[Bug tree-optimization/103551] New: [12 Regression] wrong code with -O1 -fno-tree-dominator-opts -ftree-vectorize -ftree-vrp

zsojka at seznam dot cz gcc-bugzilla@gcc.gnu.org
Sat Dec 4 08:09:49 GMT 2021 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103551

            Bug ID: 103551
           Summary: [12 Regression] wrong code with -O1
                    -fno-tree-dominator-opts -ftree-vectorize -ftree-vrp
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Keywords: wrong-code
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: zsojka at seznam dot cz
  Target Milestone: ---
              Host: x86_64-pc-linux-gnu

Created attachment 51925
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51925&action=edit
reduced testcase (from OpenTTD sources)

Output:
$ x86_64-pc-linux-gnu-g++ -O1 -fno-tree-dominator-opts -ftree-vectorize
-ftree-vrp testcase.C
$ valgrind -q ./a.out 
==4448== Invalid write of size 8
==4448==    at 0x40116E: S::S(unsigned short, unsigned short, unsigned short)
(in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in
/home/smatz/gcc-bug/97/a.out)
==4448==    by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4C8777C: (below main) (in /lib64/libc-2.33.so)
==4448==  Address 0x4e31c88 is 8 bytes inside a block of size 10 alloc'd
==4448==    at 0x483F835: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4448==    by 0x401144: S::S(unsigned short, unsigned short, unsigned short)
(in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in
/home/smatz/gcc-bug/97/a.out)
==4448==    by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4C8777C: (below main) (in /lib64/libc-2.33.so)
==4448== 
==4448== Invalid write of size 8
==4448==    at 0x401178: S::S(unsigned short, unsigned short, unsigned short)
(in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in
/home/smatz/gcc-bug/97/a.out)
==4448==    by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4C8777C: (below main) (in /lib64/libc-2.33.so)
==4448==  Address 0x4e31ca0 is 22 bytes after a block of size 10 alloc'd
==4448==    at 0x483F835: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4448==    by 0x401144: S::S(unsigned short, unsigned short, unsigned short)
(in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in
/home/smatz/gcc-bug/97/a.out)
==4448==    by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4C8777C: (below main) (in /lib64/libc-2.33.so)
==4448== 
==4448== 
==4448== Process terminating with default action of signal 11 (SIGSEGV)
==4448==  Access not within mapped region at address 0x5220000
==4448==    at 0x401178: S::S(unsigned short, unsigned short, unsigned short)
(in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in
/home/smatz/gcc-bug/97/a.out)
==4448==    by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out)
==4448==    by 0x4C8777C: (below main) (in /lib64/libc-2.33.so)
==4448==  If you believe this happened as a result of a stack
==4448==  overflow in your program's main thread (unlikely but
==4448==  possible), you can try to increase the size of the
==4448==  main thread stack using the --main-stacksize= flag.
==4448==  The main thread stack size used in this run was 8388608.
Segmentation fault

   0x0000000000401164 <+78>:    movzwl %cx,%ecx
   0x0000000000401167 <+81>:    shl    $0x4,%rcx
   0x000000000040116b <+85>:    add    %rax,%rcx
=> 0x000000000040116e <+88>:    movups %xmm0,(%rax)
   0x0000000000401171 <+91>:    add    $0x10,%rax
   0x0000000000401175 <+95>:    cmp    %rax,%rcx
   0x0000000000401178 <+98>:    jne    0x40116e <_ZN1SC2Ettt+88>

$ x86_64-pc-linux-gnu-g++ -v
Using built-in specs.
COLLECT_GCC=/repo/gcc-trunk/binary-latest/bin/x86_64-pc-linux-gnu-g++
COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r12-5767-20211203172717-g6262e3a22b3-checking-yes-rtl-df-extra-nobootstrap-pr103149-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/12.0.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++
--enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra
--disable-bootstrap --with-cloog --with-ppl --with-isl
--build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu
--target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld
--with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch
--prefix=/repo/gcc-trunk//binary-trunk-r12-5767-20211203172717-g6262e3a22b3-checking-yes-rtl-df-extra-nobootstrap-pr103149-amd64
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.0.0 20211203 (experimental) (GCC)

More information about the Gcc-bugs mailing list