From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jakub@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2153)
	id 67BC63865491; Thu, 15 Feb 2024 15:20:57 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 67BC63865491
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1708010457;
	bh=D1BBn77Fw33enNzY6fvk8WiLpUYcqrDFTk3Uqhtiu0A=;
	h=From:To:Subject:Date:From;
	b=K4ly+P7X3hzTdsgHgIpyhQdg/8dBo5gQ9Y0J9maF5mSplPAeNcu0RB+xSNj/Vx9D4
	 e2pfyKZ2aNYY7MM9sdLy+s8DpNHeAskHhfl5BRX8YVP1C+oMbqAwu4G0l7xtNbhcnk
	 HaIkP9Osq9E5Im/0mQBfnK/ySW2ktFm5WtMiUR5A=
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
From: Jakub Jelinek <jakub@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r11-11239] expand: Fix handling of asm goto outputs vs. PHI
 argument adjustments [PR113921]
X-Act-Checkin: gcc
X-Git-Author: Jakub Jelinek <jakub@redhat.com>
X-Git-Refname: refs/heads/releases/gcc-11
X-Git-Oldrev: 38466c71374d1ca7b79c7ef4793d4c14480fe8c4
X-Git-Newrev: 7a6e9e70ea88061981c5565c043985d8cde9ecc8
Message-Id: <20240215152057.67BC63865491@sourceware.org>
Date: Thu, 15 Feb 2024 15:20:57 +0000 (GMT)
List-Id: <gcc-cvs.sourceware.org>

https://gcc.gnu.org/g:7a6e9e70ea88061981c5565c043985d8cde9ecc8

commit r11-11239-g7a6e9e70ea88061981c5565c043985d8cde9ecc8
Author: Jakub Jelinek <jakub@redhat.com>
Date:   Thu Feb 15 15:53:01 2024 +0100

    expand: Fix handling of asm goto outputs vs. PHI argument adjustments [PR113921]
    
    The Linux kernel and the following testcase distilled from it is
    miscompiled, because tree-outof-ssa.cc (eliminate_phi) emits some
    fixups on some of the edges (but doesn't commit edge insertions).
    Later expand_asm_stmt emits further instructions on the same edge.
    Now the problem is that expand_asm_stmt uses insert_insn_on_edge
    to add its own fixups, but that function appends to the existing
    sequence on the edge if any.  And the bug triggers when the
    fixup sequence emitted by eliminate_phi uses a pseudo which the
    fixup sequence emitted by expand_asm_stmt later on sets.
    So, we end up with
      (set (reg A) (asm_operands ...))
    and on one of the edges queued sequence
      (set (reg C) (reg B)) // added by eliminate_phi
      (set (reg B) (reg A)) // added by expand_asm_stmt
    That is wrong, what we emit by expand_asm_stmt needs to be as close
    to the asm_operands as possible (they aren't known until expand_asm_stmt
    is called, the PHI fixup code assumes it is reg B which holds the right
    value) and the PHI adjustments need to be done after it.
    
    So, the following patch introduces a prepend_insn_to_edge function and
    uses it from expand_asm_stmt, so that we queue
      (set (reg B) (reg A)) // added by expand_asm_stmt
      (set (reg C) (reg B)) // added by eliminate_phi
    instead and so the value from the asm_operands output propagates correctly
    to the PHI result.
    
    2024-02-15  Jakub Jelinek  <jakub@redhat.com>
    
            PR middle-end/113921
            * cfgrtl.h (prepend_insn_to_edge): New declaration.
            * cfgrtl.c (insert_insn_on_edge): Clarify behavior in function
            comment.
            (prepend_insn_to_edge): New function.
            * cfgexpand.c (expand_asm_stmt): Use prepend_insn_to_edge instead of
            insert_insn_on_edge.
    
            * gcc.target/i386/pr113921.c: New test.
    
