https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61964
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |ASSIGNED
Keywords| |wrong-code
Last reconfirmed| |2014-07-31
CC| |tom at codesourcery dot com
Assignee|unassigned at gcc dot gnu.org |rguenth at gcc dot
gnu.org
Ever confirmed|0 |1
Summary|[4.8 regression] krb5 |[4.8/4.9/4.10 regression]
|database propagation enters |krb5 database propagation
|infinite loop; reduced test |enters infinite loop;
|case |reduced test case
Target Milestone|--- |4.8.4
--- Comment #7 from Richard Biener <rguenth at gcc dot gnu.org> ---
(In reply to Anders Kaseorg from comment #4)
> Another bisect between 4.7 and 4.8 shows that the bug appeared with r189321
> (bug 52009).
>
> My test case has triggers the bug in more versions than Kerberos does: as
> far as I can tell, Kerberos was unaffected until r192604.
Thanks - that pin-points it. tail-merging concludes that
<bb 3>:
_11 = n_7->next;
MEM[(struct head *)_10].first = _11;
goto <bb 5>;
and
<bb 4>:
_13 = n_7->next;
_10->next = _13;
are equivalent. But they are not - the stores are performed using
different alias sets.
Note that the actual miscompile happens during RTL instruction scheduling.
In 4.9 and trunk tail-merging is faced with
<bb 3>:
_11 = n_7->next;
MEM[(struct head *)&heads][k.1_8].first = _11;
goto <bb 5>;
<bb 4>:
_13 = n_7->next;
_10->next = _13;
instead but I bet the issue is still there.
So it simply does (on the 4.8 branch):
case GIMPLE_ASSIGN:
lhs1 = gimple_get_lhs (s1);
lhs2 = gimple_get_lhs (s2);
if (TREE_CODE (lhs1) != SSA_NAME
&& TREE_CODE (lhs2) != SSA_NAME)
return (vn_valueize (gimple_vdef (s1))
== vn_valueize (gimple_vdef (s2)));
which shows that we value-number the VDEFs the same.
IMHO VDEF value-numbering is dangerous here.
I have a patch.
