Re: Aliasing bug

[Richard Guenther <richard dot guenther at gmail dot com>]

On Thu, Jul 2, 2009 at 3:21 PM, Andrew Stubbs<ams@codesourcery.com> wrote:
> Hi all,
>
> I'm fairly sure I have found an aliasing bug in GCC, although I could be
> wrong. I've reproduced it in both 4.4 and mainline.
>
> Consider this testcase, aliasing.c:
>
> ? ?extern void *foo;
>
> ? ?extern inline short **
> ? ?f1 (void)
> ? ?{
> ? ? ?union
> ? ? ? ?{
> ? ? ? ? ?void **v;
> ? ? ? ? ?short **s;
> ? ? ? ?} u;
>
> ? ? ?u.v = (&foo);
> ? ? ?if (*u.s == 0) *u.s = (short *)42;
> ? ? ?return u.s;
> ? ?}
>
> ? ?const short *a, *b;
>
> ? ?int
> ? ?f ()
> ? ?{
> ? ? ?a = *f1();
> ? ? ?b = *f1();
> ? ?}
>
> The (not very useful) testcase initialises foo to 42, if necessary, and then
> sets both 'a' and 'b' to equal foo. There should be no way that 'a' and 'b'
> can ever be set to zero.
>
> Compile the code as follows:
>
> ?sh-linux-gnu-gcc -c aliasing.c -O2 -fdump-tree-all
>
> The dump file aliasing.c.133t.optimized (the last tree dump) then contains:
>
> ? ?f ()
> ? ?{
> ? ? ?void * foo.3;
> ? ? ?short int * D.1982;
> ? ? ?short int * * D.1973;
>
> ? ?<bb 2>:
> ? ? ?foo.3_10 = foo;
> ? ? ?D.1982_26 = (short int *) foo.3_10;
> ? ? ?if (D.1982_26 == 0B)
> ? ? ? ?goto <bb 3>;
> ? ? ?else
> ? ? ? ?goto <bb 5>;
>
> ? ?<bb 3>:
> ? ? ?D.1973_13 = (short int * *) &foo;
> ? ? ?*D.1973_13 = 42B;
> ? ? ?a = 0B;
>
> ? ?<bb 4>:
> ? ? ?b = D.1982_26;
> ? ? ?return;
>
> ? ?<bb 5>:
> ? ? ?a = D.1982_26;
> ? ? ?goto <bb 4>;
>
> ? ?}
>
> This is the state of the code after the tree optimisations. Both 'a' and 'b'
> are set to the initial value of foo, before it was initialised. Not only
> that, but 'a' is explicitly set to zero.
>
> This problem goes away if -fno-strict-aliasing is used.
>
> Is this a compiler bug? Or have I got something wrong in my code?

You are writing to memory of type void * via an lvalue of type short *.

Richard.

> Thanks
>
> Andrew
>