Created attachment 56161 [details] memset_explicit-gone-wrong.tar.xz Needs a trunk build from today or newer for -fharden-control-flow-redundancy. 1. git clone https://git.savannah.gnu.org/git/gnulib.git 2. ./gnulib-tool --single-configure --conditional-dependencies --create-testdir --dir=uhoh memset_explicit 3. cd uhoh 4. ./configure CFLAGS="-O3 -fharden-control-flow-redundancy" # passes with -O2 5. make TESTS=test-memset_explicit check -j$(nproc) ``` $ ./test-memset_explicit test_heap: address range is still mapped after free(). test_stack: count = 1000 test-memset_explicit.c:191: assertion 'count < 50' failed Aborted (core dumped) ``` I'm not sure where it goes wrong yet. Attached memset_explicit-gone-wrong.tar.xz has uhoh-O2 (good) and uhoh-O3 (bad) for x86_64, but I reproduced this on arm64 too.
gllib/memset_explicit.o is apparently the same between the two directories
AFAICT the test expects stackbuf to remain unchanged across do_secret_stuff calls, even though it's free stack space, but calling the hardcfr checker may scribble over it. But the real kicker is that, at -O3, do_secret_stuff gets two different versions for each of the pass numbers, and in the specialization for odd passes the stackbuf is optimized away entirely, and the visited bitmap ends up assigned at stack space that overlaps with the stackbuf allocated during the previous even pass, and that's what gets memcmp to fail at every execution. Adding attributes noclone and noipa to do_secret_stuff avoids the specializations, and then the test passes even at -O3.
Thank you Alexandre!
I've added your fix to gnulib: https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=f8ce7e779de156cb6d0fa51dbaef49cd255b7171 Thank you, Alexandre!