.out)
==26534==    by 0x400A70: main (in /home/smatz/gcc-bug/434/a.out)
==26534==  Address 0x24 is not stack'd, malloc'd or (recently) free'd
==26534== 
==26534== 
==26534== Process terminating with default action of signal 11 (SIGSEGV)
==26534==  Access not within mapped region at address 0x24
==26534==    at 0x40550D: void
some_op_sequence<__gnu_pbds::tree<std::pair<unsigned int, unsigned int>,
__gnu_pbds::null_mapped_type, std::less<std::pair<unsigned int, unsigned int>
>, __gnu_pbds::rb_tree_tag, intervals_node_update, std::allocator<char> >
>(__gnu_pbds::tree<std::pair<unsigned int, unsigned int>,
__gnu_pbds::null_mapped_type, std::less<std::pair<unsigned int, unsigned int>
>, __gnu_pbds::rb_tree_tag, intervals_node_update, std::allocator<char> >) (in
/home/smatz/gcc-bug/434/a.out)
==26534==    by 0x400A70: main (in /home/smatz/gcc-bug/434/a.out)


Tested revisions:
r165354 - fail
r163636 - fail
r161659 - doen't know -ftree-loop-if-convert-stores

[Bug tree-optimization/46029] -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc

[zsojka at seznam dot cz]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029

--- Comment #1 from Zdenek Sojka <zsojka at seznam dot cz> 2010-10-15 00:53:15 UTC ---
Created attachment 22048
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=22048
hopefully reduced testcase

$ g++ -O -ftree-loop-if-convert-stores pr46029.C
$ ./a.out 
Segmentation fault

In the assembly, with -ftree-loop-if-convert-stores, "nd_it.get_l_child
().get_metadata ()" in apply_update() is loaded unconditionally.

62a64
>       mov     esi, 0  # tmp69,
64,69c66,70
<       mov     rcx, QWORD PTR [rax]    # D.2294, p_nd_32->m_p_left
<       mov     edx, 0  # l_max_endpoint,
<       test    rcx, rcx        # D.2294
<       je      .L3     #,
<       mov     edx, DWORD PTR [rcx+16] # l_max_endpoint, MEM[(unsigned int
&)D.2294_12 + 16]
< .L3:
---
>       mov     rdx, QWORD PTR [rax]    # D.2294, p_nd_32->m_p_left
>       mov     ecx, DWORD PTR [rdx+16] # l_max_endpoint, MEM[(unsigned int &)D.2294_12 + 16]
>       test    rdx, rdx        # D.2294
>       mov     edx, esi        # l_max_endpoint, tmp69
>       cmovne  edx, ecx        # l_max_endpoint,, l_max_endpoint

In the first case, memory is not accessed if the pointer is NULL, but in the
second, "mov ecx, DWORD PTR [rdx+16]" reads invalid memory.

[Bug tree-optimization/46029] -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc

[zsojka at seznam dot cz]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029

Zdenek Sojka <zsojka at seznam dot cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #22048|0                           |1
        is obsolete|                            |

--- Comment #2 from Zdenek Sojka <zsojka at seznam dot cz> 2010-10-15 09:52:00 UTC ---
Created attachment 22049
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=22049
more reduced testcase

Interestingly, when the code is moved out of the explicit anonymous namespace,
it works.
The difference is asm is same as in previous testcase. This one should be just
more readable.

[Bug tree-optimization/46029] -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc

[spop at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029

Sebastian Pop <spop at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |ASSIGNED
   Last reconfirmed|                            |2010.12.23 17:20:47
         AssignedTo|unassigned at gcc dot       |spop at gcc dot gnu.org
                   |gnu.org                     |
     Ever Confirmed|0                           |1

--- Comment #3 from Sebastian Pop <spop at gcc dot gnu.org> 2010-12-23 17:20:47 UTC ---
This bug is fixed by the rewrite of the if-convert-stores patch:
http://gcc.gnu.org/ml/gcc-patches/2010-11/msg00304.html

[Bug tree-optimization/46029] -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc

[alalaw01 at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029

alalaw01 at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |alalaw01 at gcc dot gnu.org

--- Comment #4 from alalaw01 at gcc dot gnu.org ---
I'm still seeing this problem with -ftree-loop-if-convert-stores, introducing
faults by converting conditional to unconditional loads. It doesn't look as if
Sebastian Pop's patches went in (after being approved,
https://gcc.gnu.org/ml/gcc-patches/2010-11/msg01670.html). Can anyone shed any
light on this?

[Bug tree-optimization/46029] -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc

[spop at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029

--- Comment #5 from Sebastian Pop <spop at gcc dot gnu.org> ---
Maybe the patch was not committed because it was not ready before stage3:
"GCC 4.6 Stage 3 (starts 2010-11-03)".  I will update the patch and resubmit
for review.

[Bug tree-optimization/46029] -ftree-loop-if-convert-stores causes FAIL: libstdc++-v3/testsuite/ext/pb_ds/example/tree_intervals.cc

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=46029

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |7.0
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #8 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
r7-4646 removed -ftree-loop-if-convert-stores option support.

Note it might have been fixed with r6-5362.