[Bug tree-optimization/103266] New: [12 regression] llvm-13 miscompilation: __builtin_assume_aligned causes over-aggressive dce

Mon, 15 Nov 2021 11:24:12 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103266

            Bug ID: 103266
           Summary: [12 regression] llvm-13 miscompilation:
                    __builtin_assume_aligned causes over-aggressive dce
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: slyfox at gcc dot gnu.org
  Target Milestone: ---

Noticed the bug initially on llvm-13 testsuite failure where 4 new tests fail
when llvm is built with gcc-12:

  Failed Tests (4):
    LLVM :: CodeGen/AArch64/win64-jumptable.ll
    LLVM :: MC/AArch64/seh-packed-unwind.s
    LLVM :: tools/llvm-readobj/COFF/arm64-packed-symbol-name.yaml
    LLVM :: tools/llvm-readobj/COFF/arm64-packed-unwind.s

Here is the minimum reproducer extracted from llvm:

    $ cat llvm-readobj.cpp
    /*
     $ g++-12.0.0 -UBUGGY -O1 -std=c++14 -o a llvm-readobj.cpp && ./a
      # ok
      $ g++-12.0.0 -DBUGGY -O1 -std=c++14 -o a llvm-readobj.cpp && ./a
      Illegal instruction     (core dumped) ./a
    */

    typedef unsigned int u32;
    typedef unsigned char u8;

    static u32 pu8to32(const u8 * p8) __attribute__((noinline));
    static u32 pu8to32(const u8 * p8) {
      u32 v;

    #if BUGGY
      __builtin_memcpy(&v, __builtin_assume_aligned(p8, 1), sizeof(u32));
    #else
      __builtin_memcpy(&v,                          p8,     sizeof(u32));
    #endif

      return v;
    }

    int main(void) {
      // dse1 throws this store away
      u8 d[sizeof(u32)] = {
          0x07, 0x00, 0x00, 0x07,
      };

      if (pu8to32(d) != 0x07000007)
        __builtin_trap();
    }

Running:

$ g++-12.0.0 -UBUGGY -O1 -std=c++14 -o a llvm-readobj.cpp && ./a
# ok
$ g++-12.0.0 -DBUGGY -O1 -std=c++14 -o a llvm-readobj.cpp && ./a
Illegal instruction (core dumped)

It looks like the cause if failure is removed store to 'd':

--- g/a.S       2021-11-15 19:21:26.946265443 +0000
+++ b/a.S       2021-11-15 19:21:18.119173275 +0000
@@ -12,15 +12,14 @@
        .globl  main
        .type   main, @function
 main:
 .LFB1:
        .cfi_startproc
        subq    $16, %rsp
        .cfi_def_cfa_offset 24
-       movl    $117440519, 12(%rsp)
        leaq    12(%rsp), %rdi
        call    _ZL7pu8to32PKh
        cmpl    $117440519, %eax
        jne     .L5
        movl    $0, %eax
        addq    $16, %rsp
        .cfi_remember_state

Store is removed in '040t.dse1'. Could __builtin_assume_aligned() have
problematic escape annotations?

Reply via email to