    (cherry picked from commit 2b4efc5db2aedb59196987300e14951d08cd7106)

Diff:
---
 gcc/cfgexpand.c                          |  2 +-
 gcc/cfgrtl.c                             | 24 ++++++++++++++++++++++--
 gcc/cfgrtl.h                             |  1 +
 gcc/testsuite/gcc.target/i386/pr113921.c | 20 ++++++++++++++++++++
 4 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/gcc/cfgexpand.c b/gcc/cfgexpand.c
index a607ad50d2bd..d3768a6134ba 100644
--- a/gcc/cfgexpand.c
+++ b/gcc/cfgexpand.c
@@ -3639,7 +3639,7 @@ expand_asm_stmt (gasm *stmt)
 		emit_insn (copy_insn (PATTERN (curr)));
 	      rtx_insn *copy = get_insns ();
 	      end_sequence ();
-	      insert_insn_on_edge (copy, e);
+	      prepend_insn_to_edge (copy, e);
 	    }
 	}
     }
diff --git a/gcc/cfgrtl.c b/gcc/cfgrtl.c
index 4fb145ee4c43..e24c6c04ec88 100644
--- a/gcc/cfgrtl.c
+++ b/gcc/cfgrtl.c
@@ -25,7 +25,7 @@ along with GCC; see the file COPYING3.  If not see
      - CFG-aware instruction chain manipulation
 	 delete_insn, delete_insn_chain
      - Edge splitting and committing to edges
-	 insert_insn_on_edge, commit_edge_insertions
+	 insert_insn_on_edge, prepend_insn_to_edge, commit_edge_insertions
      - CFG updating after insn simplification
 	 purge_dead_edges, purge_all_dead_edges
      - CFG fixing after coarse manipulation
@@ -1990,7 +1990,8 @@ rtl_split_edge (edge edge_in)
 
 /* Queue instructions for insertion on an edge between two basic blocks.
    The new instructions and basic blocks (if any) will not appear in the
-   CFG until commit_edge_insertions is called.  */
+   CFG until commit_edge_insertions is called.  If there are already
+   queued instructions on the edge, PATTERN is appended to them.  */
 
 void
 insert_insn_on_edge (rtx pattern, edge e)
@@ -2010,6 +2011,25 @@ insert_insn_on_edge (rtx pattern, edge e)
   end_sequence ();
 }
 
+/* Like insert_insn_on_edge, but if there are already queued instructions
+   on the edge, PATTERN is prepended to them.  */
+
+void
+prepend_insn_to_edge (rtx pattern, edge e)
+{
+  /* We cannot insert instructions on an abnormal critical edge.
+     It will be easier to find the culprit if we die now.  */
+  gcc_assert (!((e->flags & EDGE_ABNORMAL) && EDGE_CRITICAL_P (e)));
+
+  start_sequence ();
+
+  emit_insn (pattern);
+  emit_insn (e->insns.r);
+
+  e->insns.r = get_insns ();
+  end_sequence ();
+}
+
 /* Update the CFG for the instructions queued on edge E.  */
 
 void
diff --git a/gcc/cfgrtl.h b/gcc/cfgrtl.h
index 0c8568ba757c..9ef8db33e235 100644
--- a/gcc/cfgrtl.h
+++ b/gcc/cfgrtl.h
@@ -38,6 +38,7 @@ extern edge try_redirect_by_replacing_jump (edge, basic_block, bool);
 extern void emit_barrier_after_bb (basic_block bb);
 extern basic_block force_nonfallthru_and_redirect (edge, basic_block, rtx);
 extern void insert_insn_on_edge (rtx, edge);
+extern void prepend_insn_to_edge (rtx, edge);
 extern void commit_one_edge_insertion (edge e);
 extern void commit_edge_insertions (void);
 extern void print_rtl_with_bb (FILE *, const rtx_insn *, dump_flags_t);
diff --git a/gcc/testsuite/gcc.target/i386/pr113921.c b/gcc/testsuite/gcc.target/i386/pr113921.c
new file mode 100644
index 000000000000..f7efba741436
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr113921.c
@@ -0,0 +1,20 @@
+/* PR middle-end/113921 */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+__attribute__((noipa)) long
+foo (void)
+{
+  long v;
+  asm volatile goto ("jmp %l2" : "=r" (v) : "0" (27) : : lab);
+  return v;
+lab:
+  return 42;
+}
+
+int
+main ()
+{
+  if (foo () != 42)
+    __builtin_abort ();
+}