From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18040 invoked by alias); 13 Nov 2013 16:50:17 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 18001 invoked by uid 48); 13 Nov 2013 16:50:13 -0000 From: "law at redhat dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/59083] -fisolate-erroneous-paths produces illegal instruction with enabled -fprofile-generate Date: Wed, 13 Nov 2013 16:50:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 4.9.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: law at redhat dot com X-Bugzilla-Status: WAITING X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-11/txt/msg01272.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59083 --- Comment #17 from Jeffrey A. Law --- Markus, For the kernel case, note the qsort prototype and the non-null attribute. That explicitly states that the pointer arguments must not be null. Any code which then passes null for those arguments has stepped into the realm of undefined behaviour. Prior to CCP2 we have: main () { int * _3; ;; basic block 2, loop depth 0, count 0, freq 10000, maybe hot ;; prev block 0, next block 1, flags: (NEW, REACHABLE) ;; pred: ENTRY [100.0%] (FALLTHRU,EXECUTABLE) _3 = a.offset; qsort (_3, 0); return 0; ;; succ: EXIT [100.0%] } a.offset gets folded to zero by CCP2 resulting in: main () { ;; basic block 2, loop depth 0, count 0, freq 10000, maybe hot ;; prev block 0, next block 1, flags: (NEW, REACHABLE) ;; pred: ENTRY [100.0%] (FALLTHRU,EXECUTABLE) qsort (0B, 0); return 0; ;; succ: EXIT [100.0%] } Note we're passing NULL as the first argument to qsort, which has a declaration saying that none of its pointer arguments can be NULL. Note we're able to fold a.offset to zero because we can see "a"'s initializer. AFAICT the code is doing exactly what is expected.