Possible regression in DF analysis

Thu, 08 Dec 2022 02:41:04 -0800 

Hi,

I've stumbled over a potential issue related to Dataflow analysis,
and maybe you can help me with it. It can be reproduced for AARCH64
but other architectures are affected as well.

I have the next snip before CSE1 pass:

(insn 14 11 15 3 (set (reg:CC 66 cc)
        (compare:CC (reg/v:SI 98 [ bytes ])
            (const_int 8 [0x8]))) "bad_cc.c":11:8 406 {cmpsi}
     (nil))
(jump_insn 15 14 16 3 (set (pc)
        (if_then_else (gtu (reg:CC 66 cc)
                (const_int 0 [0]))
            (label_ref 27)
            (pc))) "bad_cc.c":11:8 15 {condjump}
     (int_list:REG_BR_PROB 955630228 (nil))
 -> 27)

(note 16 15 17 4 [bb 4] NOTE_INSN_BASIC_BLOCK)
(insn 17 16 18 4 (set (reg:CC 66 cc)
        (compare:CC (reg/v:SI 98 [ bytes ])
            (const_int 8 [0x8]))) "bad_cc.c":12:10 406 {cmpsi}
     (nil))
(jump_insn 18 17 19 4 (set (pc)
        (if_then_else (eq (reg:CC 66 cc)
                (const_int 0 [0]))
            (label_ref:DI 34)
            (pc))) "bad_cc.c":12:10 15 {condjump}
     (int_list:REG_BR_PROB 365072228 (nil))
 -> 34)

The CSE1 optimizes the second comparison (i.e., INSN 17) as it is similar with
the one from INSN 14.

However, after this optimization I get the CC reg being dead after
JUMP_INSN 15, which may lead to wrong code gen. Here it is the dump
from fwprop1:

(insn 14 11 15 3 (set (reg:CC 66 cc)
        (compare:CC (reg/v:SI 98 [ bytes ])
            (const_int 8 [0x8]))) "bad_cc.c":11:8 406 {cmpsi}
     (nil))
(jump_insn 15 14 16 3 (set (pc)
        (if_then_else (gtu (reg:CC 66 cc)
                (const_int 0 [0]))
            (label_ref 27)
            (pc))) "bad_cc.c":11:8 15 {condjump}
     (expr_list:REG_DEAD (reg:CC 66 cc)
        (int_list:REG_BR_PROB 955630228 (nil)))
 -> 27)
(note 16 15 18 4 [bb 4] NOTE_INSN_BASIC_BLOCK)
(jump_insn 18 16 19 4 (set (pc)
        (if_then_else (eq (reg:CC 66 cc)
                (const_int 0 [0]))
            (label_ref:DI 34)
            (pc))) "bad_cc.c":12:10 15 {condjump}
     (expr_list:REG_DEAD (reg:CC 66 cc)
        (int_list:REG_BR_PROB 365072228 (nil)))
 -> 34)

Please observe the REG_DEAD note on the both jump instructions.

I see this behaviour in GCC 12.2.1 release for AARCH64, but I cannot
see it for GCC 10.x

A test code snip is attached, and it needs to be compiled with aarch64
backend using -Os option.

typedef unsigned int uint32_t;
typedef unsigned char uint8_t;

void foo (uint32_t *src, uint8_t *c, uint32_t bytes)
{
  uint8_t *ctarget;

  for (;;) {
    c[0] = src[0] & 0xff;

    if (bytes <= 8) {
      if (bytes < 8) {
	 ctarget[4] = c[4];
      }
      return;
    }

    bytes -= 8;
    c += 8;
  }
}

Reply via email to