[Bug tree-optimization/36387] points-to variables not transitively clobbered

["rguenth at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>]

------- Comment #2 from rguenth at gcc dot gnu dot org  2008-05-30 11:38 -------
It shows really that points-to analysis and call-clobber analysis cannot be
done separately.  We try to "connect" them at a single point, in handle_rhs
call where we add constraints from anything to dereferenced pointer arguments.

But this is obviously not enough as we are not transitively closing the
points-to
solution.

extern void abort (void);
int j;
void __attribute__((noinline))
bar (int ***q)
{
  j = 1;
  **q = &j;
}
int main()
{
  int i;
  int *p = &i;
  int **q = &p;
  int ***r = &q;
  i = 0;
  bar (r);
  if (*p != 1)
    abort ();
  return 0;
}

while this doesn't abort in its current form, it shows that points-to
analysis thinks that p points to i, which is not true, as it points to j
after the call to bar:

<bb 2>:
  # p_7 = VDEF <p_6(D)>
  p = &i;
  # q_9 = VDEF <q_8(D)>
  q = &p;
  # i_11 = VDEF <i_10(D)>
  i = 0; 
  # i_13 = VDEF <i_11>
  # p_14 = VDEF <p_7>
  # q_15 = VDEF <q_9>
  # SMT.28_16 = VDEF <SMT.28_12(D)>
  bar (&q);
  # VUSE <p_14>
  p.0_2 = p;
  # VUSE <i_13>
  D.1569_3 = *p.0_2;
  if (D.1569_3 != 1)
    goto <bb 3>;
  else
    goto <bb 4>;


Pointed-to sets for pointers in main

p.0_2, name memory tag: NMT.29, is dereferenced, points-to vars: { i }


if we would do a pointer-equivalence test here and use PTA for its
disambiguation things would go wrong.  The lame hack in handle_rhs_call
only saves us for double-indirection (and only because &q is invariant
and substituted in the call argument).

Now - I'd really like to hear what the "theory" says to this (handling of
escape points).  I guess they simply only handle IPA-PTA for whole-programs,
thus the "academic" case.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36387