From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 722 invoked by alias); 28 Feb 2014 12:32:27 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 655 invoked by uid 48); 28 Feb 2014 12:32:22 -0000 From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug ipa/60306] [4.9 Regression] Incorrect devirtualization "pure virtual method called" Date: Fri, 28 Feb 2014 12:32:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: ipa X-Bugzilla-Version: 4.9.0 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Priority: P1 X-Bugzilla-Assigned-To: hubicka at gcc dot gnu.org X-Bugzilla-Target-Milestone: 4.9.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-02/txt/msg02838.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60306 --- Comment #6 from Richard Biener --- (In reply to Jan Hubicka from comment #4) > OK, I am re-considering my decision to not assign this to Martin. > The problem is the following. We have call: > > struct Box x; > ... > x = edges_connecting_to_node (1); [return slot optimization] > ... > _19 = OBJ_TYPE_REF(_18;(const struct Object)&x.D.8084->0) (&x.D.8084); > > The dynamic type of x at that point is Box. We however get it wrong as > Object. This is what come from detect_type_change. > > The reason is that detect_type_change actually ignores > x = edges_connecting_to_node (1); [return slot optimization] > which it should not, since it gives it an useful information that x is fully > constructed when the return value happens. > > But it considers other statement: > MEM[(struct new_allocator *)&x + 8B] ={v} {CLOBBER}; > MEM[(struct allocator *)&x + 8B] ={v} {CLOBBER}; > MEM[(struct _Vector_impl *)&x + 8B] ={v} {CLOBBER}; > MEM[(struct _Vector_base *)&x + 8B] ={v} {CLOBBER}; > MEM[(struct vector *)&x + 8B] ={v} {CLOBBER}; > MEM[(struct Object *)&x]._vptr.Object = &MEM[(void *)&_ZTV6Object + 16B]; > MEM[(struct Object *)&x] ={v} {CLOBBER}; > x ={v} {CLOBBER}; > > which is end of the loop the whole thing is contained in. The dead store to > ._vptr.Object come from inlined destructor and it makes detect_type_change > to believe that the dynamic type is Object. That is true if you manage to > ignore the initialization. > > Now I wonder how to fix this; simple fix is to make detect_type_change to > notice the call and constructors, that is useful by itself. > But I believe there is deeper problem, we need to prove that on _all_ paths > to the statement the dynamic type was changed in known way, not that on all > paths where we can understand the dynamic change the type changed same way. It seems that the current code doesn't properly perform that "merging". The walker will happily walks all incoming edges of PHIs. > Can alias oracle walker tell us when it runs into default def? Well, it simply stops walking, so no, it doesn't return whether the callback returned always false (I didn't need it so I didn't implement it ...).