This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/47337] New: memory unsafety bug leading to wrong code generation

From: "regehr at cs dot utah.edu" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Tue, 18 Jan 2011 06:29:09 +0000
Subject: [Bug c/47337] New: memory unsafety bug leading to wrong code generation
Auto-submitted: auto-generated

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47337

           Summary: memory unsafety bug leading to wrong code generation
           Product: gcc
           Version: 4.6.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: regehr@cs.utah.edu


Valgrind reports some memory safety problems in the 'gcc -O3' execution.

regehr@home:~$ current-gcc -O2 small.c -o small
regehr@home:~$ ./small
g_6 = 0
regehr@home:~$ current-gcc -O3 small.c -o small
regehr@home:~$ ./small
g_6 = 134513352
regehr@home:~$ current-gcc -v
Using built-in specs.
COLLECT_GCC=current-gcc
COLLECT_LTO_WRAPPER=/mnt/z/z/compiler-install/gcc-r168941-install/libexec/gcc/i686-pc-linux-gnu/4.6.0/lto-wrapper
Target: i686-pc-linux-gnu
Configured with: ../configure --with-libelf=/usr/local --enable-lto
--prefix=/mnt/z/z/compiler-install/gcc-r168941-install
--program-prefix=r168941- --enable-languages=c,c++
Thread model: posix
gcc version 4.6.0 20110118 (experimental) (GCC) 
regehr@home:~$ cat small.c


static unsigned int crc32_tab[256];
static unsigned int crc32_context = 0;
static char g_4 = 0;
static int g_6 = 0;
static long long g_83 = 0;
static int *g_102 = &g_6;

int printf(const char *format, ...);
int strcmp(const char *s1, const char *s2);

static short div(long long p1, long long p2)
{
  return p1 / p2;
}

static char sub(char p1, char p2)
{
  return p1 - p2;
}

static int func_95(int p_96, int p_97)
{
  *g_102 = (p_97 != (short)(p_97 * 3));

  for (g_4 = 0; g_4 < 2; g_4++)
    {
    lbl_210:
      if (g_6)
        {
      if (g_83)
            {
          g_83 = 1;
            }
      else
            {
          return p_96;
            }
        }
      else
        {
      g_6 = 1;
      goto lbl_210;
        }
      g_102 = &g_6;
    }
  return p_96;
}

static void crc32(unsigned long long val, int flag)
{
  if (!flag) {
    crc32_context = crc32_tab[crc32_context & 1];
    crc32_context = crc32_tab[crc32_context & 1];
    crc32_context = crc32_tab[(crc32_context ^ (val & 1)) & 1];
    crc32_context = crc32_tab[(crc32_context ^ (val & 1)) & 1];
  }
}

int main(int argc, char* argv[])
{
  int print_hash_value = 0;
  unsigned int crc = 0;
  int l_338[8];
  int i, j;

  if (argc == 2 && strcmp(argv[1], "1") == 0)
    print_hash_value = 1;

  for (i = 0; i < 256; i++) {
    for (j = 8; j > 0; j--) {
      crc = 1;
    }
    crc32_tab[i] = crc;
  }
  for (i = 0; i < 8; i++)
    l_338[i] = 0;

  g_6 = sub(g_4, g_4);
  g_6 = func_95(g_4, 1 | div(l_338[0], 10));
  crc32(g_6, print_hash_value);
  crc32(g_83, print_hash_value);

  printf("g_6 = %d\n", g_6);
  return 0;
}

Follow-Ups:
- [Bug c/47337] [4.6 Regression] memory unsafety bug leading to wrong code generation
  - From: jakub at gcc dot gnu.org
- [Bug rtl-optimization/47337] [4.6 Regression] Wrong RTL dce of calls
  - From: jakub at gcc dot gnu.org
- [Bug rtl-optimization/47337] [4.6 Regression] Wrong RTL dce of calls
  - From: jakub at gcc dot gnu.org
- [Bug rtl-optimization/47337] [4.6 Regression] Wrong RTL dce of calls
  - From: jakub at gcc dot gnu.org
- [Bug rtl-optimization/47337] [4.6 Regression] Wrong RTL dce of calls
  - From: jakub at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]