From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 3398 invoked by alias); 14 Feb 2014 09:28:20 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 3348 invoked by uid 48); 14 Feb 2014 09:28:16 -0000 From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/60183] [4.7/4.8/4.9 Regression] phiprop creates invalid code Date: Fri, 14 Feb 2014 09:28:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 4.8.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: rguenth at gcc dot gnu.org X-Bugzilla-Target-Milestone: 4.7.4 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-02/txt/msg01292.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60183 --- Comment #3 from Richard Biener --- (In reply to Jakub Jelinek from comment #2) > Updated testcase that segfaults for me, no -fsanitize=address is then needed > to trigger it. Works with -O0 or -O? -fno-tree-phiprop: > > unsigned char c[0x300001] = { 1 }; > int j = 2; > > static void > foo (unsigned long *x, unsigned char *y) > { > int i; > unsigned long w = x[0]; > for (i = 0; i < j; i++) > { > w += *y; > y += 0x100000; > w += *y; > y += 0x100000; > } > x[1] = w; > } > > __attribute__ ((noinline, noclone)) void > bar (unsigned long *x) > { > foo (x, c); > } > > int > main () > { > unsigned long a[2] = { 0, -1UL }; > asm volatile (""::"r" (c):"memory"); > c[0] = 0; > bar (a); > if (a[1] != 0) > __builtin_abort (); > return 0; > } > > Perhaps phiprop is confused by the &MEM[(void *)y_5 + 2097152B] and thinks > that because of the MEM_REF in there it is safe to dereference it? It doesn't check whether it's safe to dereference because it thinks it's dereferenced anyway. It wasn't supposed to speculate loads. We miss Index: tree-ssa-phiprop.c =================================================================== --- tree-ssa-phiprop.c (revision 207757) +++ tree-ssa-phiprop.c (working copy) @@ -309,6 +309,10 @@ propagate_with_phi (basic_block bb, gimp gimple def_stmt; tree vuse; + /* Only replace loads in the same block as the PHI node. */ + if (gimple_bb (use_stmt) != bb) + continue; + /* Check whether this is a load of *ptr. */ if (!(is_gimple_assign (use_stmt) && TREE_CODE (gimple_assign_lhs (use_stmt)) == SSA_NAME or really a post-dominator check - but we don't compute post-dominators and I'm not sure it would be worth doing that.