[Bug middle-end/105874] New: [13 Regression] Incorrect codegen and ICE since g:ed6fd2aed58f2cca99f15331bf68999c0e6df370

Tue, 07 Jun 2022 07:45:49 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105874

            Bug ID: 105874
           Summary: [13 Regression] Incorrect codegen and ICE since
                    g:ed6fd2aed58f2cca99f15331bf68999c0e6df370
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Keywords: ice-on-valid-code, wrong-code
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: tnfchris at gcc dot gnu.org
                CC: sayle at gcc dot gnu.org
  Target Milestone: ---
            Target: aarch64*

In SPECCPU 2017 Leela no longer terminates since
g:ed6fd2aed58f2cca99f15331bf68999c0e6df370

Looking at the differences in the code, there seems to be a lot of additional
useless calculation around functions such as _ZN9FastBoard6is_eyeEii

Filtering through them it looks like the change is causing loads from
uninitialize d stack space.

Before the change the code generated

```
_ZN9FastBoard6is_eyeEii:
adrp    x3, <<diffable>>
mov     x4, #0x1ba4                     // #7076
add     x4, x0, x4
add     x3, x3, #0xb20
ldrh    w4, [x4, w2, sxtw #1]
ldr     w3, [x3, w1, sxtw #2]
tst     w4, w3
```

So it loaded from a fixed anchor into rdata.  After the change

```
_ZN9FastBoard6is_eyeEii:
sub     sp, sp, #0x20
mov     x4, #0x1ba4
add     x5, x0, x4
add     x4, sp, #0x8
ldrh    w5, [x5, w2, sxtw #1]
ldr     w4, [x4, w1, sxtw #2]
tst     w5, w4
```

So it allocated 32 bytes of stack and then decides to load from uninitialized
space at sp+0x8.

I tried to create a minimal reproducer but the compiler ICEs as you get close.
e.g. even the example from the ticket PR95126

struct small{ short a,b; signed char c; };
extern int func(struct small X);
void call_func(void)
{
    static struct small const s = { 1, 2, 0 };
    func(s);
}

ICEs at -O2 with:

during RTL pass: expand
../borked.c: In function 'call_func':
../borked.c:6:5: internal compiler error: in emit_move_insn, at expr.cc:4011
    6 |     func(s);
      |     ^~~~~~~
0x909253 emit_move_insn(rtx_def*, rtx_def*)
        /ci/work/5c94c4ced6ebfcd0/gcc/expr.cc:4011
0x7eda3f load_register_parameters
        /ci/work/5c94c4ced6ebfcd0/gcc/calls.cc:2192
0x7f2183 expand_call(tree_node*, rtx_def*, int)
        /ci/work/5c94c4ced6ebfcd0/gcc/calls.cc:3593
0x905ccb expand_expr_real_1(tree_node*, rtx_def*, machine_mode,
expand_modifier, rtx_def**, bool)
        /ci/work/5c94c4ced6ebfcd0/gcc/expr.cc:11621
0x8057e3 expand_expr
        /ci/work/5c94c4ced6ebfcd0/gcc/expr.h:301
0x8057e3 expand_call_stmt
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:2831
0x8057e3 expand_gimple_stmt_1
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:3869
0x8057e3 expand_gimple_stmt
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:4033
0x80a44b expand_gimple_tailcall
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:4079
0x80a44b expand_gimple_basic_block
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:6059
0x80cbbf execute
        /ci/work/5c94c4ced6ebfcd0/gcc/cfgexpand.cc:6811

So I can't really reduce it at this point.

Reply via email to