This program: #include <stdio.h> #include <pthread.h> int g_8 = 1; int g_140; int *g_139 = &g_140; int **g_138 = &g_139; int g_182; void func_2 (p1) { **g_138 = 0; } int func_11 (int p1, int p2, int p3, int p4) { if (g_8) return 0; ++g_182; return 0; } void *context (void *ptr) { g_182 = 1; printf ("%d\n",g_182); } void main () { pthread_t thread1; int iret1; iret1 = pthread_create( &thread1, NULL, context, (void*) 0); func_2 (func_11 (0, 0, 0, 0) ); pthread_join( thread1, NULL); } is miscompiled by gcc --param allow-store-data-races=0 -O2 (or -O3) on x86_64. [ gcc version 4.8.0 20121011 (experimental) (GCC) ] The program has no data-races because the ++g_182 instruction in func_11 is never executed by the main thread, and the context thread is expected to always print 1. The -O2 and -O3 optimisers (invoked with --param allow-store-data-races=0) compile main as: main: subq $24, %rsp xorl %ecx, %ecx xorl %esi, %esi leaq 8(%rsp), %rdi movl $context, %edx call pthread_create xorl %eax, %eax cmpl $1, g_8(%rip) movq 8(%rsp), %rdi setb %al (**) addl %eax, g_182(%rip) movq g_138(%rip), %rax xorl %esi, %esi movq (%rax), %rax movl $0, (%rax) call pthread_join addq $24, %rsp ret The problem is in the (**) instruction: addl %eax, g_182(%rip) which inserts a write of the value 0 in the run-time trace of the main thread, possibly resulting in the context thread printing 0.
This is ifcvt.c in action. This is the if (!set_b && MEM_P (orig_x)) case where we already do some checks: if (noce_mem_write_may_trap_or_fault_p (orig_x)) return FALSE; and if (!noce_can_store_speculate_p (test_bb, orig_x)) return FALSE; I'd say noce_can_store_speculate_p is buggy, it uses if (memory_modified_in_insn_p (mem, insn)) return true; but memory_modified_in_insn_p is pessimistic, it doesn't tell whether mem is surely set, but whether it might be set. I guess it would need to use note_stores that would just do rtx_equal_p on the addresses or similarly prove it is surely (and unconditionally) written. So even note_stores might not be the right thing, perhaps just looking at single_set SET_DEST. And avoiding inline asm, that doesn't have to store unconditionally.
Created attachment 28444 [details] reduced testcase
Author: aldyh Date: Wed Oct 17 20:59:40 2012 New Revision: 192548 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=192548 Log: PR rtl-optimization/54900 * ifcvt.c (noce_can_store_speculate_p): Call memory_must_be_modified_in_insn_p. * alias.c (memory_must_be_modified_in_insn_p): New. (set_dest_equal_p): New. * rtl.h (memory_must_be_modified_in_p): Protoize. Modified: trunk/gcc/ChangeLog trunk/gcc/alias.c trunk/gcc/ifcvt.c trunk/gcc/rtl.h
gcc version 4.8.0 20121018 (experimental) - which includes revision 192548 - compiles this example correctly. It also fixes http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54906 . Great, thanks.
I am leaving this PR open while I address the corner case presented by Jakub somewhere in this thread: http://gcc.gnu.org/ml/gcc-patches/2012-10/msg01763.html ...though technically the testcase in this PR has been fixed :).
(In reply to Aldy Hernandez from comment #5) > I am leaving this PR open while I address the corner case presented by Jakub > somewhere in this thread: > > http://gcc.gnu.org/ml/gcc-patches/2012-10/msg01763.html > > ...though technically the testcase in this PR has been fixed :). Maybe open a new PR for those corner cases, and put some test cases in it? Leaving this open without further reference to an actual problem is confusing...