[Bug tree-optimization/90949] [9/10 Regression] null pointer check removed

Thu Jun 20 17:55:00 GMT 2019

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90949

Jeffrey A. Law <law at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at gcc dot gnu.org      |law at redhat dot com

--- Comment #2 from Jeffrey A. Law <law at redhat dot com> ---
OK.  I see what's happening here.  At the end of SRA we have the following key
block:

;;   basic block 7, loop depth 0
;;    pred:       4
;;                3
  # module_12 = PHI <_14(4), module_16(D)(3)>
  # cleanup_19 = PHI <cleanup_10(4), cleanup_13(D)(3)>
  _17 = module_12->child;
  walk (_17, cleanup_19);
  free (module_12);
  goto <bb 6>; [100.00%]
;;    succ:       6

DOM fires up and is going to correctly determine the edge 4->7 is not
executable.  DOM (via evrp analysis) is also going to know that module_16 _in
this context_ must have a non-null value.  The combination of those two factors
will mean that module_12 always has a non-null value.

DOM completes and we're left with that block looking like:

;;   basic block 6, loop depth 0
;;    pred:       3
  # module_12 = PHI <module_16(D)(3)>
  # cleanup_19 = PHI <cleanup_13(D)(3)>
  _17 = module_16(D)->child;
  walk (_17, cleanup_13(D));
  free (module_16(D));
  goto <bb 5>; [100.00%]
;;    succ:       5

Now copyprop comes along.  The degenerate PHI is just a copy so it's going to
want to propagate it away.  module_12 is a copy of module_16.  We have no PTA
information for module_16, but we do have PTA information for module_12.   The
copy propagator will copy the PTA information from module_12 to module_16,
including the nonnull state (which remember was _context dependent_).

So PTA now says that module_16 must be non-null and a subsequent pass deletes
this test at the start of the function:

;;   basic block 6, loop depth 0
;;    pred:       3
  # module_12 = PHI <module_16(D)(3)>
  # cleanup_19 = PHI <cleanup_13(D)(3)>
  _17 = module_16(D)->child;
  walk (_17, cleanup_13(D));
  free (module_16(D));
  goto <bb 5>; [100.00%]
;;    succ:       5

And we lose, badly.

The copy propagator is already aware that it has to be careful with context
sensitive information getting copied over like this (alignment info), but it
didn't have a case for non-null status which is also context sensitive.  A fix
is in testing now.

And all that explains why the referenced change is the trigger.  Prior to that
change we used a specialized copy propagator which didn't try to copy the PTA
information.  After the change we use the standard copy propagator which copies
the PTA information.