public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
@ 2011-04-26 10:31 zsojka at seznam dot cz
2011-04-26 12:19 ` [Bug middle-end/48770] " rguenth at gcc dot gnu.org
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: zsojka at seznam dot cz @ 2011-04-26 10:31 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
Summary: [4.7 Regression] wrong code with -O -fprofile-arcs
-fPIC -fno-dce -fno-forward-propagate
-fno-tree-forwprop
Product: gcc
Version: 4.7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: zsojka@seznam.cz
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Created attachment 24101
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24101
reduced testcase (from g++.dg/bprob/g++-bprob-1.C)
Compiler output:
$ rm *.gcda
$ g++ -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate
-fno-tree-forwprop testcase.C
$ valgrind -q ./a.out
==5350== Invalid read of size 8
==5350== at 0x400D51: test_goto2(int) (testcase.C:10)
==5350== by 0x400D7E: main (testcase.C:14)
==5350== Address 0x8 is not stack'd, malloc'd or (recently) free'd
Segmentation fault
Fails only when compiled as C++ code.
Tested revisions:
r172940 - fail
4.6 r172337 - OK
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
@ 2011-04-26 12:19 ` rguenth at gcc dot gnu.org
2011-04-26 14:59 ` zsojka at seznam dot cz
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu.org @ 2011-04-26 12:19 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
Richard Guenther <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |4.7.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
2011-04-26 12:19 ` [Bug middle-end/48770] " rguenth at gcc dot gnu.org
@ 2011-04-26 14:59 ` zsojka at seznam dot cz
2011-04-26 20:04 ` pinskia at gcc dot gnu.org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: zsojka at seznam dot cz @ 2011-04-26 14:59 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
--- Comment #1 from Zdenek Sojka <zsojka at seznam dot cz> 2011-04-26 14:57:08 UTC ---
(gdb) disassemble
...
0x0000000000400d06 <+18>: addq $0x1,(%rax)
0x0000000000400d0a <+22>: mov $0x8,%eax
0x0000000000400d0f <+27>: test %edi,%edi
0x0000000000400d11 <+29>: jne 0x400d51 <test_goto2(int)+93>
...
0x0000000000400d50 <+92>: retq
=> 0x0000000000400d51 <+93>: mov (%rax),%rcx
0x0000000000400d54 <+96>: add $0x1,%rcx
0x0000000000400d58 <+100>: mov 0x202461(%rip),%rdx # 0x6031c0
0x0000000000400d5f <+107>: mov $0x1,%eax
0x0000000000400d64 <+112>: jmp 0x400d15 <test_goto2(int)+33>
In the asm output, the problem is apparent (comparing trunk and 4.6 output) -
the only difference is:
73,75c73,76
< mov rcx, QWORD PTR [rax] # *.LPBX1_I_lsm.7, *.LPBX1
< add rcx, 1 # *.LPBX1_I_lsm.7,
< mov rdx, QWORD PTR .LPBX1[rip+32] # *.LPBX1_I_lsm.6, *.LPBX1
---
> lea rax, .LPBX1[rip+24] # tmp113,
> mov rcx, QWORD PTR [rax] # *.LPBX1, *.LPBX1
> add rcx, 1 # *.LPBX1_I_lsm.4,
> mov rdx, QWORD PTR .LPBX1[rip+32] # *.LPBX1_I_lsm.3, *.LPBX1
Instruction "lea" is missing, and rax contains value 8.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
2011-04-26 12:19 ` [Bug middle-end/48770] " rguenth at gcc dot gnu.org
2011-04-26 14:59 ` zsojka at seznam dot cz
@ 2011-04-26 20:04 ` pinskia at gcc dot gnu.org
2011-05-10 11:44 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu.org @ 2011-04-26 20:04 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2011.04.26 20:03:25
Ever Confirmed|0 |1
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> 2011-04-26 20:03:25 UTC ---
Here is one that fails with the C front-end:
int test_goto2 (int f)
{
int i;
for (i = 0; ({_Bool a = i < 10;a;}); i++)
{
if (i == f)
goto lab2;
}
return 4;
lab2:
return 8;
}
int main ()
{
test_goto2 (30);
return 0;
}
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
` (2 preceding siblings ...)
2011-04-26 20:04 ` pinskia at gcc dot gnu.org
@ 2011-05-10 11:44 ` jakub at gcc dot gnu.org
2011-05-10 12:27 ` jakub at gcc dot gnu.org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-05-10 11:44 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-05-10 11:37:33 UTC ---
Started with:
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=171111
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
` (3 preceding siblings ...)
2011-05-10 11:44 ` jakub at gcc dot gnu.org
@ 2011-05-10 12:27 ` jakub at gcc dot gnu.org
2011-05-10 13:35 ` law at redhat dot com
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-05-10 12:27 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-05-10 11:46:34 UTC ---
*.asmcons is identical in between r171110 and r171111, *.ira already looks
wrong (no setting of %rax to 24+.LPBX1, or changing the (%rax) address to
24+.LPBX1).
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
` (4 preceding siblings ...)
2011-05-10 12:27 ` jakub at gcc dot gnu.org
@ 2011-05-10 13:35 ` law at redhat dot com
2011-05-10 16:29 ` law at redhat dot com
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: law at redhat dot com @ 2011-05-10 13:35 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |law at redhat dot com
--- Comment #5 from Jeffrey A. Law <law at redhat dot com> 2011-05-10 13:13:33 UTC ---
Thanks. I'm more than happy to take it from here...
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
` (5 preceding siblings ...)
