From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 3B339384601D; Wed, 6 Jan 2021 23:11:25 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3B339384601D From: "slyfox at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/98499] [11 Regression] Possibly bad std::string initialization in constructors Date: Wed, 06 Jan 2021 23:11:24 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: slyfox at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P1 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 11.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2021 23:11:25 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D98499 --- Comment #6 from Sergei Trofimovich --- (In reply to Richard Biener from comment #5) > Possibly in discovering pure/constness. See uses of > gimple_call_return_slot_opt_p in tree-ssa-structalias.c Aha, that's useful! Trying to understand the problem better myself: `-fdump-tree-all` has seemi= ngly relevant `036t.ealias` that precedes breaking `037t.fre1`. I assume `036t.ealias` analyses individual functions locally and does not t= ake into account other details, thus main() analysis should be enough: ``` ... Points-to sets ANYTHING =3D { ANYTHING } ESCAPED =3D { ESCAPED NONLOCAL } NONLOCAL =3D { ESCAPED NONLOCAL } STOREDANYTHING =3D { } INTEGER =3D { ANYTHING } _ZN8ImporterC1Ev =3D { } imp.0+64 =3D { ESCAPED NONLOCAL } same as _6 imp.64+8 =3D { ESCAPED NONLOCAL } __builtin_trap =3D { } main =3D { } CALLUSED(9) =3D { ESCAPED NONLOCAL imp.0+64 imp.64+8 } same as callarg(11) CALLCLOBBERED(10) =3D { ESCAPED NONLOCAL imp.0+64 imp.64+8 } same as callar= g(11) callarg(11) =3D { ESCAPED NONLOCAL imp.0+64 imp.64+8 } _6 =3D { ESCAPED NONLOCAL } Alias information for int main() Aliased symbols imp, UID D.2146, struct Importer, is addressable Call clobber information ESCAPED, points-to non-local, points-to vars: { } Flow-insensitive points-to information _6, points-to non-local, points-to escaped, points-to NULL, points-to vars:= { } int main () { struct Importer imp; char * _6; : Importer::Importer (&imp); _6 =3D MEM[(struct string *)&imp]._M_buf; if (&MEM[(struct string *)&imp]._M_local_buf !=3D _6) goto ; [0.00%] else goto ; [100.00%] [count: 0]: __builtin_trap (); : imp =3D{v} {CLOBBER}; imp =3D{v} {CLOBBER}; return 0; } ``` I think this looks correct. As I understand we care about a few things in t= he analysis here: 1. imp.0+64 and _6 both point to the same flow-insensitive classes (both are ESCAPED NONLOCAL) 2. imp.0+64 and _6 both point to the same field in flow-sensitive analysis (both do according to `imp.0+64 =3D { ESCAPED NONLOCAL } same as _6`. I don't see problems here. Mechanically looking at incorrect gcc's decision for `imp.0+64 !=3D _6`: ptrs_compare_unequal( ptr1 =3D &MEM[(struct string *)&imp]._M_local_buf, ptr2 =3D _6 ) returns `TRUE` because pt_solution_includes( info =3D ptr2->pt, obj1 =3D imp ) returns `FALSE`. That seems to be a bug. Do arguments to `pt_solution_includes` look correct so far? Does it try to answer "could _6 point at any field of 'imp' type"?=