http://gcc.gnu.org/bugzilla/show_bug.cgi?id=61047
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |law at redhat dot com
--- Comment #2 from Jeffrey A. Law <law at redhat dot com> ---
Prior to .ce3 we have:
(code_label 46 20 22 4 6 "" [1 uses])
(note 22 46 24 4 [bb 4] NOTE_INSN_BASIC_BLOCK)
(insn 24 22 25 4 (set (reg:CCZ 17 flags)
(compare:CCZ (reg:HI 0 ax [orig:97 ivtmp.14 ] [97])
(const_int 2837 [0xb15]))) j.c:12 6 {*cmphi_1}
(nil))
(jump_insn 25 24 26 4 (set (pc)
(if_then_else (ne (reg:CCZ 17 flags)
(const_int 0 [0]))
(label_ref 31)
(pc))) j.c:12 596 {*jcc_1}
(expr_list:REG_DEAD (reg:CCZ 17 flags)
(int_list:REG_BR_PROB 7200 (nil)))
-> 31)
;; succ: 5 [28.0%] (FALLTHRU)
;; 6 [72.0%]
;; lr out 0 [ax] 1 [dx] 4 [si] 7 [sp]
;; basic block 5, loop depth 0, count 0, freq 1008, maybe hot
;; prev block 4, next block 6, flags: (REACHABLE, RTL, MODIFIED)
;; pred: 4 [28.0%] (FALLTHRU)
;; bb 5 artificial_defs: { }
;; bb 5 artificial_uses: { u-1(7){ }}
;; lr in 0 [ax] 1 [dx] 4 [si] 7 [sp]
;; lr use 7 [sp]
;; lr def 2 [cx]
(note 26 25 28 5 [bb 5] NOTE_INSN_BASIC_BLOCK)
(insn 28 26 73 5 (set (reg:SI 2 cx [orig:90 D.1786 ] [90])
(mem/c:SI (plus:DI (reg/f:DI 7 sp)
(const_int 11324 [0x2c3c])) [0 S4 A32])) j.c:13 90
{*movsi_internal}
(nil))
(jump_insn 73 28 74 5 (set (pc)
(label_ref 43)) 636 {jump}
(nil)
-> 43)
Note how the load at insn 28 is guarded by comparing ax against #2837. CE3
transforms that into an unconditional load and we blow up reading the
out-of-range stack slot.
This isn't a threading issue, but a latent bug in CE as far as I can tell.
