------- Comment #21 from rguenth at gcc dot gnu dot org 2007-08-29 15:19
-------
I wonder why D.9380_64, defined as
D.9380_64 = &D.8894_34->_M_use_count;
points to anything and NULL:
D.9380_64, is dereferenced, points-to anything, points-to NULL
where the single dereference site looks like
# ctor_count_403 = VDEF <ctor_count_140>
# ctor_count_404 = VDEF <ctor_count_160>
# dtor_count_405 = VDEF <dtor_count_180>
*D.9380_64 ={v} D.9383_69;
of course because of the constraints:
D.9380_64 = { NULL }
possibly because
# VUSE <SFT.433_337>
D.8894_34 = D.8885._M_refcount._M_pi;
which also
D.8894_34, is dereferenced, its value escapes, points-to anything, points-to
NULL
which is because
D.8885._M_pi = &NULL
but (!?) we have
...
D.7990_3 ={v} operator new (4);
<bb 4>:
D.7950_4 = (struct B *) D.7990_3;
...
# SMT.470_328 = VDEF <SMT.470_325(ab)>
D.7950_4->_vptr.B = &_ZTV1B[2];
...
# SFT.432_331 = VDEF <SFT.432_330(D)>
__ref.80._M_ptr = D.7950_4;
# VUSE <SFT.432_331>
__ref$_M_ptr_14 = __ref.80._M_ptr;
# SFT.425_333 = VDEF <SFT.425_332(D)>
b._M_ptr = __ref$_M_ptr_14;
# VUSE <SFT.425_333>
D.8873_20 = b._M_ptr;
D.8884_21 = (struct A *) D.8873_20;
# SFT.434_335 = VDEF <SFT.434_334(D)>
D.8885._M_ptr = D.8884_21;
so it is at most non-null, because we dereference the pointer.
Note we miss(?) a constraint for D.7990_3 but only have
D.7950_4 = D.7990_3
__ref.80 = D.7950_4
__ref$_M_ptr_14 = __ref.80
b = __ref$_M_ptr_14
D.8873_20 = b
D.8884_21 = D.8873_20
D.8885 = D.8884_21
(and then directly)
D.8885._M_pi = &NULL
shouldn't we have
D.7990_3 = &ANYTHING
?
In find_func_aliases we don't create a constraint for the lhs of a call
at all:
else if (((TREE_CODE (t) == GIMPLE_MODIFY_STMT
&& TREE_CODE (GIMPLE_STMT_OPERAND (t, 1)) == CALL_EXPR
&& !(call_expr_flags (GIMPLE_STMT_OPERAND (t, 1))
& (ECF_MALLOC | ECF_MAY_BE_ALLOCA)))
|| (TREE_CODE (t) == CALL_EXPR
&& !(call_expr_flags (t)
& (ECF_MALLOC | ECF_MAY_BE_ALLOCA)))))
{
if (!in_ipa_mode)
{
if (TREE_CODE (t) == GIMPLE_MODIFY_STMT)
handle_rhs_call (GIMPLE_STMT_OPERAND (t, 1));
else
handle_rhs_call (t);
}
So the following adds this constraint:
Index: tree-ssa-structalias.c
===================================================================
--- tree-ssa-structalias.c (revision 127848)
+++ tree-ssa-structalias.c (working copy)
@@ -3726,7 +3726,23 @@ find_func_aliases (tree origt)
if (!in_ipa_mode)
{
if (TREE_CODE (t) == GIMPLE_MODIFY_STMT)
- handle_rhs_call (GIMPLE_STMT_OPERAND (t, 1));
+ {
+ handle_rhs_call (GIMPLE_STMT_OPERAND (t, 1));
+ if (POINTER_TYPE_P (TREE_TYPE (GIMPLE_STMT_OPERAND (t, 1))))
+ {
+ VEC(ce_s, heap) *lhsc = NULL;
+ struct constraint_expr rhsc;
+ unsigned int j;
+ struct constraint_expr *lhsp;
+ rhsc.var = anything_id;
+ rhsc.offset = 0;
+ rhsc.type = ADDRESSOF;
+ get_constraint_for (GIMPLE_STMT_OPERAND (t, 0), &lhsc);
+ for (j = 0; VEC_iterate (ce_s, lhsc, j, lhsp); j++)
+ process_constraint_1 (new_constraint (*lhsp, rhsc), true);
+ VEC_free (ce_s, heap, lhsc);
+ }
+ }
else
handle_rhs_call (t);
}
but still we end up with
D.8885 = D.8884_21
D.8885._M_pi = &NULL
!?
hm, we have
# SFT.433_314 = VDEF <SFT.433_313(D)>
D.8885._M_refcount._M_pi = 0B;
so that might be ok. The above patch fixes the failure for me, but
this might be pure luck given the fragile aliasing machinery. So, does
the patch look anywhere sane?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33199
