https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122610
liu zhenyu <lzy20000419 at outlook dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lzy20000419 at outlook dot com
--- Comment #8 from liu zhenyu <lzy20000419 at outlook dot com> ---
I have synthesized a minimal, dependency-free C reproducer for this regression.
Crucially, my testcase proves two key points:
It does NOT rely on Flexible Array Members (FAM) or C23 features.
The miscompilation disappears when compiled with -fno-strict-aliasing,
suggesting an overly aggressive TBAA query within ipa-modref.
Results: -O1: 800 (Correct) -O3: 1920 (Wrong Code)
// Complete GCC Bug - 2025 + Regression Analysis
// Generation: 0
// Results: {'-O1': 800, '-O2': 1280, '-O3': 1920}
// Compile with: gcc -O1/-O2/-O3 -fstrict-aliasing
#include <stdio.h>
#include <stdint.h>
#include <string.h>
struct RString_0 {
char *ptr;
long len;
};
char *ptr_global_0;
__attribute__((noinline))
char * get_ptr_0(struct RString_0 *str) {
return str->ptr;
}
// Trick GCC's IPA into thinking this store is dead code
__attribute__((noinline))
int ipa_modref_bug(struct RString_0 *str) {
str->ptr = ptr_global_0;
char *val = get_ptr_0(str);
if (val == NULL) {
return -1;
}
int result = 0;
for (int i = 0; i < 10; i++) {
result += (int)(val - (char*)0) & 0xFF;
}
return result;
}
__attribute__((noinline))
int test_ipa_modref_dse() {
struct RString_0 str;
char buffer[116];
ptr_global_0 = buffer;
for (int i = 0; i < 116; i++) {
buffer[i] = (char)((i * 827312095) & 0xFF);
}
int result = ipa_modref_bug(&str);
if (str.ptr != buffer) {
result += 1000;
}
return result;
}
int main() {
int result = test_ipa_modref_dse();
printf("%d\n", result);
return 0;
}
