This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/47337] New: memory unsafety bug leading to wrong code generation
- From: "regehr at cs dot utah.edu" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 18 Jan 2011 06:29:09 +0000
- Subject: [Bug c/47337] New: memory unsafety bug leading to wrong code generation
- Auto-submitted: auto-generated
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47337
Summary: memory unsafety bug leading to wrong code generation
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: regehr@cs.utah.edu
Valgrind reports some memory safety problems in the 'gcc -O3' execution.
regehr@home:~$ current-gcc -O2 small.c -o small
regehr@home:~$ ./small
g_6 = 0
regehr@home:~$ current-gcc -O3 small.c -o small
regehr@home:~$ ./small
g_6 = 134513352
regehr@home:~$ current-gcc -v
Using built-in specs.
COLLECT_GCC=current-gcc
COLLECT_LTO_WRAPPER=/mnt/z/z/compiler-install/gcc-r168941-install/libexec/gcc/i686-pc-linux-gnu/4.6.0/lto-wrapper
Target: i686-pc-linux-gnu
Configured with: ../configure --with-libelf=/usr/local --enable-lto
--prefix=/mnt/z/z/compiler-install/gcc-r168941-install
--program-prefix=r168941- --enable-languages=c,c++
Thread model: posix
gcc version 4.6.0 20110118 (experimental) (GCC)
regehr@home:~$ cat small.c
static unsigned int crc32_tab[256];
static unsigned int crc32_context = 0;
static char g_4 = 0;
static int g_6 = 0;
static long long g_83 = 0;
static int *g_102 = &g_6;
int printf(const char *format, ...);
int strcmp(const char *s1, const char *s2);
static short div(long long p1, long long p2)
{
return p1 / p2;
}
static char sub(char p1, char p2)
{
return p1 - p2;
}
static int func_95(int p_96, int p_97)
{
*g_102 = (p_97 != (short)(p_97 * 3));
for (g_4 = 0; g_4 < 2; g_4++)
{
lbl_210:
if (g_6)
{
if (g_83)
{
g_83 = 1;
}
else
{
return p_96;
}
}
else
{
g_6 = 1;
goto lbl_210;
}
g_102 = &g_6;
}
return p_96;
}
static void crc32(unsigned long long val, int flag)
{
if (!flag) {
crc32_context = crc32_tab[crc32_context & 1];
crc32_context = crc32_tab[crc32_context & 1];
crc32_context = crc32_tab[(crc32_context ^ (val & 1)) & 1];
crc32_context = crc32_tab[(crc32_context ^ (val & 1)) & 1];
}
}
int main(int argc, char* argv[])
{
int print_hash_value = 0;
unsigned int crc = 0;
int l_338[8];
int i, j;
if (argc == 2 && strcmp(argv[1], "1") == 0)
print_hash_value = 1;
for (i = 0; i < 256; i++) {
for (j = 8; j > 0; j--) {
crc = 1;
}
crc32_tab[i] = crc;
}
for (i = 0; i < 8; i++)
l_338[i] = 0;
g_6 = sub(g_4, g_4);
g_6 = func_95(g_4, 1 | div(l_338[0], 10));
crc32(g_6, print_hash_value);
crc32(g_83, print_hash_value);
printf("g_6 = %d\n", g_6);
return 0;
}