This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/34244] [4.3 Regression] VRP/SCEV miscompiles Firefox
- From: "rakdver at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 27 Nov 2007 17:00:47 -0000
- Subject: [Bug tree-optimization/34244] [4.3 Regression] VRP/SCEV miscompiles Firefox
- References: <bug-34244-10053@http.gcc.gnu.org/bugzilla/>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Comment #5 from rakdver at gcc dot gnu dot org 2007-11-27 17:00 -------
> # of iteration analysis records an assumption that offset_46 >= 0. However,
> this is simplified to true, as the value range of offset_46 is set to [0,0] by
> vrp (which seems to be wrong); so the problem is probably somewhere else in
> vrp.
So the problem is the following: we have a code like
if (something)
offset = 100;
else
offset = -100;
while (offset > 0)
offset--;
if (offset == 0)
launch_nuclear_rockets ();
VRP starts simulating the code, first executing the true branch of the if
(something) condition, getting offset = 100. It then proceeds with the loop,
determining that number of iterations is offset (since we just now believe that
offset==100, this is correct, without any assumptions), thus the final value of
offset is 0 and the nuclear war always starts.
Later, VRP evaluates the false branch of the if (something) condition, setting
the value range of offset to [-100,100], and proceeds to re-evaluate the
effects of the loop. However, scev caches the number of iterations of the
loop, so it is not re-evaluated, and we keep believing that the number of
iterations is always offset.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34244