From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-384985-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 31512 invoked by alias); 1 Mar 2012 11:05:56 -0000
Received: (qmail 31412 invoked by uid 22791); 1 Mar 2012 11:05:54 -0000
X-SWARE-Spam-Status: No, hits=-2.8 required=5.0	tests=ALL_TRUSTED,AWL,BAYES_00
X-Spam-Check-By: sourceware.org
Received: from localhost (HELO gcc.gnu.org) (127.0.0.1)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 01 Mar 2012 11:05:41 +0000
From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/52448] New: [4.4/4.5/4.6/4.7 Regression] cselim broken with calls
Date: Thu, 01 Mar 2012 11:05:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Keywords: wrong-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jakub at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Changed-Fields:
Message-ID: <bug-52448-4@http.gcc.gnu.org/bugzilla/>
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2012-03/txt/msg00038.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52448

             Bug #: 52448
           Summary: [4.4/4.5/4.6/4.7 Regression] cselim broken with calls
    Classification: Unclassified
           Product: gcc
           Version: 4.7.0
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: tree-optimization
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: jakub@gcc.gnu.org


extern void abort (void);
extern void *malloc (__SIZE_TYPE__);
extern void free (void *);

__attribute__((noinline, noclone)) void
bar (char *x, int y)
{
  if (*x != '\n')
    abort ();
  if (y == 0)
    free (x);
}

__attribute__((noinline, noclone)) void
foo (char *x, int y)
{
  *x = '\n';
  bar (x, y);
  if (y)
    *x = '\0';
}

int
main ()
{
  char *p = malloc (1);
  if (p)
    {
      foo (p, 1);
      if (*p != '\0')
        abort ();
      foo (p, 0);
    }
  return 0;
}

The above testcase is miscompiled, starting with 4.3 with just -O2, before that
(including 3.2) with -O2 -ftree-cselim.  If you run the testcase under
valgrind, it will complain loudly, I could rewrite it (less portably) using
mmap/munmap to show it crash even without valgrind.

I'm afraid we need to invalidate the set of non-trapping MEMs on non-pure/const
calls (perhaps with the exception of selected builtins, e.g. none of the
string/mem builtins should actually unmap/mprotect/free any memory).