[Bug target/55212] [SH] Switch to LRA

[kkojima at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55212

--- Comment #192 from Kazumoto Kojima <kkojima at gcc dot gnu.org> ---
Created attachment 58994
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=58994&action=edit
a testcase for a wrong code issue which is preprocessed gcc/pointer-query.cc

I identified a wrong code with -O2 -mlra for gcc/prointer-query.cc which causes
the segfault reported in c#172 and c#185.

On the lines below 

static bool
handle_component_ref (tree cref, gimple *stmt, bool addr, int ostype,
                      access_ref *pref, ssa_name_limit_t &snlim,
                      pointer_query *qry)
{
  gcc_assert (TREE_CODE (cref) == COMPONENT_REF);

  const tree base = TREE_OPERAND (cref, 0);
  const tree field = TREE_OPERAND (cref, 1);
  access_ref base_ref = *pref;

  /* Unconditionally determine the size of the base object (it could
     be smaller than the referenced member when the object is stored
     in a buffer with an insufficient size).  */
  if (!compute_objsize_r (base, stmt, addr, 0, &base_ref, snlim, qry))
    return false;

the last lines are compiled to

.L4909:
        mov.l   .L5394,r7       ! 6818  [c=10 l=2]  movsi_ie/0
        mov     #16,r6  ! 1751  [c=4 l=2]  movsi_ie/2
        mov.w   .L5395,r4       ! 7790  [c=10 l=2]  *movhi/0
        mov     r8,r5   ! 1750  [c=4 l=2]  movsi_ie/1
        mov.l   @(24,r9),r12    ! 1745  [c=1 l=2]  movsi_ie/5
        add     r15,r4  ! 7791  [c=4 l=2]  *addsi3_compact_lra/0
        jsr     @r7     ! 1752  [c=1 l=2]  block_lump_real_i4/0
        mov.l   r4,@(36,r15)    ! 7176  [c=4 l=2]  movsi_ie/8
        mov.l   .L5396,r0       ! 6435  [c=10 l=2]  movsi_ie/0
        mov     #0,r7   ! 1758  [c=4 l=2]  movsi_ie/2
        mov.l   r14,@(4,r15)    ! 1754  [c=4 l=2]  movsi_ie/8
        mov     r13,r6  ! 1759  [c=4 l=2]  movsi_ie/1
        mov.l   r4,@r15 ! 1756  [c=4 l=2]  movsi_ie/8
        mov.l   @(32,r15),r5    ! 1760  [c=1 l=2]  movsi_ie/5
        mov.l   @(40,r15),r4    ! 1761  [c=1 l=2]  movsi_ie/5
        jsr     @r0     ! 1762  [c=5 l=2]  call_valuei
        mov.l   r10,@(8,r15)    ! 1753  [c=4 l=2]  movsi_ie/8
        tst     r0,r0   ! 1766  [c=4 l=2]  cmpeqsi_t/0
        bf/s    .L5907          ! 1767  [c=17 l=2]  *cbranch_t

where .L5394 points __movmem_i4_even and .L5396 points compute_objsize_r.
Before calling __movmem_i4_even which gives a block move base_ref = *pref, the
codes set r4 = &base_ref and r5 = pref.  This r4 is copied on stack @(36,r15)
too.  After calling __movmem_i4_even, the value of r4 is clobbered.
But the above code set this clobbered value to the 5th argument @r15 of
compute_objsize_r which should be &base_ref.
When I pushed "mov.l @(36,r15),r4" just before "mov r13,r6" as an experiment
and used the assembled object as pointer-querry.o in the stage2 cc1, the
segfault during compiling __muldi3 went away.