[Bug ipa/109318] [12/13 Regression] csmith: -fipa-cp seems to cause trouble since r12-2523-g13586172d0b70c
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109318 --- Comment #11 from CVS Commits --- The master branch has been updated by Martin Jambor : https://gcc.gnu.org/g:8e08c7886eed5824bebd0e011526ec302d622844 commit r13-7206-g8e08c7886eed5824bebd0e011526ec302d622844 Author: Martin Jambor Date: Mon Apr 17 12:59:51 2023 +0200 ipa: Fix double reference-count decrements for the same edge (PR 107769, PR 109318) It turns out that since addition of the code that can identify globals which are only read from, the code that keeps track of the references can decrement their count for the same calls, once during IPA-CP and then again during inlining. Fixed by adding a special flag to the pass-through variant and simply wiping out the reference to the refdesc structure from the constant ones. Moreover, during debugging of the issue I have discovered that the code removing references could remove a reference associated with the same statement but of a wrong type. In all cases it wanted to remove an IPA_REF_ADDR reference so removing a lesser one instead should do no harm in practice, but we should try to be consistent and so this patch extends symtab_node::find_reference so that it searches for a reference of a given type only. gcc/ChangeLog: 2023-04-14 Martin Jambor PR ipa/107769 PR ipa/109318 * cgraph.h (symtab_node::find_reference): Add parameter use_type. * ipa-prop.h (ipa_pass_through_data): New flag refdesc_decremented. (ipa_zap_jf_refdesc): New function. (ipa_get_jf_pass_through_refdesc_decremented): Likewise. (ipa_set_jf_pass_through_refdesc_decremented): Likewise. * ipa-cp.cc (ipcp_discover_new_direct_edges): Provide a value for the new parameter of find_reference. (adjust_references_in_caller): Likewise. Make sure the constant jump function is not used to decrement a refdec counter again. Only decrement refdesc counters when the pass_through jump function allows it. Added a detailed dump when decrementing refdesc counters. * ipa-prop.cc (ipa_print_node_jump_functions_for_edge): Dump new flag. (ipa_set_jf_simple_pass_through): Initialize the new flag. (ipa_set_jf_unary_pass_through): Likewise. (ipa_set_jf_arith_pass_through): Likewise. (remove_described_reference): Provide a value for the new parameter of find_reference. (update_jump_functions_after_inlining): Zap refdesc of new jfunc if the previous pass_through had a flag mandating that we do so. (propagate_controlled_uses): Likewise. Only decrement refdesc counters when the pass_through jump function allows it. (ipa_edge_args_sum_t::duplicate): Provide a value for the new parameter of find_reference. (ipa_write_jump_function): Assert the new flag does not have to be streamed. * symtab.cc (symtab_node::find_reference): Add parameter use_type, use it in searching. gcc/testsuite/ChangeLog: 2023-04-06 Martin Jambor PR ipa/107769 PR ipa/109318 * gcc.dg/ipa/pr109318.c: New test. * gcc.dg/lto/pr107769_0.c: Likewise.
[Bug ipa/109318] [12/13 Regression] csmith: -fipa-cp seems to cause trouble since r12-2523-g13586172d0b70c
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109318 --- Comment #10 from Martin Jambor --- The problem is actually slightly different, I have just attached a possible fix to both to PR 107769.
[Bug ipa/109318] [12/13 Regression] csmith: -fipa-cp seems to cause trouble since r12-2523-g13586172d0b70c
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109318 --- Comment #9 from Martin Jambor --- Most likely a duplicate of PR 107769.
[Bug ipa/109318] [12/13 Regression] csmith: -fipa-cp seems to cause trouble since r12-2523-g13586172d0b70c
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109318 Martin Jambor changed: What|Removed |Added Assignee|unassigned at gcc dot gnu.org |jamborm at gcc dot gnu.org Status|NEW |ASSIGNED --- Comment #8 from Martin Jambor --- Mine
[Bug ipa/109318] [12/13 Regression] csmith: -fipa-cp seems to cause trouble since r12-2523-g13586172d0b70c
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109318
--- Comment #7 from Richard Biener ---
With -O2 -fno-early-inlining it can be simplified:
#pragma pack(1)
struct S {
signed : 31;
unsigned f4 : 20;
};
static struct S global;
static struct S func_16(struct S *ptr) { return *ptr; }
int
main()
{
struct S *local =
*local = func_16(local);
return 0;
}
assembly:
main:
.LFB1:
.cfi_startproc
movlglobal(%rip), %eax
movl%eax, -7(%rsp)
movlglobal+3(%rip), %eax
movl%eax, -4(%rsp)
movl-7(%rsp), %edx
movl%edx, -14(%rsp)
movl%eax, -11(%rsp)
movl-14(%rsp), %eax
movl%eax, global(%rip) <--- this faults, global was promoted R/O
xorl%eax, %eax
ret
note the #pragma pack is required to avoid optimizing everything away.
[Bug ipa/109318] [12/13 Regression] csmith: -fipa-cp seems to cause trouble since r12-2523-g13586172d0b70c
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109318 Richard Biener changed: What|Removed |Added Priority|P1 |P2 Known to fail||12.1.0, 12.2.0
[Bug ipa/109318] [12/13 Regression] csmith: -fipa-cp seems to cause trouble since r12-2523-g13586172d0b70c
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109318
Martin Liška changed:
What|Removed |Added
Priority|P3 |P1
Target Milestone|--- |12.3
Keywords|needs-reduction |
Summary|csmith: -fipa-cp seems to |[12/13 Regression] csmith:
|cause trouble since |-fipa-cp seems to cause
|r12-2523-g13586172d0b70c|trouble since
||r12-2523-g13586172d0b70c
--- Comment #6 from Martin Liška ---
Reduced test-case:
$ cat pr109318.c
#pragma pack(1)
struct S {
signed : 31;
unsigned f4 : 20;
};
int tmp, g;
static struct S global;
static struct S func_16(struct S *ptr) {
for (; g > 0; g+= 8)
tmp &= 8;
return *ptr;
}
int
main()
{
struct S *local =
*local = func_16(local);
return 0;
}
$ gcc pr109318.c -O2 && ./a.out
Segmentation fault (core dumped)
