This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug middle-end/39794] [4.4/4.5 Regression] Miscompile with -O2 -funroll-loops
- From: "amonakov at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 17 Apr 2009 21:55:20 -0000
- Subject: [Bug middle-end/39794] [4.4/4.5 Regression] Miscompile with -O2 -funroll-loops
- References: <bug-39794-13999@http.gcc.gnu.org/bugzilla/>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Comment #2 from amonakov at gcc dot gnu dot org 2009-04-17 21:55 -------
I attempted to investigate the miscompilation on the 4.4 branch.
The problem seems to appear in dse2 pass. Basically, after encountering
313 dx:DI=ax:DI+0x4
187 {[di:DI+dx:DI]=[di:DI+dx:DI]<<0x1;clobber flags:CC;}
...
191 [di:DI+dx:DI+0x4]=cx:SI
314 dx:DI=ax:DI+0x8
200 {[di:DI+dx:DI]=[di:DI+dx:DI]<<0x1;clobber flags:CC;}
and upon considering insn 200, dse2 decides to delete insn 191 and protect insn
187 (both are wrong, 200 depends on 191 and 187 is irrelevant):
**scanning insn=200
mem: (plus:DI (reg/v/f:DI 5 di [orig:63 a ] [63])
(reg:DI 1 dx [orig:84 ivtmp.36 ] [84]))
expanding: r5 into: NULL
expanding: r1 into: (plus:DI (value:DI)
(const_int 8 [0x8]))
expanding value DI into: r0
expanding: r0 into: NULL
after cselib_expand address: (plus:DI (plus:DI (reg/v/f:DI 5 di [orig:63 a ]
[63])
(reg:DI 0 ax [orig:76 ivtmp.36 ] [76]))
(const_int 8 [0x8]))
after canon_rtx address: (plus:DI (plus:DI (reg/v/f:DI 5 di [orig:63 a ]
[63])
(reg:DI 0 ax [orig:76 ivtmp.36 ] [76]))
(const_int 8 [0x8]))
varying cselib base=67 offset = 8
processing cselib load mem:(mem:SI (plus:DI (reg/v/f:DI 5 di [orig:63 a ]
[63])
(reg:DI 1 dx [orig:84 ivtmp.36 ] [84])) [2 S4 A32])
processing cselib load against insn 191
processing cselib load against insn 187
removing from active insn=187 has store
mem: (plus:DI (reg/v/f:DI 5 di [orig:63 a ] [63])
(reg:DI 1 dx [orig:84 ivtmp.36 ] [84]))
expanding: r5 into: NULL
expanding: r1 into: (plus:DI (value:DI)
(const_int 8 [0x8]))
expanding value DI into: r0
expanding: r0 into: NULL
after cselib_expand address: (plus:DI (plus:DI (reg/v/f:DI 5 di [orig:63 a ]
[63])
(reg:DI 0 ax [orig:76 ivtmp.36 ] [76]))
(const_int 8 [0x8]))
after canon_rtx address: (plus:DI (plus:DI (reg/v/f:DI 5 di [orig:63 a ]
[63])
(reg:DI 0 ax [orig:76 ivtmp.36 ] [76]))
(const_int 8 [0x8]))
varying cselib base=67 offset = 8
processing cselib store [8..12)
trying store in insn=191 gid=-1[8..12)
Locally deleting insn 191
deferring deletion of insn with uid = 191.
mems_found = 1, cannot_delete = false
I wonder how dse2 is supposed to notice that insn 314 changes DX. E.g. when
checking rhs of insn 200 ([di+dx]) against lhs of insn 191 ([di+dx+4] for
different dx) in check_mem_read_rtx it calls canon_true_dependence (from
dse.c:2224) for [di+dx] and [di+dx+4] which returns false. However, these
references clearly conflict. Maybe a stupid question, but shouldn't this
canon_true_dependence call receive canonicalized MEMs from 'base' and
'store_info->cse_base'?
--
amonakov at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |amonakov at gmail dot com,
| |amonakov at gcc dot gnu dot
| |org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39794