[Bug middle-end/55555] [4.8 Regression] miscompilation at -O2 (tree-pre?)

Sun, 02 Dec 2012 03:04:19 -0800 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55555



--- Comment #6 from Jan Hubicka <hubicka at ucw dot cz> 2012-12-02 11:03:53 UTC 
---

> I'm pretty sure there are no out-of-bounds. In particular coef_x is easy to

> check, it is only used as coef_x(:,lxp) where lxp is the loop bound 0..lp

> consistent with its def. Of course maybe the FE does something inconsistent ?

> 

> Also this runs fine:

> 

> fortran -O0 -fsanitize=address PR55555.f90 ; ./a.out



Hmm,  I saw similar weird cases generated by the frontend. coef_x is array of 8

elements



  real(kind=8) coef_x[8];



in loop analyzis we do:



Induction variable (integer(kind=8)) 4 + 4 * iteration does not wrap in

statement pretmp_516 = coef_x[pretmp_515];

 in loop 4.

Statement pretmp_516 = coef_x[pretmp_515];

 is executed at most 0 (bounded by 0) + 1 times in loop 4.





This is true, pretmp_512 would be 8 at the second iteration of the loop.



later we conclude

Loop 4 iterates 1 times.

Loop 4 iterates at most 1 times.



 BB: 9, after_exit: 0

  size:   0 # DEBUG lxp => lxp_4

  size:   0 _137 = (integer(kind=8)) lxp_4;

  size:   1 _140 = _137 + pretmp_508;

  size:   1 _142 = *pol_x_141(D)[_140];

  size:   1 _143 = _137 * 4;

  size:   1 _144 = _143 + -1;

 BB: 10, after_exit: 0

  size:   1 _146 = S.25_279 + _144;

  size:   1 _150 = _142 * prephitmp_520;

  size:   1 _151 = _150 + prephitmp_517;

  size:   1 coef_x[_146] = _151;

  size:   1 S.25_153 = S.25_279 + 1;

  size:   1 ivtmp_162 = ivtmp_91 - 1;

  size:   2 if (ivtmp_162 == 0)

        goto bb12 or bb11

 BB: 11, after_exit: 0

  size:   1 pretmp_515 = _144 + S.25_153;

  size:   1 pretmp_516 = coef_x[pretmp_515];

  size:   1 pretmp_518 = S.25_153 + -1;

  size:   1 pretmp_519 = s[pretmp_518];

 BB: 12, after_exit: 0

  size:   0 # DEBUG lxp => lxp_4 + 1

  size:   1 ivtmp_109 = ivtmp_163 - 1;

  size:   2 if (ivtmp_109 == 0)

        goto bb 13 or exit

 BB: 13, after_exit: 1

  size:   1 lxp_154 = lxp_4 + 1;

  size:   0 pretmp_506 = (integer(kind=8)) lxp_154;

  size:   1 pretmp_509 = pretmp_506 * 4;

  size:   1 pretmp_510 = pretmp_509 + -1;

  size:   1 pretmp_512 = pretmp_510 + 1;

  size:   1 pretmp_513 = coef_x[pretmp_512];



Unrolled loop 4 completely (duplicated 1 times).

Exit condition of peeled iterations was eliminated.

Last iteration exit edge was proved true.



So the curious statements are in bb11.  Adding unreachable calls makes CSE to

eventually

turn condition in the second copy of BB10 to always just to BB 12 that seem all

right

to me.

Perhaps cascaded unrolling confuse some of the exits...



Honza

Reply via email to