[Bug rtl-optimization/21848] New: load_mems / replace_loop_mems bug causes miscompilation of jcf-io.c / SEGV while processing java/lang/AbstractMethodError

["amylaar at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>]

gcc fails to bootstrap on i686-pc-linux-gnu:
./../.././gcc/gcjh -classpath '' -bootclasspath . java/lang/AbstractMethodError
make[2]: *** [java/lang/AbstractMethodError.h] Segmentation fault
make[2]: *** Deleting file `'
make[2]: Leaving directory
`/mnt/scratch/nightly/2005-05-31/i686/i686-pc-linux-gnu/libjava'
make[1]: *** [all-target-libjava] Error 2

gcc/java/jcf-io.c:format_uint is miscompiled.
This is the function:

extern void format_uint (char *, unsigned long long, int);

void
format_uint (char *buffer, unsigned long long value, int base)
{

  char buf[(4 + sizeof(unsigned long long) * 8)];
  char *buf_ptr = buf+(4 + sizeof(unsigned long long) * 8);
  int chars_written;
  int i;



  do {
    int digit = value % base;
    static const char digit_chars[] = "0123456789abcdefghijklmnopqrstuvwxyz";
    *--buf_ptr = digit_chars[digit];
    value /= base;
  } while (value != 0);

  chars_written = buf+(4 + sizeof(unsigned long long) * 8) - buf_ptr;
  for (i = 0; i < chars_written; i++)
    buffer[i] = *buf_ptr++;
  buffer[i] = 0;
}

compiled with:

stage2/cc1 -fpreprocessed jcf-io.i -quiet -dumpbase jcf-io.c -march=i686
-auxbase-strip trash -g -O2 -W -Wall -Wwrite-strings -Wstrict-prototypes
-Wmissing-prototypes -pedantic -Wno-long-long -Wno-variadic-macros
-Wold-style-definition -Werror -version -fomit-frame-pointer -fno-common -o jcf-io.s

compilation with the stage1 compiler shows identical miscompilation.
The parameters for umoddi are not written to the stack.

In jcf-io.c.05.gcse, we have:

(insn 22 21 23 1 jcf-io-0.i:17 (set (mem:DI (plus:SI (reg/f:SI 7 sp)
                (const_int 8 [0x8])) [0 S8 A32])
        (reg:DI 62 [ pretmp.7 ])) 58 {*movdi_2} (nil)
    (insn_list:REG_LIBCALL 25 (nil)))

(insn 23 22 24 1 jcf-io-0.i:17 (set (mem:DI (reg/f:SI 7 sp) [0 S8 A32])
        (reg/v:DI 68 [ value ])) 58 {*movdi_2} (nil)
    (nil))

(call_insn/u 24 23 25 1 jcf-io-0.i:17 (set (reg:DI 0 ax)
        (call (mem:QI (symbol_ref:SI ("__umoddi3") [flags 0x41]) [0 S1 A8])
            (const_int 16 [0x10]))) 529 {*call_value_0} (nil)
    (expr_list:REG_EH_REGION (const_int -1 [0xffffffff])
        (nil))
    (nil))

(insn 25 24 27 1 jcf-io-0.i:17 (set (reg:DI 76)
        (reg:DI 0 ax)) 58 {*movdi_2} (nil)
    (insn_list:REG_RETVAL 22 (expr_list:REG_EQUAL (umod:DI (reg/v:DI 68 [ value 
])
                (reg:DI 62 [ pretmp.7 ]))
            (nil))))

But in jcf-io.c.06.loop:
(insn 22 21 23 1 jcf-io-0.i:17 (set (reg/v:DI 87 [ pretmp.7 ])
        (reg:DI 62 [ pretmp.7 ])) -1 (nil)
    (insn_list:REG_LIBCALL 25 (nil)))

(insn 23 22 24 1 jcf-io-0.i:17 (set (reg/v:DI 88 [ value ])
        (reg/v:DI 68 [ value ])) -1 (nil)
    (nil))

