Bug 84505 - [8 Regression] store-merging miscompilation on i586 in xemacs package starting with r254391
Summary: [8 Regression] store-merging miscompilation on i586 in xemacs package startin...
Status: RESOLVED DUPLICATE of bug 84503
Alias: None
Product: gcc
Classification: Unclassified
Component: tree-optimization (show other bugs)
Version: 7.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: wrong-code
Depends on:
Blocks:
 
Reported: 2018-02-21 18:29 UTC by Martin Liška
Modified: 2018-02-21 20:23 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Liška 2018-02-21 18:29:29 UTC 
I'm still reducing the test-case, but with:

$ gcc -O2 -m32 alloc.i -funroll-loops -fdump-tree-optimized=/tmp/bad.txt -c -o /tmp/bad.s -S -fno-strict-aliasing

I see following difference in tree-optimized dump:

$ diff -u /tmp/good.txt /tmp/bad.txt -U20
--- /tmp/good.txt	2018-02-21 19:15:26.081205161 +0100
+++ /tmp/bad.txt	2018-02-21 19:23:04.898349760 +0100
@@ -9831,50 +9831,49 @@
 
 free_marker (Lisp_Object ptr)
 {
   struct Lisp_Marker * FFT_ptr;
   struct Lisp_Free * marker_free_list.705_1;
   long int consing_since_gc.706_2;
   long unsigned int consing_since_gc.707_3;
   long unsigned int _4;
   long int _5;
   long unsigned int total_consing.708_6;
   long unsigned int _7;
   int profiling_active.709_8;
   int gc_count_num_marker_freelist.711_10;
   int _11;
   long int prephitmp_31;
   long int pretmp_40;
 
   <bb 2> [local count: 1431]:
   FFT_ptr_15 = (struct Lisp_Marker *) ptr_14(D);
   unchain_marker (ptr_14(D));
-  MEM[(unsigned int *)FFT_ptr_15] = 3735928559;
-  MEM[(unsigned int *)FFT_ptr_15 + 4B] = 3735928559;
   MEM[(unsigned int *)FFT_ptr_15 + 8B] = 3735928559;
   MEM[(unsigned int *)FFT_ptr_15 + 12B] = 3735928559;
   MEM[(unsigned int *)FFT_ptr_15 + 16B] = 3735928559;
   MEM[(unsigned int *)FFT_ptr_15 + 20B] = 3735928559;
   marker_free_list.705_1 = marker_free_list;
   MEM[(struct Lisp_Free *)FFT_ptr_15].chain = marker_free_list.705_1;
   marker_free_list = FFT_ptr_15;
-  MEM[(struct lrecord_header *)FFT_ptr_15].type = 69;
+  MEM[(void *)FFT_ptr_15] = 3735928389;
+  MEM[(unsigned int *)FFT_ptr_15 + 4B] = 3735928559;
   consing_since_gc.706_2 = consing_since_gc;
   consing_since_gc.707_3 = (long unsigned int) consing_since_gc.706_2;
   _4 = consing_since_gc.707_3 + 4294967272;
   _5 = (long int) _4;
   consing_since_gc = _5;
   total_consing.708_6 = total_consing;
   _7 = total_consing.708_6 + 4294967272;
   total_consing = _7;
   profiling_active.709_8 = profiling_active;
   if (profiling_active.709_8 != 0)
     goto <bb 3>; [33.00%]
   else
     goto <bb 4>; [67.00%]
 
   <bb 3> [local count: 472]:
   profile_record_unconsing (24);
   pretmp_40 = consing_since_gc;
 
   <bb 4> [local count: 1429]:
   # prephitmp_31 = PHI <pretmp_40(3), _5(2)>

I suspect later 2 stores:
+  MEM[(void *)FFT_ptr_15] = 3735928389;
+  MEM[(unsigned int *)FFT_ptr_15 + 4B] = 3735928559;

which overwrite:
MEM[(struct Lisp_Free *)FFT_ptr_15].chain = marker_free_list.705_1;

It's probably connected with aliasing analysis that allows store motion after the *.chain store.
Comment 1 Jakub Jelinek 2018-02-21 18:43:44 UTC 
Might very well be a dup of PR84503, let me finish up the patch.
Comment 2 Martin Liška 2018-02-21 18:50:06 UTC 
(In reply to Jakub Jelinek from comment #1)
> Might very well be a dup of PR84503, let me finish up the patch.

I hope so. According to description it looks very similar ;)
Comment 3 Martin Liška 2018-02-21 20:23:30 UTC 
I can confirm https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84503#c3 fixes the issue, thus it's dup.
Great work Jakub!

*** This bug has been marked as a duplicate of bug 84503 ***