[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #8 from rguenther at suse dot de 2009-02-04 09:35 --- Subject: Re: PTA constraint processing for *x = y is wrong On Wed, 4 Feb 2009, dberlin at dberlin dot org wrote: --- Comment #7 from dberlin at gcc dot gnu dot org 2009-02-04 00:29 --- Subject: Re: PTA constraint processing for *x = y is wrong On Tue, Feb 3, 2009 at 9:24 AM, rguenther at suse dot de gcc-bugzi...@gcc.gnu.org wrote: --- Comment #6 from rguenther at suse dot de 2009-02-03 14:24 --- Subject: Re: PTA constraint processing for *x = y is wrong On Tue, 3 Feb 2009, dberlin at dberlin dot org wrote: Subject: Re: PTA constraint processing for *x = y is wrong There used to be a *ANYTHING = ANYTHING constraint + ANYTHING containing all the variables pointing to ANYTHING that would have taken care of this. You certainly don't want to dynamically add all variables at solving time yourself, since that can't be optimized. This is the reason it works for ESCAPED, there we have an *ESCAPED = ESCAPED constraint. It doesn't work for CALLUSED though, I have a simple fix (CALLUSED is not big usually, so just not using it as a placeholder fixes the issue here). For the ANYTHING problem I have just dealt with it in do_ds_constraint (I'll post an updated patch soon after testing finished). My onl concern is practicality. The last time I did this solely at solving time it was ridiculously slow on large cases, since the solver is much better at difference propagation. Do you remember what testcase(s) this was? I can certainly time removing the shortcutting against handling *ANYTHING (and I'll try to come up with a testcase that is not fixed with just removing the shortcutting). Richard. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #9 from rguenth at gcc dot gnu dot org 2009-02-04 12:16 ---
Testcase that is not fixed with removing the short-cutting:
int i;
long __attribute__((noinline,const)) bar(int ***p) { return (long)p; }
void __attribute__((noinline))
foo(void)
{
int *y;
int **a = y, **x;
int ***p;
long b;
b = bar(a);
p = (int ***)b;
x = *p;
*x = i;
*y = 0;
}
extern void abort (void);
int main()
{
i = 1;
foo ();
if (i != 0)
abort ();
return 0;
}
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #10 from rguenth at gcc dot gnu dot org 2009-02-04 12:26
---
This one fails on trunk (where we fall back to anything for empty points-to
sets, so just add some unrelated j and the vops are wrong):
int i;
long __attribute__((noinline,const)) bar(int ***p) { return (long)p; }
void __attribute__((noinline))
foo(void)
{
int j;
int *y = j;
int **a = y, **x;
int ***p;
long b;
b = bar(a);
p = (int ***)b;
x = *p;
*x = i;
*y = 0;
}
extern void abort (void);
int main()
{
i = 1;
foo ();
if (i != 0)
abort ();
return 0;
}
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #11 from rguenth at gcc dot gnu dot org 2009-02-04 12:31
---
This one fails also on the branches that have PTA.
int i;
long __attribute__((noinline,const)) bar(int ***p) { return (long)p; }
extern void abort (void);
int main()
{
int j;
int *y = j;
int **a = y, **x;
int ***p;
long b;
b = bar(a);
p = (int ***)b;
x = *p;
*x = i;
i = 1;
*y = 0;
if (i != 0)
abort ();
return 0;
}
--
rguenth at gcc dot gnu dot org changed:
What|Removed |Added
Known to fail||4.1.3 4.2.4 4.3.3 4.4.0
Known to work||4.0.4
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #4 from rguenth at gcc dot gnu dot org 2009-02-03 09:17 ---
Yes, but as the store to y is via *x and x points to { ANYTHING } (via the
non-pointer (int ***)q) only (as x already includes ANYTHING we do not add
a for the second constraint), so for *x = i we fail to add a to y.
For reference, here are the constraints:
a = y
p_4 = ANYTHING
p_1 = p_4
p_1 = a
x_6 = *p_1
derefaddrtmp.9 = i
*x_6 = derefaddrtmp.9
y.0_7 = y
and the solutions:
a = { y }
y = same as y.0_7
p_4 = { ANYTHING }
p_1 = { ANYTHING a }
x_6 = { ANYTHING }
i = { }
derefaddrtmp.9 = { i }
y.0_7 = { }
while correct would be if everything would point to at least i (through
the effective *ANYTHING = i constraint)
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #6 from rguenther at suse dot de 2009-02-03 14:24 --- Subject: Re: PTA constraint processing for *x = y is wrong On Tue, 3 Feb 2009, dberlin at dberlin dot org wrote: Subject: Re: PTA constraint processing for *x = y is wrong There used to be a *ANYTHING = ANYTHING constraint + ANYTHING containing all the variables pointing to ANYTHING that would have taken care of this. You certainly don't want to dynamically add all variables at solving time yourself, since that can't be optimized. This is the reason it works for ESCAPED, there we have an *ESCAPED = ESCAPED constraint. It doesn't work for CALLUSED though, I have a simple fix (CALLUSED is not big usually, so just not using it as a placeholder fixes the issue here). For the ANYTHING problem I have just dealt with it in do_ds_constraint (I'll post an updated patch soon after testing finished). Richard. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #5 from dberlin at gcc dot gnu dot org 2009-02-03 14:16 ---
Subject: Re: PTA constraint processing for *x =
y is wrong
There used to be a *ANYTHING = ANYTHING constraint + ANYTHING
containing all the variables pointing to ANYTHING that would have
taken care of this.
