optimization/8794: optimization improperly eliminates certain expressions

[pageexec at freemail dot hu]

>Number:         8794
>Category:       optimization
>Synopsis:       optimization improperly eliminates certain expressions
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          wrong-code
>Submitter-Id:   net
>Arrival-Date:   Tue Dec 03 06:36:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     PaX Team
>Release:        gcc 3.2.1
>Organization:
>Environment:
i386 linux (Athlon), kernel 2.4.20, locally compiled gcc 3.2.1 (--enable-shared --with-system-zlib --enable-nls --without-included-gettext --enable-__cxa_atexit --enable-clocale=gnu)
>Description:
the following code is miscompiled when any optimization (-O, -O2, etc) is enabled, works otherwise. the miscompiled code falsely evaluates the expression on the right hand side of += to nothing (ie. no code emitted for it, presumably because gcc thought that it was a constant 0 which is not true for values of 'addr' that are not aligned to ELF_PAGE_SIZE). example runs:

good (gcc -o a.out a.c):
a.out 0 -> 00000000
a.out 1 -> 00001001
a.out 4095 -> 00001FFF
a.out 4096 -> 00001000

bad (gcc -O2 -o a.out a.c):
a.out 1 -> 00000001
a.out 4095 -> 00000FFF

it's also worth noting that in the real life code where this bug showed up we managed to get the optimized version to produce proper code by adding some extra expressions working on 'addr' before the ominous one (that may explain why it wasn't found already, it apparently needs some 'context' to show up).

------- cut -------
#include <stdio.h>
#include <stdlib.h>

#define ELF_PAGE_SIZE 0x1000UL

int main(int argc, char* argv[])
{
  unsigned long addr = atoi(argv[1]);
  addr += ELF_PAGE_SIZE - (ELF_PAGE_SIZE & (ELF_PAGE_SIZE - (addr & (ELF_PAGE_SIZE-1))));
  printf("addr: %08lX\n", addr);
  return 0;
}
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: