[Bug sanitizer/110027] New: Misaligned vector store on detect_stack_use_after_return
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110027 Bug ID: 110027 Summary: Misaligned vector store on detect_stack_use_after_return Product: gcc Version: 13.1.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: sneves at dei dot uc.pt CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- (As reported by Jack O'Connor, along with reproducibility instructions, at https://gist.github.com/oconnor663/69176654f1db1bb96077d6ff4141a022) Given the following snippet, #include int main() { __m512i v = _mm512_set1_epi32(0); // It doesn't really matter what we do next, as long as we convince the // compiler to put v on the stack. Here we just read an int from it. return *((int *)); } compiled with `gcc repro.c -g -mavx512f -fsanitize=address` results in a segfault due to a misaligned AVX-512 store. The assembly output is visible at https://gist.github.com/oconnor663/69176654f1db1bb96077d6ff4141a022#file-repro-s. Specifically, we have the relevant sequence andq $-64, %rsp subq $192, %rsp leaq 32(%rsp), %rbx ... cmpl $0, __asan_option_detect_stack_use_after_return(%rip) je.L1 ... call __asan_stack_malloc_1@PLT ... movq %rax, %rbx ... .L1: leaq 160(%rbx), %rax movq %rax, %rcx ... vmovdqa64 %zmm0, -128(%rcx) Now, if `__asan_option_detect_stack_use_after_return` is 0, the variable at %rcx-128 is correctly aligned to 64. However, if it is 1, __asan_stack_malloc_1 returns something aligned to 64 << 1 (as per https://github.com/gcc-mirror/gcc/blob/master/gcc/asan.cc#L1917) and adding 160 results in %rcx-128 being only aligned to 32. And thus the segfault. Interestingly this seems to be only reproducible on Arch Linux. Other gcc 13.1.1 builds, Fedora for instance, seem to behave correctly. It is unclear to me what the reason for this is.
[Bug target/105930] [12/13 Regression] Excessive stack spill generation on 32-bit x86
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930 --- Comment #13 from Samuel Neves --- Something simple like this -- https://godbolt.org/z/61orYdjK7 -- already exhibits the effect. Furthermore, and this also applies to the full BLAKE2b compression function, if you replace all the xors in the rounds by adds, the stack size goes back to normal. On the other hand, replacing the adds by xors, making the whole round function bitwise ops, does not have any effect on stack size.
[Bug target/105930] [12/13 Regression] Excessive stack spill generation on 32-bit x86
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930 Samuel Neves changed: What|Removed |Added CC||sneves at dei dot uc.pt --- Comment #6 from Samuel Neves --- Based on that bisect commit, it is also possible to repro this issue in earlier GCCs (11, 10, seems fine on <= 9) purely by taking away the -mno-sseX, which triggers the same splitting as now on gcc-12: https://godbolt.org/z/KEcWGT9Yc
[Bug c++/104802] New: Non-type template parameter of reference type disallowed under certain conditions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104802 Bug ID: 104802 Summary: Non-type template parameter of reference type disallowed under certain conditions Product: gcc Version: 11.2.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: sneves at dei dot uc.pt Target Milestone: --- Minimal (C++17 and 20) example: template struct S { template void operator()() const {} }; struct weird_ { int operator&() const { return 123; } } const weird {}; auto f() { S s {}; s(); } This fails with the error: error: '&(const weird_&)weird.weird_::operator&()' is not a valid template argument of type 'const weird_&' because '(const weird_&)weird.weird_::operator&()' is not a variable Now, if either one of - template is commented out, i.e., the called function is no longer a template; - `weird` has the `operator&` removed; The code compiles without any issues. As far as I can tell this example is not violating any of the constraints the standard puts on lvalue reference parameters, and both Clang and MSVC accept it.