digitalmars.D.bugs - [Issue 4443] New: Optimizer produces wrong code for statements after loop
- d-bugmail puremagic.com (76/76) Jul 10 2010 http://d.puremagic.com/issues/show_bug.cgi?id=4443
- d-bugmail puremagic.com (35/35) Jul 12 2010 http://d.puremagic.com/issues/show_bug.cgi?id=4443
- d-bugmail puremagic.com (34/34) Jul 12 2010 http://d.puremagic.com/issues/show_bug.cgi?id=4443
- d-bugmail puremagic.com (53/53) Aug 03 2010 http://d.puremagic.com/issues/show_bug.cgi?id=4443
- d-bugmail puremagic.com (16/22) Aug 04 2010 http://d.puremagic.com/issues/show_bug.cgi?id=4443
- d-bugmail puremagic.com (12/12) Aug 05 2010 http://d.puremagic.com/issues/show_bug.cgi?id=4443
- d-bugmail puremagic.com (6/6) Aug 06 2010 http://d.puremagic.com/issues/show_bug.cgi?id=4443
http://d.puremagic.com/issues/show_bug.cgi?id=4443
Summary: Optimizer produces wrong code for statements after
loop
Product: D
Version: D1 & D2
Platform: Other
OS/Version: Windows
Status: NEW
Keywords: wrong-code
Severity: normal
Priority: P2
Component: DMD
AssignedTo: nobody puremagic.com
ReportedBy: r.sagitario gmx.de
PDT ---
The code compiled from this source crashes when compiled with "dmd -O -release
test.d":
module test;
struct TokenInfo
{
// seems important to have a "complicated" struct size (so a calculation is
necessary)
int type;
int StartIndex;
int EndIndex;
}
int GetTokenInfoAt(TokenInfo[] infoArray, int col, ref TokenInfo info)
{
for (int i = 0; i < infoArray.length; i++)
{
int start = infoArray[i].StartIndex;
int end = infoArray[i].EndIndex;
if (i == 0 && start > col)
return -1;
if (col >= start && col < end)
{
info = infoArray[i];
return i;
}
}
if (infoArray.length > 0 && col == infoArray[$-1].EndIndex)
{
info = infoArray[$-1];
return infoArray.length-1;
/* code generated for the 2 statements above:
ov ECX,024h[ESP] // infoArray.ptr
mov EBX,020h[ESP] // infoArray.length
mov EDX,ECX
lea ESI,[ECX*2][ECX] // uses pointer instead of length!!!
mov EAX,EBX
lea ESI,-0Ch[ESI*4][EDX] // crashes here!
mov EDI,014h[ESP]
movsd
movsd
movsd
lea EAX,-1[EBX]
*/
}
return -1;
}
int main()
{
TokenInfo[] arr = new TokenInfo[9];
arr[8].EndIndex = 11;
TokenInfo info;
return GetTokenInfoAt(arr, 11, info);
}
The crash goes away if
- one of the conditions in the loop are removed
- the struct size of TokenInfo is reduced to 8 bytes
- dmd is executed without "-O"
- dmd is executed without "-release"
happens for all dmd version back to 2.032 and also in dmd 1.056
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 10 2010
d-bugmail puremagic.com
http://d.puremagic.com/issues/show_bug.cgi?id=4443
Don <clugdbug yahoo.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |clugdbug yahoo.com.au
Reduced test case. The for loop never runs, and gets optimized away, yet it
still corrupts the code. The struct must be large enough that it doesn't fit in
a register. The bug can be disabled in gloop.c, intronvars(), by commenting out
line 2873, but I'm not yet sure what the root cause is. Probably failing to
copy all of the data into the newly created variable.
