https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102540
--- Comment #6 from Andrew Macleod <amacleod at redhat dot com> --- > > > It removes a > > relationship between c_10 and _2. The reason ranger no longer can fold _2 > > == 0 > > is because the sequence is now: > > > > a.0_1 = a; > > _2 = (unsigned int) a.0_1; > > b = _2; > > _6 = a.0_1 & 4294967295; > > c_10 = _6; > > if (c_10 != 0) > > goto <bb 3>; [INV] > > > > We do not find _2 is non-zero on the outgoing edge because _2 is not > > related to > > the calculation in the condition. (ie c_10 no longer has a dependency on > > _2) > > > > We do recalculate _2 based on the outgoing range of a.0_1, but with it > > being a > > 64 bit value and _2 being 32 bits, we only know the outgoing range of a.0_1 > > is > > non-zero.. we dont track any of the upper bits... > > 2->3 (T) a.0_1 : long int [-INF, -1][1, +INF] > > And when we recalculate _2 using that value, we still get varying because > > 0xFFFF0000 in not zero, but can still produce a zero in _2. > > > > The problem is that the condition c_10 != 0 no longer related to the value > > of > > _2 in the IL... so ranger never sees it. and we cant represent the 2^16 > > subranges that end in [1,0xFFFF]. > > > > Before that transformation, > > _2 = (unsigned int) a.0_1; > > b = _2; > > c_10 = (long int) _2; > > The relationship is obvious, and ranger would relate the c_10 != 0 to _2 no > > problem. > > I see - too bad. Note the transform made the dependence chain of _6 > one instruction shorter without increasing the number of instructions > so it's a profitable transform. > > Btw, the relation is still there but only indirectly via a.0_1. The > old (E)VRP had this find_asserts(?) that produced assertions based > on the definitions - sth that now range-ops does(?), so it would > eventually have built assertions for a.0_1 for both conditions and > allow relations based on that? I can't seem to find my way around > the VRP code now - pieces moved all over the place and so my mind > fails me on the searching task :/ We do know that a.0_1 is non-zero on that edge: 2->3 (T) a.0_1 : long int [-INF, -1][1, +INF] the problem is that we can't currently represent that the bitmask operation causes all patterns ending in 0x00000000 to not occur.. we just leave it at ~[0,0]. which isn't sufficient for this use case. we don't currently track any equivalences between values of different precision.. (even though ranger once did). Handling it as a general equivalence was fraught with issues. We might be able to add a new equivalence class "slice" or something.. I had considered it but hadn't seen a great need case. This would make _6 a 32 bit slice of a.0_1 with range [1, 0xffffffff]. Then when we are querying for the cast _2 = (unsigned int) a.0_1; we could also query the 32 bit equivalence slices of a.0_1, find _6, and get the outgoing range of [1,0xffffffff].. and apply that value. It would probably resolve an entire class of things where we don't recognize an equivalence between a cast and a bitmask of equivalent precision. This would also mean the reverse would apply.. ie if we instead branched on _2 != 0 we would also understand that _6 will be non-zero.
