I don't believe the program below should crash when run. Valgrind says the store at line 20 is at fault, which is strange since it looks like the "if" branch should execute twice and the "else" branch 0 times. regehr@john-home:~$ current-gcc -O small.c -o small regehr@john-home:~$ ./small Segmentation fault regehr@john-home:~$ cat small.c #include <stdio.h> int g_6[1][2] = {{1,1}}; int g_34 = 0; int *const g_82 = &g_6[0][1]; int *g_85[2][1] = {{&g_34}, {&g_34}}; void func_4 (void) { int i; for (i = 0; i <= 1; i++) { if (g_6[0][1]) { *g_82 = 1; } else { int **l_109 = &g_85[1][0]; if (&g_82 != l_109) { } else { *l_109 = &g_6[0][1]; } *g_82 = 1; } } } int main (void) { func_4(); return 0; } regehr@john-home:~$ current-gcc -v Using built-in specs. COLLECT_GCC=current-gcc COLLECT_LTO_WRAPPER=/home/regehr/z/compiler-install/gcc-r157783-install/libexec/gcc/i686-pc-linux-gnu/4.5.0/lto-wrapper Target: i686-pc-linux-gnu Configured with: ../configure --with-libelf=/usr/local --enable-lto --prefix=/home/regehr/z/compiler-install/gcc-r157783-install --program-prefix=r157783- --enable-languages=c,c++ Thread model: posix gcc version 4.5.0 20100328 (experimental) (GCC)
Happens on x86_64-pc-linux-gnu, too. Segfaults with gcc-4.3.0 and 4.3.2 (as shipped by fedora), but runs fine with 3.3.6, 3.4.6 and my custom 4.4.4.
It is caused by revision 147083: http://gcc.gnu.org/ml/gcc-cvs/2009-05/msg00057.html
4.3 fails, too. Was this something known-broken in 4.3, fixed in 4.4 and re-broken in 4.5?
Mine.
It's a latent bug in loop store-motion. We move stores to trapping locations because we do not check that there is an unconditional store (but we are fine with an unconditional load). And we do not honor the fact that readonly memory locations only trap on stores. I have a patch.
Testcase that fails since tree-ssa: int g_6[1][2] = {{1,1}}; int g_34 = 0; int *const g_82 = &g_6[0][1]; int *g_85[2][1]; void func_4 (void) { int i; for (i = 0; i <= 1; i++) { if (g_6[0][1]) { *g_82 = 1; } else { int **l_109 = &g_85[1][0]; if (&g_82 != l_109) { } else { *l_109 = &g_6[0][1]; } *g_82 = 1; } } } int main (void) { g_85[0][0] = &g_34; g_85[1][0] = &g_34; func_4(); return 0; }
test
Subject: Bug 43560 Author: rguenth Date: Mon Mar 29 15:20:07 2010 New Revision: 157799 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=157799 Log: 2010-03-29 Richard Guenther <rguenther@suse.de> PR tree-optimization/43560 * tree-ssa-loop-im.c (ref_always_accessed_p): Add store_p parameter. (can_sm_ref_p): Treat stores to readonly locations as trapping. * gcc.dg/torture/pr43560.c: New testcase. Added: trunk/gcc/testsuite/gcc.dg/torture/pr43560.c Modified: trunk/gcc/ChangeLog trunk/gcc/testsuite/ChangeLog trunk/gcc/tree-ssa-loop-im.c
Fixed for 4.5.
test2
and another test
Subject: Bug 43560 Author: jakub Date: Thu Apr 8 11:31:00 2010 New Revision: 158119 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=158119 Log: Backport from mainline: 2010-03-29 Richard Guenther <rguenther@suse.de> PR tree-optimization/43560 * tree-ssa-loop-im.c (ref_always_accessed_p): Add store_p parameter. (can_sm_ref_p): Treat stores to readonly locations as trapping. * gcc.dg/torture/pr43560.c: New testcase. Added: branches/gcc-4_4-branch/gcc/testsuite/gcc.dg/torture/pr43560.c Modified: branches/gcc-4_4-branch/gcc/ChangeLog branches/gcc-4_4-branch/gcc/testsuite/ChangeLog branches/gcc-4_4-branch/gcc/tree-ssa-loop-im.c
Fixed also for 4.4.
Testcase distilled from OO.o that has been also fixed by this bugfix (failed at -Os). Do we want it for the testsuite too? struct S { int a, b; char c[10]; }; __attribute__((noinline)) void test (struct S *x) { while (x->b > 1 && x->c[x->b - 1] == '/') { x->b--; x->c[x->b] = '\0'; } } const struct S s = { 0, 0, "" }; int main () { struct S *p; asm ("" : "=r" (p) : "0" (&s)); test (p); return 0; }
Subject: Re: [4.3 Regression] possible wrong code bug On Fri, 9 Apr 2010, jakub at gcc dot gnu dot org wrote: > ------- Comment #14 from jakub at gcc dot gnu dot org 2010-04-09 18:24 ------- > Testcase distilled from OO.o that has been also fixed by this bugfix (failed at > -Os). Do we want it for the testsuite too? > > struct S > { > int a, b; > char c[10]; > }; > > __attribute__((noinline)) void > test (struct S *x) > { > while (x->b > 1 && x->c[x->b - 1] == '/') > { > x->b--; > x->c[x->b] = '\0'; > } > } > > const struct S s = { 0, 0, "" }; > > int > main () > { > struct S *p; > asm ("" : "=r" (p) : "0" (&s)); > test (p); > return 0; > } Yes please.
Subject: Bug 43560 Author: jakub Date: Mon Apr 12 10:18:39 2010 New Revision: 158220 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=158220 Log: PR tree-optimization/43560 * gcc.c-torture/execute/pr43560.c: New test. Added: trunk/gcc/testsuite/gcc.c-torture/execute/pr43560.c Modified: trunk/gcc/testsuite/ChangeLog
Subject: Bug 43560 Author: jakub Date: Mon Apr 12 10:22:21 2010 New Revision: 158221 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=158221 Log: PR tree-optimization/43560 * gcc.c-torture/execute/pr43560.c: New test. Added: branches/gcc-4_5-branch/gcc/testsuite/gcc.c-torture/execute/pr43560.c Modified: branches/gcc-4_5-branch/gcc/testsuite/ChangeLog
Subject: Bug 43560 Author: jakub Date: Mon Apr 12 10:25:11 2010 New Revision: 158222 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=158222 Log: PR tree-optimization/43560 * gcc.c-torture/execute/pr43560.c: New test. Added: branches/gcc-4_4-branch/gcc/testsuite/gcc.c-torture/execute/pr43560.c Modified: branches/gcc-4_4-branch/gcc/testsuite/ChangeLog
GCC 4.3.5 is being released, adjusting target milestone.
Fixed for 4.4.4.