[PATCH] Fix ICE due to cross-jumping (PR rtl-optimization/88470)

Thu Dec 13 22:53:00 GMT 2018

Hi!

The following testcase ICEs, because we have an indirect jump with
a single (fake) successor edge to EXIT, one reachable from the body
of the function after prologue and another one reachable from before the
prologue (due to shrink-wrapping).

The patch fixes this by disallowing crossjumping of basic blocks ending in
such indirect jumps with no (non-fake) successors.

That condition hits on the following testcases (never during bootstrap):
gcc/testsuite/gcc.c-torture/compile/20050122-2.c
gcc/testsuite/gcc.c-torture/execute/920428-2.c
gcc/testsuite/gcc.c-torture/execute/pr24135.c
gcc/testsuite/gcc.dg/pr49994-1.c
gcc/testsuite/gcc.dg/pr79494.c
gcc/testsuite/gcc.dg/torture/stackalign/nested-4.c
gcc/testsuite/gcc.dg/torture/stackalign/non-local-goto-3.c
gcc/testsuite/gcc.dg/torture/stackalign/non-local-goto-5.c
gcc/testsuite/gcc.target/i386/pr88470.c
libgomp/testsuite/libgomp.c/pr81687-2.c
where in most of them it is a non-local jump ending the bb; in a few of
those testcases there is a crossjumping possibility, but it seems it
is actually already handled during PRE (e.g. on pr24135.c).

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2018-12-13  Jakub Jelinek  <jakub@redhat.com>

	PR rtl-optimization/88470
	* cfgcleanup.c (outgoing_edges_match): If the function is
	shrink-wrapped and bb1 ends with a JUMP_INSN with a single fake
	edge to EXIT, return false.

	* gcc.target/i386/pr88470.c: New test.

--- gcc/cfgcleanup.c.jj	2018-12-03 11:14:52.449764174 +0100
+++ gcc/cfgcleanup.c	2018-12-13 10:19:40.453539925 +0100
@@ -1592,10 +1592,13 @@ outgoing_edges_match (int mode, basic_bl
   if (crtl->shrink_wrapped
       && single_succ_p (bb1)
       && single_succ (bb1) == EXIT_BLOCK_PTR_FOR_FN (cfun)
-      && !JUMP_P (BB_END (bb1))
+      && (!JUMP_P (BB_END (bb1))
+	  /* Punt if the only successor is a fake edge to exit, the jump
+	     must be some weird one.  */
+	  || (single_succ_edge (bb1)->flags & EDGE_FAKE) != 0)
       && !(CALL_P (BB_END (bb1)) && SIBLING_CALL_P (BB_END (bb1))))
     return false;
-  
+
   /* If BB1 has only one successor, we may be looking at either an
      unconditional jump, or a fake edge to exit.  */
   if (single_succ_p (bb1)
--- gcc/testsuite/gcc.target/i386/pr88470.c.jj	2018-12-13 10:11:39.144381178 +0100
+++ gcc/testsuite/gcc.target/i386/pr88470.c	2018-12-13 10:10:04.610921517 +0100
@@ -0,0 +1,16 @@
+/* PR rtl-optimization/88470 */
+/* { dg-do compile } */
+/* { dg-options "-O2 -maccumulate-outgoing-args -ftrapv -fno-ivopts -fno-reorder-blocks-and-partition" } */
+
+void
+foo (long x, long *y)
+{
+  long *a = y - 64, i;
+  for (i = 0; i < x; i++)
+    {
+      long v = y[i];
+      *a++ = v;
+    }
+  register void **c __asm__ ("di");
+  goto **c;
+}

	Jakub