(call_insn/u 24 23 25 1 jcf-io-0.i:17 (set (reg:DI 0 ax)
        (call (mem:QI (symbol_ref:SI ("__umoddi3") [flags 0x41]) [0 S1 A8])
            (const_int 16 [0x10]))) -1 (nil)
    (expr_list:REG_EH_REGION (const_int -1 [0xffffffff])
        (nil))
    (nil))

(insn 25 24 27 1 jcf-io-0.i:17 (set (reg:DI 76)
        (reg:DI 0 ax)) -1 (nil)
    (insn_list:REG_RETVAL 22 (expr_list:REG_EQUAL (umod:DI (reg/v:DI 68 [ value 
])
                (reg:DI 62 [ pretmp.7 ]))
            (nil))))

The SET_SRC of insn 22 is changed here:

Hardware watchpoint 6: *$4

Old value = 0xb5927d14
New value = 0xb591da80
validate_change (object=0xb58b7c08, loc=0xb5927838, new=0xb591da80, in_group=1)
    at ../../srcw/gcc/recog.c:203
203       if (num_changes >= changes_allocated)
(gdb) call debug_rtx_find(get_insns(),22)
(insn 22 21 23 jcf-io-0.i:17 (set (reg/v:DI 87)
        (reg:DI 62 [ pretmp.7 ])) -1 (nil)
    (insn_list:REG_LIBCALL 25 (nil)))

$5 = (struct rtx_def *) 0xb58b7c08
(gdb) frame 1
#1  0x08584119 in replace_loop_mem (mem=0xb5927838, data=0xbfffb480)
    at ../../srcw/gcc/loop.c:11374
11374     validate_change (args->insn, mem, args->replacement, 1);
(gdb) bt
#0  validate_change (object=0xb58b7c08, loc=0xb5927838, new=0xb591da80, 
    in_group=1) at ../../srcw/gcc/recog.c:203
#1  0x08584119 in replace_loop_mem (mem=0xb5927838, data=0xbfffb480)
    at ../../srcw/gcc/loop.c:11374
#2  0x0845797e in for_each_rtx_1 (exp=0xb5927834, n=0, 
    f=0x8584097 <replace_loop_mem>, data=0xbfffb480)
    at ../../srcw/gcc/rtlanal.c:2645
#3  0x084579dc in for_each_rtx_1 (exp=0xb58b7c08, n=5, 
    f=0x8584097 <replace_loop_mem>, data=0xbfffb480)
    at ../../srcw/gcc/rtlanal.c:2660
#4  0x08457b4b in for_each_rtx (x=0xbfffb4a0, f=0x8584097 <replace_loop_mem>, 
    data=0xbfffb480) at ../../srcw/gcc/rtlanal.c:2741
#5  0x08584155 in replace_loop_mems (insn=0xb58b7c08, mem=0xb5927d14, 
    reg=0xb591da80, written=1) at ../../srcw/gcc/loop.c:11388
#6  0x08583470 in load_mems (loop=0x9812738) at ../../srcw/gcc/loop.c:10968
#7  0x08572f66 in scan_loop (loop=0x9812738, flags=0)
    at ../../srcw/gcc/loop.c:1543
#8  0x08571321 in loop_optimize (f=0xb58afae0, dumpfile=0x0, flags=0)
    at ../../srcw/gcc/loop.c:907
#9  0x084b9495 in rest_of_handle_loop_optimize ()
    at ../../srcw/gcc/passes.c:1111
#10 0x084ba079 in rest_of_compilation () at ../../srcw/gcc/passes.c:1573

-- 
           Summary: load_mems / replace_loop_mems bug causes miscompilation
                    of jcf-io.c / SEGV while processing
                    java/lang/AbstractMethodError
           Product: gcc
           Version: 4.1.0
            Status: UNCONFIRMED
          Keywords: wrong-code, build
          Severity: critical
          Priority: P1
         Component: rtl-optimization
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: amylaar at gcc dot gnu dot org
                CC: gcc-bugs at gcc dot gnu dot org
  GCC host triplet: i686-pc-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21848