---
struct Struct4443
{
int x;
char[5] unused;
}
void foo4443(Struct4443[] arr, Struct4443 *dest)
{
for (int i = 0; false; ) {
int junk = arr[i].x;
}
if (dest || arr[$-1].x) {
*dest = arr[$-1];
}
}
void main()
{
Struct4443[1] a;
Struct4443 info;
foo4443(a, &info);
}
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 12 2010
http://d.puremagic.com/issues/show_bug.cgi?id=4443
Don <clugdbug yahoo.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Optimizer produces wrong |Optimizer produces wrong
|code for statements after |code for || or && with
|loop |struct arrays
Severity|normal |critical
Further reduction shows that it is unrelated to for loops. Seems to require
either || or && in the if statement.
This bug existed in prehistoric times (tested on DMD0.140).
--------------
struct Struct4443
{
int x;
char[5] unused;
}
void foo4443(Struct4443 *dest, Struct4443[] arr)
{
int junk = arr[$-1].x;
if (dest || arr[$-1].x) {
*dest = arr[$-1];
}
}
void main()
{
Struct4443[1] a;
Struct4443 info;
foo4443(&info, a);
}
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jul 12 2010
http://d.puremagic.com/issues/show_bug.cgi?id=4443
Don <clugdbug yahoo.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
This is a really subtle code generation bug. The buggy bit of code is below.
In this section of code, the expression size is one register.
In the bit of code at L13, it checks to see if the addition factor is already
in a register.
In this case, it is, BUT it's actually in a double register: the {ptr, length}
pair is a ulong, and here it's been cast to uint to get the length.
So isregvar() returns BOTH registers in regm.
Then, at the end of this section of code, the register to use is selected with
a call to findreg(). But it just returns "the first register" which is correct
only if there is only one register.
In this patch, I just use the LSW returned from isregvar. It would also be
possible to change isregvar() to only return the LSW in the case where a cast
to smaller type has occured, but I don't know what other code expects from
isregvar.
Not sure if the tysize() check is necessary. Maybe it could just be retregs = 1
<< reg1;
PATCH: cod2.c, cdorth(), line 362. (Does 1<<reg1 work if reg1 is 0?).
L13:
regm_t regm;
if (e11->Eoper == OPvar && isregvar(e11,®m,®1))
{
+ if (tysize[tybasic(e11->Ety)]<= REGSIZE)
+ retregs = 1 << reg1; // Only want the LSW
+ else
retregs = regm;
c1 = NULL;
freenode(e11);
}
else
c1 = codelem(e11,&retregs,FALSE);
}
rretregs = ALLREGS & ~retregs;
c2 = scodelem(ebase,&rretregs,retregs,TRUE);
{
regm_t sregs = *pretregs & ~rretregs;
if (!sregs)
sregs = ALLREGS & ~rretregs;
c3 = allocreg(&sregs,®,ty);
}
+ // BUG: We should ensure there is only register in retregs
reg1 = findreg(retregs);
Also noticed that in cod4.c, cdmsw() line 2838, there's an incorrect comment.
retregs &= mMSW; // want LSW only
This should of course be // want MSW only
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Aug 03 2010
http://d.puremagic.com/issues/show_bug.cgi?id=4443
if (!sregs)
sregs = ALLREGS & ~rretregs;
c3 = allocreg(&sregs,®,ty);
}
+ // BUG: We should ensure there is only register in retregs
reg1 = findreg(retregs);
That should be:
if (!sregs)
sregs = ALLREGS & ~rretregs;
c3 = allocreg(&sregs,®,ty);
}
+ assert( (retregs & (retregs-1)) == 0); // Must be only one
register
reg1 = findreg(retregs);
There are probably contrived cases where this bug could occur in C++ code, but
I don't think it would ever occur in practice.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Aug 04 2010
http://d.puremagic.com/issues/show_bug.cgi?id=4443
Walter Bright <bugzilla digitalmars.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |bugzilla digitalmars.com
Resolution| |FIXED
14:22:53 PDT ---
http://www.dsource.org/projects/dmd/changeset/601
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Aug 05 2010
http://d.puremagic.com/issues/show_bug.cgi?id=4443 *** Issue 3761 has been marked as a duplicate of this issue. *** -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------
Aug 06 2010