https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102540
--- Comment #7 from rguenther at suse dot de <rguenther at suse dot de> --- On Mon, 4 Oct 2021, amacleod at redhat dot com wrote: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102540 > > --- Comment #6 from Andrew Macleod <amacleod at redhat dot com> --- > > > > > > It removes a > > > relationship between c_10 and _2. The reason ranger no longer can fold _2 > > > == 0 > > > is because the sequence is now: > > > > > > a.0_1 = a; > > > _2 = (unsigned int) a.0_1; > > > b = _2; > > > _6 = a.0_1 & 4294967295; > > > c_10 = _6; > > > if (c_10 != 0) > > > goto <bb 3>; [INV] > > > > > > We do not find _2 is non-zero on the outgoing edge because _2 is not > > > related to > > > the calculation in the condition. (ie c_10 no longer has a dependency on > > > _2) > > > > > > We do recalculate _2 based on the outgoing range of a.0_1, but with it > > > being a > > > 64 bit value and _2 being 32 bits, we only know the outgoing range of > > > a.0_1 is > > > non-zero.. we dont track any of the upper bits... > > > 2->3 (T) a.0_1 : long int [-INF, -1][1, +INF] > > > And when we recalculate _2 using that value, we still get varying because > > > 0xFFFF0000 in not zero, but can still produce a zero in _2. > > > > > > The problem is that the condition c_10 != 0 no longer related to the > > > value of > > > _2 in the IL... so ranger never sees it. and we cant represent the 2^16 > > > subranges that end in [1,0xFFFF]. > > > > > > Before that transformation, > > > _2 = (unsigned int) a.0_1; > > > b = _2; > > > c_10 = (long int) _2; > > > The relationship is obvious, and ranger would relate the c_10 != 0 to _2 > > > no > > > problem. > > > > I see - too bad. Note the transform made the dependence chain of _6 > > one instruction shorter without increasing the number of instructions > > so it's a profitable transform. > > > > Btw, the relation is still there but only indirectly via a.0_1. The > > old (E)VRP had this find_asserts(?) that produced assertions based > > on the definitions - sth that now range-ops does(?), so it would > > eventually have built assertions for a.0_1 for both conditions and > > allow relations based on that? I can't seem to find my way around > > the VRP code now - pieces moved all over the place and so my mind > > fails me on the searching task :/ > > We do know that a.0_1 is non-zero on that edge: > 2->3 (T) a.0_1 : long int [-INF, -1][1, +INF] > > the problem is that we can't currently represent that the bitmask operation > causes all patterns ending in 0x00000000 to not occur.. we just leave it at > ~[0,0]. which isn't sufficient for this use case. Hmm, but we do have nonzero bits on SSA where we also store global ranges, so there is a way to store the info and you could intersect the sliced range produced from it with the range you got? > we don't currently track any equivalences between values of different > precision.. (even though ranger once did). Handling it as a general > equivalence was fraught with issues. > > We might be able to add a new equivalence class "slice" or something.. I had > considered it but hadn't seen a great need case. This would make _6 a 32 bit > slice of a.0_1 with range [1, 0xffffffff]. > Then when we are querying for the cast > _2 = (unsigned int) a.0_1; > we could also query the 32 bit equivalence slices of a.0_1, find _6, and get > the outgoing range of [1,0xffffffff].. and apply that value. > > It would probably resolve an entire class of things where we don't recognize > an > equivalence between a cast and a bitmask of equivalent precision. > > This would also mean the reverse would apply.. ie if we instead branched on _2 > != 0 we would also understand that _6 will be non-zero. I believe tracking known zero/one bits in addition to a range is more useful - would that help in this case?