You certainly don't want to dynamically add all variables at solving
time yourself, since that can't be optimized.
On Tue, Feb 3, 2009 at 4:17 AM, rguenth at gcc dot gnu dot org
gcc-bugzi...@gcc.gnu.org wrote:
--- Comment #4 from rguenth at gcc dot gnu dot org 2009-02-03 09:17
---
Yes, but as the store to y is via *x and x points to { ANYTHING } (via the
non-pointer (int ***)q) only (as x already includes ANYTHING we do not add
a for the second constraint), so for *x = i we fail to add a to y.
For reference, here are the constraints:
a = y
p_4 = ANYTHING
p_1 = p_4
p_1 = a
x_6 = *p_1
derefaddrtmp.9 = i
*x_6 = derefaddrtmp.9
y.0_7 = y
and the solutions:
a = { y }
y = same as y.0_7
p_4 = { ANYTHING }
p_1 = { ANYTHING a }
x_6 = { ANYTHING }
i = { }
derefaddrtmp.9 = { i }
y.0_7 = { }
while correct would be if everything would point to at least i (through
the effective *ANYTHING = i constraint)
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
--- You are receiving this mail because: ---
You are on the CC list for the bug, or are watching someone who is.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #7 from dberlin at gcc dot gnu dot org 2009-02-04 00:29 --- Subject: Re: PTA constraint processing for *x = y is wrong On Tue, Feb 3, 2009 at 9:24 AM, rguenther at suse dot de gcc-bugzi...@gcc.gnu.org wrote: --- Comment #6 from rguenther at suse dot de 2009-02-03 14:24 --- Subject: Re: PTA constraint processing for *x = y is wrong On Tue, 3 Feb 2009, dberlin at dberlin dot org wrote: Subject: Re: PTA constraint processing for *x = y is wrong There used to be a *ANYTHING = ANYTHING constraint + ANYTHING containing all the variables pointing to ANYTHING that would have taken care of this. You certainly don't want to dynamically add all variables at solving time yourself, since that can't be optimized. This is the reason it works for ESCAPED, there we have an *ESCAPED = ESCAPED constraint. It doesn't work for CALLUSED though, I have a simple fix (CALLUSED is not big usually, so just not using it as a placeholder fixes the issue here). For the ANYTHING problem I have just dealt with it in do_ds_constraint (I'll post an updated patch soon after testing finished). My onl concern is practicality. The last time I did this solely at solving time it was ridiculously slow on large cases, since the solver is much better at difference propagation. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #3 from dberlin at gcc dot gnu dot org 2009-02-02 19:42 --- Eyeballing this, I think y should not end up empty anyway. Shouldn't it have i in it's points-to set? -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #1 from rguenth at gcc dot gnu dot org 2009-02-02 14:03 ---
We could for example warn for
/* { dg-do compile } */
/* { dg-options -O -Wuninitialized } */
int i;
int __attribute((const,noinline))
foo (int **p)
{
return i;
}
int bar(int *q)
{
int *p;
*q = 0;
int j = foo(p);
return *p + j; /* { dg-warning dereferencing uninitialized } */
}
--
rguenth at gcc dot gnu dot org changed:
What|Removed |Added
AssignedTo|unassigned at gcc dot gnu |rguenth at gcc dot gnu dot
|dot org |org
Status|UNCONFIRMED |ASSIGNED
Ever Confirmed|0 |1
Last reconfirmed|-00-00 00:00:00 |2009-02-02 14:03:04
date||
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
[Bug tree-optimization/39074] PTA constraint processing for *x = y is wrong
--- Comment #2 from rguenth at gcc dot gnu dot org 2009-02-02 14:07 --- Created an attachment (id=17227) -- (http://gcc.gnu.org/bugzilla/attachment.cgi?id=17227action=view) patch to warn about uninitialized pointer dereferences This patch causes a warning for both testcases, the program and the PTA bug. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39074
