expand: Fix handling of asm goto outputs vs. PHI argument adjustments [PR113921]

The Linux kernel and the following testcase distilled from it is miscompiled, because tree-outof-ssa.cc (eliminate_phi) emits some fixups on some of the edges (but doesn't commit edge insertions). Later expand_asm_stmt emits further instructions on the same edge. Now the problem is that expand_asm_stmt uses insert_insn_on_edge to add its own fixups, but that function appends to the existing sequence on the edge if any. And the bug triggers when the fixup sequence emitted by eliminate_phi uses a pseudo which the fixup sequence emitted by expand_asm_stmt later on sets. So, we end up with (set (reg A) (asm_operands ...)) and on one of the edges queued sequence (set (reg C) (reg B)) // added by eliminate_phi (set (reg B) (reg A)) // added by expand_asm_stmt That is wrong, what we emit by expand_asm_stmt needs to be as close to the asm_operands as possible (they aren't known until expand_asm_stmt is called, the PHI fixup code assumes it is reg B which holds the right value) and the PHI adjustments need to be done after it. So, the following patch introduces a prepend_insn_to_edge function and uses it from expand_asm_stmt, so that we queue (set (reg B) (reg A)) // added by expand_asm_stmt (set (reg C) (reg B)) // added by eliminate_phi instead and so the value from the asm_operands output propagates correctly to the PHI result. 2024-02-15 Jakub Jelinek <jakub@redhat.com> PR middle-end/113921 * cfgrtl.h (prepend_insn_to_edge): New declaration. * cfgrtl.cc (insert_insn_on_edge): Clarify behavior in function comment. (prepend_insn_to_edge): New function. * cfgexpand.cc (expand_asm_stmt): Use prepend_insn_to_edge instead of insert_insn_on_edge. * gcc.target/i386/pr113921.c: New test. (cherry picked from commit 2b4efc5db2)
2024-11-27 13:54:19 +08:00 · 2024-02-15 15:53:01 +01:00 · 2024-02-15 15:53:01 +01:00 · ba09da9787
commit ba09da9787
parent 2b142896cf
4 changed files with 44 additions and 3 deletions
--- a/gcc/cfgexpand.cc
+++ b/gcc/cfgexpand.cc
@ -3635,7 +3635,7 @@ expand_asm_stmt (gasm *stmt)
 		emit_insn (copy_insn (PATTERN (curr)));
 	      rtx_insn *copy = get_insns ();
 	      end_sequence ();
-	      insert_insn_on_edge (copy, e);
+	      prepend_insn_to_edge (copy, e);
 	    }
 	}
    }
--- a/gcc/cfgrtl.cc
+++ b/gcc/cfgrtl.cc
@ -25,7 +25,7 @@ along with GCC; see the file COPYING3.  If not see
     - CFG-aware instruction chain manipulation
 	 delete_insn, delete_insn_chain
     - Edge splitting and committing to edges
-	 insert_insn_on_edge, commit_edge_insertions
+	 insert_insn_on_edge, prepend_insn_to_edge, commit_edge_insertions
     - CFG updating after insn simplification
 	 purge_dead_edges, purge_all_dead_edges
     - CFG fixing after coarse manipulation
@ -1967,7 +1967,8 @@ rtl_split_edge (edge edge_in)

 /* Queue instructions for insertion on an edge between two basic blocks.
   The new instructions and basic blocks (if any) will not appear in the
-   CFG until commit_edge_insertions is called.  */
+   CFG until commit_edge_insertions is called.  If there are already
+   queued instructions on the edge, PATTERN is appended to them.  */

 void
 insert_insn_on_edge (rtx pattern, edge e)
@ -1987,6 +1988,25 @@ insert_insn_on_edge (rtx pattern, edge e)
  end_sequence ();
 }

+/* Like insert_insn_on_edge, but if there are already queued instructions
+   on the edge, PATTERN is prepended to them.  */
+
+void
+prepend_insn_to_edge (rtx pattern, edge e)
+{
+  /* We cannot insert instructions on an abnormal critical edge.
+     It will be easier to find the culprit if we die now.  */
+  gcc_assert (!((e->flags & EDGE_ABNORMAL) && EDGE_CRITICAL_P (e)));
+
+  start_sequence ();
+
+  emit_insn (pattern);
+  emit_insn (e->insns.r);
+
+  e->insns.r = get_insns ();
+  end_sequence ();
+}
+
 /* Update the CFG for the instructions queued on edge E.  */

 void
--- a/gcc/cfgrtl.h
+++ b/gcc/cfgrtl.h
@ -38,6 +38,7 @@ extern edge try_redirect_by_replacing_jump (edge, basic_block, bool);
 extern void emit_barrier_after_bb (basic_block bb);
 extern basic_block force_nonfallthru_and_redirect (edge, basic_block, rtx);
 extern void insert_insn_on_edge (rtx, edge);
+extern void prepend_insn_to_edge (rtx, edge);
 extern void commit_one_edge_insertion (edge e);
 extern void commit_edge_insertions (void);
 extern void print_rtl_with_bb (FILE *, const rtx_insn *, dump_flags_t);
--- a/gcc/testsuite/gcc.target/i386/pr113921.c
+++ b/gcc/testsuite/gcc.target/i386/pr113921.c
@ -0,0 +1,20 @@
+/* PR middle-end/113921 */
+/* { dg-do run } */
+/* { dg-options "-O2" } */
+
+__attribute__((noipa)) long
+foo (void)
+{
+  long v;
+  asm volatile goto ("jmp %l2" : "=r" (v) : "0" (27) : : lab);
+  return v;
+lab:
+  return 42;
+}
+
+int
+main ()
+{
+  if (foo () != 42)
+    __builtin_abort ();
+}