[Bug tree-optimization/93156] abused nonnull attribute evokes new segfault in gcc 10 since Nov 4 commit, 0fb958ab8aa
bruno at clisp dot org
gcc-bugzilla@gcc.gnu.org
Sun Jan 5 20:44:00 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93156
--- Comment #8 from Bruno Haible <bruno at clisp dot org> ---
(In reply to Andrew Pinski from comment #6)
> a?-1:0 is transformed into -1 before we figure out that a is always true; an
> ordering difference.
Fortunately the GCC optimization affects only the return value of null_ptr().
It does not cause side effects to occur that shouldn't occur.
Test case:
=========================================================================
extern char *canonicalize_file_name (const char *__name)
__attribute__ ((__nonnull__ (1)));
extern int rand (void);
extern void brick_the_hard_disk (void);
/* Return NULL. */
static void *
null_ptr (void)
{
unsigned int x = rand ();
unsigned int y = x * x;
/* The following statement is equivalent to if (false),
since a square is always congruent to 0 or 1 mod 4. */
if (y & 2) {
brick_the_hard_disk ();
return (void *) -1;
} else
return (void *) 0;
}
int
main (void)
{
return !!canonicalize_file_name (null_ptr ());
}
=========================================================================
Compiled with gcc -O6 -S foo.c from a recent GCC 10 snapshot:
=========================================================================
.file "foo.c"
.text
.section .text.startup,"ax",@progbits
.p2align 4
.globl main
.type main, @function
main:
.LFB1:
.cfi_startproc
subq $8, %rsp
.cfi_def_cfa_offset 16
call rand
imull %eax, %eax
testb $2, %al
je .L2
call brick_the_hard_disk
.L2:
movq $-1, %rdi
call canonicalize_file_name
testq %rax, %rax
setne %al
addq $8, %rsp
.cfi_def_cfa_offset 8
movzbl %al, %eax
ret
.cfi_endproc
.LFE1:
.size main, .-main
.ident "GCC: (GNU) 10.0.0 20191229 (experimental)"
.section .note.GNU-stack,"",@progbits
=========================================================================
As you can see, it still performs the (y & 2) and will thus never execute
brick_the_hard_disk().
More information about the Gcc-bugs
mailing list