This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug rtl-optimization/47414] New: [4.6 Regression] wrong code with -O -freorder-blocks -fschedule-insns2 -fno-early-inlining -fstrict-aliasing -ftracer
- From: "zsojka at seznam dot cz" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Sat, 22 Jan 2011 20:57:32 +0000
- Subject: [Bug rtl-optimization/47414] New: [4.6 Regression] wrong code with -O -freorder-blocks -fschedule-insns2 -fno-early-inlining -fstrict-aliasing -ftracer
- Auto-submitted: auto-generated
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47414
Summary: [4.6 Regression] wrong code with -O -freorder-blocks
-fschedule-insns2 -fno-early-inlining
-fstrict-aliasing -ftracer
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: rtl-optimization
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: zsojka@seznam.cz
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Created attachment 23077
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=23077
reduced testcase
Output:
$ g++ -O -freorder-blocks -fschedule-insns2 -fno-early-inlining
-fstrict-aliasing -ftracer testcase.C
$ ./a.out
==32217== Invalid write of size 8
==32217== at 0x40061B: test01() (testcase.C:44)
==32217== by 0x4006BC: main (testcase.C:62)
==32217== Address 0x0 is not stack'd, malloc'd or (recently) free'd
Segmentation fault
The assembly looks like:
2 mov rcx, rsp # nul,
mov QWORD PTR [rax], rbp # b_17->D.2238.next, b
mov DWORD PTR [rax+8], 1 # b_17->i,
1 mov rdx, QWORD PTR [rcx] # nul, nul_23->D.2238.next
3 mov QWORD PTR [rsp], rax # MEM[(struct A *)&s].next, b
mov esi, 0 # nul,
test rdx, rdx # nul
jne .L10 #,
.L6:
>>> mov QWORD PTR [rsi], 0 # nul_12->D.2238.next,
^ crash
The problem is that (1) loads the value before it is stored at (3).
rcx == rsp because of (2).
Without -fschedule-insns2:
mov DWORD PTR [rax+8], 1 # b_17->i,
mov QWORD PTR [rax], rbp # b_17->D.2238.next, b
1 mov QWORD PTR [rsp], rax # MEM[(struct A *)&s].next, b
mov esi, 0 # nul,
2 mov rcx, rsp # nul,
3 mov rdx, QWORD PTR [rcx] # nul, nul_23->D.2238.next
test rdx, rdx # nul
jne .L10 #,
.L6:
mov QWORD PTR [rsi], 0 # nul_12->D.2238.next,
The order is correct.
Tested revisions:
r169125 - fail
4.5 r168785 - OK