[Bug middle-end/66375] [4.8/4.9/5 Regression] wrong code at -O2 and -O3 on x86_64-linux-gnu

Tue, 02 Jun 2015 03:31:51 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66375

--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
Hum.

  <bb 5>:
  # prephitmp_22 = PHI <0(4), c.2_15(10)>
...
  e_12 = (char) prephitmp_22;
  _13 = (int) e_12;
...
  c.2_15 = _13 + -11;

Simulating statement (from ssa_edges): prephitmp_22 = PHI <0(4), c.2_15(10)>

Visiting PHI node: prephitmp_22 = PHI <0(4), c.2_15(10)>
    Argument #0 (4 -> 5 executable)
        0: [0, 0]
    Argument #1 (10 -> 5 executable)
        c.2_15: [-22, -11]
Meeting
  [0, 0]
and
  [-22, -11]
to
  [-22, 0]
...
Found new range for prephitmp_22: [-2147483647, 0]

...

Visiting statement:
_13 = (int) e_12;
Intersecting
  [-128, 127]
and
  [-128, 127]
to
  [-128, 127]
Found new range for _13: [-128, 127]
marking stmt to be not simulated again

Simulating statement (from ssa_edges): c.2_15 = _13 + -11;

Visiting statement:
c.2_15 = _13 + -11;
Found new range for c.2_15: [-139, 116]
marking stmt to be not simulated again

Simulating statement (from ssa_edges): prephitmp_22 = PHI <0(4), c.2_15(10)>

Visiting PHI node: prephitmp_22 = PHI <0(4), c.2_15(10)>
    Argument #0 (4 -> 5 executable)
        0: [0, 0]
    Argument #1 (10 -> 5 executable)
        c.2_15: [-139, 116]
Meeting
  [0, 0]
and
  [-139, 116]
to
  [-139, 116]
marking stmt to be not simulated again

(note no "Found new range for prephitmp_22" here!)

Value ranges after VRP:

prephitmp_22: [-2147483647, 0]

oops.

This seems to be because we drop to [-2147483647, 2147483646] but then
adjust_range_with_scev computes {0, +, -11}_1 for _22  which is obviously
wrong.

It looks like the CHREC gets built from

static t_bool
follow_ssa_edge_binary (struct loop *loop, gimple at_stmt,
                        tree type, tree rhs0, enum tree_code code, tree rhs1,
                        gphi *halting_phi, tree *evolution_of_loop,
                        int limit)
{
...
  switch (code)
    {
    case POINTER_PLUS_EXPR:
    case PLUS_EXPR:
      if (TREE_CODE (rhs0) == SSA_NAME)
        {
          if (TREE_CODE (rhs1) == SSA_NAME)
            {
...
          else
            {
              /* Match an assignment under the form:
                 "a = b + ...".  */
              res = follow_ssa_edge
                (loop, SSA_NAME_DEF_STMT (rhs0), halting_phi,
                 evolution_of_loop, limit);
              if (res == t_true)
                *evolution_of_loop = add_to_evolution
                  (loop->num, chrec_convert (type, *evolution_of_loop,
                                             at_stmt),
                   code, rhs1, at_stmt);

and what goes wrong is follow_ssa_edge skipping the (unsigned char) truncation.

Still digging...

Reply via email to