https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65400
Bug ID: 65400 Summary: tsan mis-compiles inlineable C functions Product: gcc Version: 5.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: bernd.edlinger at hotmail dot de CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org Created attachment 35018 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=35018&action=edit stripped down test case Hi, I am not sure when this started, probably in february where I was busy with other tasks, but current trunk miscompiles numerous simple C functions if optimizations are enabled. I isolated one example in the OPC UA ANSI-C stack, and crated a small test case from it. It mis-compiles with these set of options: gcc -O2 -fsanitize=thread,undefined -c opcua_string.c the problem is here: 00000000000004b0 <OpcUa_String_Clear>: 4b0: 53 push %rbx 4b1: 48 89 fb mov %rdi,%rbx 4b4: 48 8b 7c 24 08 mov 0x8(%rsp),%rdi 4b9: e8 00 00 00 00 callq 4be <OpcUa_String_Clear+0xe> 4ba: R_X86_64_PC32 __tsan_func_entry-0x4 4be: 48 85 db test %rbx,%rbx 4c1: 74 1d je 4e0 <OpcUa_String_Clear+0x30> 4c3: 48 89 df mov %rbx,%rdi 4c6: e8 00 00 00 00 callq 4cb <OpcUa_String_Clear+0x1b> 4c7: R_X86_64_PC32 __tsan_read1-0x4 4cb: 80 3b 00 cmpb $0x0,(%rbx) 4ce: 75 10 jne 4e0 <OpcUa_String_Clear+0x30> 4d0: 48 89 df mov %rbx,%rdi 4d3: 5b pop %rbx 4d4: e9 27 fb ff ff jmpq 0 <OpcUa_String_Clear.part.0> 4d9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 4e0: 5b pop %rbx 4e1: e9 00 00 00 00 jmpq 4e6 <OpcUa_String_Clear+0x36> 4e2: R_X86_64_PC32 __tsan_func_exit-0x4 a call to __tsan_func_exit is missing before jmpq <OpcUa_String_Clear.part.0> note that OpcUa_String_Clear.part.0 also call __tsan_func_entry thus the call stack is completely scrambled: 0000000000000000 <OpcUa_String_Clear.part.0>: 0: 55 push %rbp 1: 53 push %rbx 2: 48 89 fb mov %rdi,%rbx 5: 48 83 ec 08 sub $0x8,%rsp 9: 48 8b 7c 24 18 mov 0x18(%rsp),%rdi e: e8 00 00 00 00 callq 13 <OpcUa_String_Clear.part.0+0x13> f: R_X86_64_PC32 __tsan_func_entry-0x4 The with other optimization levels or without -fsanitize=undefined, this example compiles correctly, but some other function start to have problems.