This is extracted from gnushogi (http://bugs.debian.org/393075).
[EMAIL PROTECTED]:~% cat bug.c const signed char nunmap[] = { 17, -1, 1 }; __attribute__((noinline)) void ff(int i) { asm volatile(""); } __attribute__((noinline)) void f(short delta) { short p0 = 2, s; for (s = 0; s < 2; s++) { p0 += delta; ff(s); if (nunmap[p0] == 17) asm volatile("# nop"); } } int main() { f(-1); return 0; } [EMAIL PROTECTED]:~% gcc-3.4 -O2 bug.c && ./a.out [EMAIL PROTECTED]:~% gcc-4.2 -O2 bug.c && ./a.out [EMAIL PROTECTED]:~% gcc-4.1 -O2 bug.c && ./a.out zsh: segmentation fault (core dumped) ./a.out Reason seems to be that delta is zero extended, not sign extended: $f..ng: lda $30,-32($30) ldah $1,nunmap($29) !gprelhigh lda $1,nunmap($1) !gprellow stq $9,8($30) stq $10,16($30) mov $31,$9 stq $11,24($30) lda $10,3($1) # $10 = numap + 3 zapnot $16,3,$11 # $11 = zero extend delta (=65535) stq $26,0($30) .prologue 1 $L4: addq $10,$11,$10 # $10 += $11 addl $31,$9,$16 bsr $26,ff !samegp ldq_u $1,-1($10) # access numap[65537] -> SEGV extqh $1,$10,$1 sra $1,56,$1 cmpeq $1,17,$1 bne $1,$L12 $L5: lda $9,1($9) cmpeq $9,2,$1 beq $1,$L4 ldq $26,0($30) ldq $9,8($30) ldq $10,16($30) ldq $11,24($30) lda $30,32($30) ret $31,($26),1 .align 4 $L12: .set macro # nop .set nomacro br $31,$L5 -- Summary: [4.1 regression] Incorrect zero extension of signed short IV Product: gcc Version: 4.1.2 Status: UNCONFIRMED Keywords: wrong-code Severity: normal Priority: P3 Component: tree-optimization AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: falk at debian dot org GCC build triplet: alpha-linux-gnu GCC host triplet: alpha-linux-gnu GCC target triplet: alpha-linux-gnu http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29631