When I compile the testcase with -O2, or with '-O1 -fstrict-aliasing' incorrect code is generated. The testcase calls abort() in this case. This is a regression in gcc-4.2 only: gcc-4.1 and gcc-4.3 do not show the bug. $ gcc-4.2 -O1 test.i -o ok && ./ok $ gcc-4.2 -O2 test.i -o fails && ./fails Aborted $ gcc-4.2 -O1 -fstrict-aliasing test.i -o fails2 && ./fails2 Aborted $ gcc-4.2 -O3 test.i -o fails3 && ./fails3 Aborted The testcase gives no warnings: $ gcc-4.2 -Wall -W -O2 -Wstrict-aliasing test.i The original code that is miscompiled is ClamAV, but only if -O3 is used. I created an initial reduced testcase using delta. Manually inlining some functions show this bug even at -O2 on the reduced testcase. I reproduced this on 2 different systems: edwin@lightspeed2:~$ uname -a Linux lightspeed2 2.6.25-rc4-00134-g84c6f60 #4 Sun Mar 9 19:40:34 EET 2008 x86_64 GNU/Linux edwin@lightspeed2:~$ gcc-4.2 -v Using built-in specs. Target: x86_64-linux-gnu Configured with: ../src/configure -v --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.2 --program-suffix=-4.2 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --disable-libmudflap --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 4.2.3 (Debian 4.2.3-2) I also reproduced the bug with gcc 4.2.3 built with --enable-checking=yes: edwin@lightspeed2:~$ gcc-4.2.3/inst/bin/gcc -O1 -fstrict-aliasing test.i -o fails && ./fails Aborted edwin@lightspeed2:~$ gcc-4.2.3/inst/bin/gcc -v Using built-in specs. Target: x86_64-linux-gnu Configured with: ../configure --enable-languages=c --prefix=/home/edwin/gcc-4.2.3/obj/../inst --enable-checking=yes --disable-multilib --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --disable-bootstrap Thread model: posix gcc version 4.2.3 The second system: edwin@thunder:~$ uname -a Linux thunder 2.6.25-rc5-00323-g9a9e0d6 #22 SMP PREEMPT Sun Mar 16 10:23:46 EET 2008 i686 GNU/Linux edwin@thunder:~$ gcc-4.2 -v Using built-in specs. Target: i486-linux-gnu Configured with: ../src/configure -v --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.2 --program-suffix=-4.2 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --disable-libmudflap --enable-targets=all --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu Thread model: posix gcc version 4.2.3 (Debian 4.2.3-2)
Created attachment 15345 [details] testcase Some observations: If you remove some dead code the optimization bug goes away: Remove either of these and you'll get correct code, for example: if (metadata->chunk_current >= metadata->chunk_end) { } If I remove that if and compare assembly output, I see this: $ diff -wu bad.s ok.s --- bad.s 2008-03-19 20:51:59.000000000 +0200 +++ ok.s 2008-03-19 20:51:47.000000000 +0200 @@ -60,7 +60,7 @@ testb %al, %al js .L9 movsbq %sil,%rax - addq %rax, %rcx + leaq 1(%rcx,%rax), %rcx .L11: movzbl (%rdx), %eax addq $1, %rdx Of course the original code that is miscompiled doesn't have dead code, it is just because of the reduction. If you need more info please ask. This is related to this bug (but that occurs only at -O3): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470557
Created attachment 15346 [details] another reduced testcase I reduced the testcase further using delta, however I had to be careful to avoid deleting initializations. This testcase is valgrind clean.
-O vs. -O -fstrict-aliasing. This is another flow-insensitive alias problem. diff -u t.c.099t.optimized t.c.099t.optimizedx --- t.c.099t.optimized 2008-03-19 20:45:05.000000000 +0100 +++ t.c.099t.optimizedx 2008-03-19 20:45:00.000000000 +0100 @@ -16,9 +16,9 @@ Analyzing Edge Insertions. cli_chm_prepare_file (metadata) { - char * temp.77; uint64_t section; char * D.1574; + char * D.1572; char * D.1565; <bb 2>: @@ -30,12 +30,10 @@ metadata->chunk_data = D.1565 + (char *) (unsigned int) metadata->chunk_offset; <L3>:; - D.1574 = metadata->chunk_data + 20B; - metadata->chunk_current = D.1574; - temp.77 = D.1574 + 1B + (char *) (uint64_t) *D.1574; - metadata->chunk_current = temp.77; - section = (uint64_t) *temp.77; - metadata->chunk_current = temp.77 + 1B; + D.1572 = metadata->chunk_data + 20B; + D.1574 = D.1572 + (char *) (uint64_t) *D.1572; + section = (uint64_t) *D.1574; + metadata->chunk_current = D.1574 + 1B; if (section > 1) goto <L9>; else goto <L10>; <L9>:;
4.2.4 is being released, changing milestones to 4.2.5.
Closing 4.2 branch, fixed in 4.3.