https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109945
--- Comment #15 from rguenther at suse dot de <rguenther at suse dot de> --- On Wed, 24 May 2023, jakub at gcc dot gnu.org wrote: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109945 > > --- Comment #14 from Jakub Jelinek <jakub at gcc dot gnu.org> --- > (In reply to Richard Biener from comment #13) > > with the former for -m64 and the latter for -m32 only seems to be the > > only fallout here. > > It will penalize C and other languages without mandatory NRV in the FEs, > without that I think the address can't escape (taking address then would > either > prevent tree-nrv.cc or > even if not, would be still considered taking address of a local variable). > Perhaps we could remember in some FUNCTION_DECL bit whether mandatory NRV was > done and > least for the cases where we know the callee, we know it hasn't done NRV and > !TREE_ADDRESSABLE (TREE_TYPE (gimple_call_lhs (stmt)))) we could avoid this. > But perhaps it is an overkill. Well, but then the gimplifier doesn't look at the functions implementation but decides based on the call alone. It does have else if (TREE_CODE (*to_p) != SSA_NAME && (!is_gimple_variable (*to_p) || needs_to_live_in_memory (*to_p))) /* Don't use the original target if it's already addressable; if its address escapes, and the called function uses the NRV optimization, a conforming program could see *to_p change before the called function returns; see c++/19317. When optimizing, the return_slot pass marks more functions as safe after we have escape info. */ use_target = false; but as we've seen TREE_ADDRESSABLE is not consistently set on the LHS even when it's eventually passed by reference to the call (aka aggregate_value_p is true). It also seems that the gimplifier will apply RSO when the call is in a INIT_EXPR. Note the C frontend shows the same non-escaping when massaging the testcase to typedef struct { int i; int a[4]; } Widget; Widget *global; Widget make2() { Widget w; w.i = 1; global = &w; return w; } void g() { global->i = 42; } int main() { Widget w = make2(); int i = w.i; g(); return (i == w.i); // Does this need to be reloaded and // compared? or is it obviously true? } then we get int main () { int w$i; int i; struct Widget w; int _1; _Bool _2; int _7; <bb 2> : w = make2 (); [return slot optimization] w$i_9 = w.i; i_5 = w$i_9; g (); _1 = w$i_9; _2 = _1 == i_5; _7 = (int) _2; w ={v} {CLOBBER(eol)}; return _7; } and w not escaped (but it doesn't seem to miscompile then). Of course the testcase relies on RSO to be valid in the first place, C doesn't make any guarantees here and I'm unsure whether C++ guarantees that for any of the testcases. As soon as there's a copy involved the testcases invoke undefined behavior.