From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-450641-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 10775 invoked by alias); 6 May 2014 08:45:16 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 10738 invoked by uid 48); 6 May 2014 08:45:12 -0000
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/61060] [4.9/4.10 Regression] ICE: in int_mode_for_mode, at stor-layout.c:400 with -free-ter
Date: Tue, 06 May 2014 08:45:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: target
X-Bugzilla-Version: 4.10.0
X-Bugzilla-Keywords: ice-on-valid-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: rguenth at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 4.9.1
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-61060-4-XUCHtZsD2i@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-61060-4@http.gcc.gnu.org/bugzilla/>
References: <bug-61060-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-05/txt/msg00333.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61060

--- Comment #4 from Richard Biener <rguenth at gcc dot gnu.org> ---
At -O0?  Well...  it seems the expander doesn't yet see it's zero:

  /* If the LEN parameter is zero, return DEST.  */
  if (integer_zerop (len))
    {
      /* Evaluate and ignore VAL in case it has side-effects.  */
      expand_expr (val, const0_rtx, VOIDmode, EXPAND_NORMAL);
      return expand_expr (dest, target, mode, EXPAND_NORMAL);

that is because len is len_5 at -O0 (no CCP), but it is TERed and thus
len_5 = 0 is expanded in-place.

I'd say the backend should better deal with this.  Or we have to
double-check (or delay) the zero-length check until after

  len_rtx = expand_normal (len);

sth like

Index: gcc/builtins.c
===================================================================
--- gcc/builtins.c      (revision 209890)
+++ gcc/builtins.c      (working copy)
@@ -3685,20 +3685,20 @@ expand_builtin_memset_args (tree dest, t
   if (expected_align < dest_align)
     expected_align = dest_align;

+  /* Stabilize the arguments in case we fail.  */
+  dest = builtin_save_expr (dest);
+  val = builtin_save_expr (val);
+  len = builtin_save_expr (len);
+
+  len_rtx = expand_normal (len);
   /* If the LEN parameter is zero, return DEST.  */
-  if (integer_zerop (len))
+  if (len_rtx == const0_rtx)
     {
       /* Evaluate and ignore VAL in case it has side-effects.  */
       expand_expr (val, const0_rtx, VOIDmode, EXPAND_NORMAL);
       return expand_expr (dest, target, mode, EXPAND_NORMAL);
     }

-  /* Stabilize the arguments in case we fail.  */
-  dest = builtin_save_expr (dest);
-  val = builtin_save_expr (val);
-  len = builtin_save_expr (len);
-
-  len_rtx = expand_normal (len);
   determine_block_size (len, len_rtx, &min_size, &max_size,
                        &probable_max_size);
   dest_mem = get_memory_rtx (dest, len);


probably applies to almost all builtin expansions.

But I'd say the backend should be more fault-tolerant here.  It can't
simply reserve len == 0 for itself.