[Bug tree-optimization/42821] [4.5 Regression] TCL is miscompiled
-- rguenth at gcc dot gnu dot org changed: What|Removed |Added Known to work||4.4.2 Target Milestone|--- |4.5.0 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42821
[Bug tree-optimization/42821] [4.5 Regression] TCL is miscompiled
--- Comment #1 from rguenth at gcc dot gnu dot org 2010-01-21 11:19 --- Looking into it. -- rguenth at gcc dot gnu dot org changed: What|Removed |Added AssignedTo|unassigned at gcc dot gnu |rguenth at gcc dot gnu dot |dot org |org Status|UNCONFIRMED |ASSIGNED Ever Confirmed|0 |1 Last reconfirmed|-00-00 00:00:00 |2010-01-21 11:19:41 date|| http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42821
[Bug tree-optimization/42821] [4.5 Regression] TCL is miscompiled
--- Comment #2 from rguenth at gcc dot gnu dot org 2010-01-21 11:31 ---
We seem to test for this feature in gcc.dg/builtin-object-size-6.c
struct D
{
int i;
struct D1
{
char b;
char a[10];
} j;
};
void
__attribute__ ((noinline))
test6 (struct D *d)
{
if (__builtin_object_size (d-j.a[3], 0) != (size_t) -1)
abort ();
if (__builtin_object_size (d-j.a[3], 1) != sizeof (d-j.a) - 3)
abort ();
if (__builtin_object_size (d-j.a[3], 2) != 0)
abort ();
if (__builtin_object_size (d-j.a[3], 3) != sizeof (d-j.a) - 3)
abort ();
}
But this is confused by for example changing the testcase to
struct X {
void *p;
struct Y {
char s[4];
} y;
};
void * __attribute__((noinline,noclone))
myalloc (unsigned int sz)
{
return __builtin_malloc (sz);
}
int main()
{
struct X *p = myalloc (sizeof (struct X)
+ sizeof (Hello World) + 1 - sizeof (p-y.s));
struct Y *q = p-y;
__builtin___strcpy_chk (q-s, Hello World,
__builtin_object_size (q-s, 1));
return 0;
}
where clearly nothing tells you that we allocate an object of type struct X
and the strcpy uses struct Y - still as we propagate around the pointers
we'll end up with exactly the same IL as before and miscompute the object size.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42821
[Bug tree-optimization/42821] [4.5 Regression] TCL is miscompiled
--- Comment #3 from rguenth at gcc dot gnu dot org 2010-01-21 11:34 ---
Or even
struct X {
struct Y {
char s[4];
} y;
};
void * __attribute__((noinline,noclone))
myalloc (unsigned int sz)
{
return __builtin_malloc (sz);
}
int main()
{
struct X *p = myalloc (sizeof (struct Y)
+ sizeof (Hello World) + 1 - 4);
struct Y *q = p-y;
__builtin___strcpy_chk (q-s, Hello World,
__builtin_object_size (q-s, 1));
return 0;
}
(warns)
vs.
struct X {
struct Y {
char s[4];
} y;
};
void * __attribute__((noinline,noclone))
myalloc (unsigned int sz)
{
return __builtin_malloc (sz);
}
int main()
{
struct X *p = myalloc (sizeof (struct Y)
+ sizeof (Hello World) + 1 - 4);
struct Y *q = (struct Y *)p;
__builtin___strcpy_chk (q-s, Hello World,
__builtin_object_size (q-s, 1));
return 0;
}
(does not warn)
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42821
[Bug tree-optimization/42821] [4.5 Regression] TCL is miscompiled
--- Comment #4 from rguenth at gcc dot gnu dot org 2010-01-21 12:02 --- Whatever. We do this on purpose. -- rguenth at gcc dot gnu dot org changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution||INVALID http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42821