2011-05-10 13:35 ` law at redhat dot com
@ 2011-05-10 16:29 ` law at redhat dot com
2011-06-23 21:31 ` law at gcc dot gnu.org
2011-06-23 21:32 ` law at redhat dot com
8 siblings, 0 replies; 10+ messages in thread
From: law at redhat dot com @ 2011-05-10 16:29 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
AssignedTo|unassigned at gcc dot |law at redhat dot com
|gnu.org |
--- Comment #6 from Jeffrey A. Law <law at redhat dot com> 2011-05-10 15:52:15 UTC ---
We have a block-local equivalence between a pseudo and a memory location:
(insn 86 85 87 9 (set (reg/f:DI 0 ax [113])
(const:DI (plus:DI (symbol_ref:DI ("*.LPBX1") [flags 0x2] <var_decl
0x7ffff7dec3c0 *.LPBX1>)
(const_int 8 [0x8])))) 62 {*movdi_internal_rex64}
(expr_list:REG_EQUIV (const:DI (plus:DI (symbol_ref:DI ("*.LPBX1") [flags
0x2] <var_decl 0x7ffff7dec3c0 *.LPBX1>)
(const_int 8 [0x8])))
(nil)))
(insn 87 86 88 9 (set (reg:DI 114 [ *.LPBX1+8 ])
(mem/s/j/c:DI (reg/f:DI 0 ax [113]) [0 *.LPBX1+8 S8 A64])) 62
{*movdi_internal_rex64}
(expr_list:REG_DEAD (reg/f:DI 0 ax [113])
(expr_list:REG_EQUIV (mem/s/j/c:DI (reg/f:DI 0 ax [113]) [0 *.LPBX1+8
S8 A64])
(nil))))
(insn 88 87 91 9 (parallel [
(set (reg:DI 2 cx [orig:95 *.LPBX1_I_lsm.5 ] [95])
(plus:DI (reg:DI 114 [ *.LPBX1+8 ])
(const_int 1 [0x1])))
(clobber (reg:CC 17 flags))
]) 253 {*adddi_1}
(expr_list:REG_DEAD (reg:DI 114 [ *.LPBX1+8 ])
(expr_list:REG_UNUSED (reg:CC 17 flags)
(expr_list:REG_EQUAL (plus:DI (mem/s/j/c:DI (const:DI (plus:DI
(symbol_ref:DI ("*.LPBX1") [flags 0x2] <var_decl 0x7ffff7dec3c0 *.LPBX1>)
(const_int 8 [0x8]))) [0 *.LPBX1+8 S8 A64])
(const_int 1 [0x1]))
(nil)))))
reg114 is marked as equivalent to (mem (reg 113)); reg114 does not get a hard
reg. As usual, reload deletes the insn that creates the equivalence between
reg114 and its memory location (insn 87). delete_dead_insn decides to peek at
insn86 and decides that insn86 is dead as well, which removes the
initialization of reg113.
Later reg114 is replaced with its equivalent memory location which results in
an uninitialized reference to reg113 and reading from an invalid memory
location and the segfault.
What's interesting here is delete_dead_insn's behavior -- it's been like this
since circa 1991, well before we ran any kind of real dead code elimination
after reload. The solution *may* be to remove the recursion in
delete_dead_insn. I'm still investigating.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
` (6 preceding siblings ...)
2011-05-10 16:29 ` law at redhat dot com
@ 2011-06-23 21:31 ` law at gcc dot gnu.org
2011-06-23 21:32 ` law at redhat dot com
8 siblings, 0 replies; 10+ messages in thread
From: law at gcc dot gnu.org @ 2011-06-23 21:31 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
--- Comment #7 from Jeffrey A. Law <law at gcc dot gnu.org> 2011-06-23 21:30:23 UTC ---
Author: law
Date: Thu Jun 23 21:30:20 2011
New Revision: 175353
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=175353
Log:
PR middle-end/48770
* reload.h (reload): Change to return a bool.
* ira.c (ira): If requested by reload, run a fast DCE pass after
reload has completed. Fix comment typo.
* reload1.c (need_dce): New file scoped static.
(reload): Set reload_completed here. Return whether or not a DCE
pass after reload is needed.
(delete_dead_insn): Set need_dce as needed.
PR middle-end/48770
* gcc.dg/pr48770.c: New test.
Added:
trunk/gcc/testsuite/gcc.dg/pr48770.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/ira.c
trunk/gcc/reload.h
trunk/gcc/reload1.c
trunk/gcc/testsuite/ChangeLog
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/48770] [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
` (7 preceding siblings ...)
2011-06-23 21:31 ` law at gcc dot gnu.org
@ 2011-06-23 21:32 ` law at redhat dot com
8 siblings, 0 replies; 10+ messages in thread
From: law at redhat dot com @ 2011-06-23 21:32 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48770
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--- Comment #8 from Jeffrey A. Law <law at redhat dot com> 2011-06-23 21:31:31 UTC ---
Fixed
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2011-06-23 21:32 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-04-26 10:31 [Bug middle-end/48770] New: [4.7 Regression] wrong code with -O -fprofile-arcs -fPIC -fno-dce -fno-forward-propagate -fno-tree-forwprop zsojka at seznam dot cz
2011-04-26 12:19 ` [Bug middle-end/48770] " rguenth at gcc dot gnu.org
2011-04-26 14:59 ` zsojka at seznam dot cz
2011-04-26 20:04 ` pinskia at gcc dot gnu.org
2011-05-10 11:44 ` jakub at gcc dot gnu.org
2011-05-10 12:27 ` jakub at gcc dot gnu.org
2011-05-10 13:35 ` law at redhat dot com
2011-05-10 16:29 ` law at redhat dot com
2011-06-23 21:31 ` law at gcc dot gnu.org
2011-06-23 21:32 ` law at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).