[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 --- Comment #10 from Martin Liška --- (In reply to acsawdey from comment #8) > It looks like both gcc 7 and 8 assume that the statement > > ptrA->sA[ptrB->int1].zt = parm1; > > will only be executed 14+1 times because of the declaration sA[15]. > > However gcc 7 assumes the whole loop will only execute that number of times: > > Statement ptrA_14(D)->sA[ptrB__int1_lsm.11_22].zt = _34; > is executed at most 14 (bounded by 14) + 1 times in loop 1. > Analyzing # of iterations of loop 1 > exit condition [15, + , 4294967295] != 0 > bounds on difference of bases: -15 ... -15 > result: > # of iterations 15, bounded by 15 > Loop 1 iterates 15 times. > Loop 1 iterates at most 14 times. > Loop 1 likely iterates at most 14 times. > Analyzing # of iterations of loop 1 > exit condition [15, + , 4294967295] != 0 > bounds on difference of bases: -15 ... -15 > result: > # of iterations 15, bounded by 15 > Removed pointless exit: if (ivtmp_24 != 0) > > were gcc8 does not: > > Statement ptrA_13(D)->sA[ptrB__int1_lsm.5_22].zt = _20; > is executed at most 14 (bounded by 14) + 1 times in loop 1. > Analyzing # of iterations of loop 1 > exit condition [15, + , 4294967295] != 0 > bounds on difference of bases: -15 ... -15 > result: > # of iterations 15, bounded by 15 > Loop 1 iterates 15 times. > Loop 1 iterates at most 15 times. > Loop 1 likely iterates at most 15 times. GCC makes an assumption that the loop does iterate 'at most' 15 times. The issue happens in runtime, compiler doesn't prove that in compile time. For situations like this one can use UBSAN or ASAN sanitizers. > > Neither gcc 7 nor 8 produce any warnings for the revised test case with > -Wall.
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433
--- Comment #9 from Martin Liška ---
(In reply to acsawdey from comment #7)
> Created attachment 43462 [details]
> revised test case
$ gcc pr84433-v2.c -fsanitize=undefined && ./a.out
pr84433-v2.c:36:11: runtime error: index 15 out of bounds for type 'structA
[15]'
B.int1 = 16 expected 16
Patching the file with:
diff -u pr84433-v2-original.c pr84433-v2.c
--- pr84433-v2-original.c 2018-02-19 15:22:40.250620365 +0100
+++ pr84433-v2.c2018-02-19 15:22:45.054713707 +0100
@@ -9,7 +9,7 @@
typedef struct structC
{
struct structB sB[16][10];
- struct structA sA[15];
+ struct structA sA[16];
struct structA sA2[16];
uint32_t int1;
uint32_t int2;
$ gcc pr84433-v2.c -O2 && ./a.out
B.int1 = 16 expected 16
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 --- Comment #8 from acsawdey at gcc dot gnu.org --- It looks like both gcc 7 and 8 assume that the statement ptrA->sA[ptrB->int1].zt = parm1; will only be executed 14+1 times because of the declaration sA[15]. However gcc 7 assumes the whole loop will only execute that number of times: Statement ptrA_14(D)->sA[ptrB__int1_lsm.11_22].zt = _34; is executed at most 14 (bounded by 14) + 1 times in loop 1. Analyzing # of iterations of loop 1 exit condition [15, + , 4294967295] != 0 bounds on difference of bases: -15 ... -15 result: # of iterations 15, bounded by 15 Loop 1 iterates 15 times. Loop 1 iterates at most 14 times. Loop 1 likely iterates at most 14 times. Analyzing # of iterations of loop 1 exit condition [15, + , 4294967295] != 0 bounds on difference of bases: -15 ... -15 result: # of iterations 15, bounded by 15 Removed pointless exit: if (ivtmp_24 != 0) were gcc8 does not: Statement ptrA_13(D)->sA[ptrB__int1_lsm.5_22].zt = _20; is executed at most 14 (bounded by 14) + 1 times in loop 1. Analyzing # of iterations of loop 1 exit condition [15, + , 4294967295] != 0 bounds on difference of bases: -15 ... -15 result: # of iterations 15, bounded by 15 Loop 1 iterates 15 times. Loop 1 iterates at most 15 times. Loop 1 likely iterates at most 15 times. Neither gcc 7 nor 8 produce any warnings for the revised test case with -Wall.
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 --- Comment #7 from acsawdey at gcc dot gnu.org --- Created attachment 43462 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=43462=edit revised test case
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 --- Comment #6 from Martin Liška --- (In reply to acsawdey from comment #5) > Very interesting ... the return can be added and the problem still exists. > However changing the size of the array sA to be >= 16 makes the problem go > away. Why is that? Because there are 2 undefined behaviors: the missing return and access to array which is out of bounds.
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 --- Comment #5 from acsawdey at gcc dot gnu.org --- Very interesting ... the return can be added and the problem still exists. However changing the size of the array sA to be >= 16 makes the problem go away. Why is that?
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 Martin Liška changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |INVALID --- Comment #4 from Martin Liška --- It's an invalid code: $ gcc pr84433.c -Wall -fsanitize=undefined -g && UBSAN_OPTIONS="print_stacktrace=1" ./a.out pr84433.c: In function ‘func’: pr84433.c:45:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ pr84433.c:36:11: runtime error: index 15 out of bounds for type 'structA [15]' #0 0x400d5a in func /home/marxin/Programming/testcases/pr84433.c:36 #1 0x400edb in main /home/marxin/Programming/testcases/pr84433.c:62 #2 0x76d20f49 in __libc_start_main (/lib64/libc.so.6+0x20f49) #3 0x400729 in _start (/home/marxin/Programming/testcases/a.out+0x400729) B.int1 = 16 expected 16 $ clang pr84433.c -Wall -fsanitize=undefined -g && UBSAN_OPTIONS="print_stacktrace=1" ./a.out pr84433.c:45:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ 1 warning generated. pr84433.c:36:3: runtime error: index 15 out of bounds for type 'struct structA [15]' #0 0x42019a in func /home/marxin/Programming/testcases/pr84433.c:36:24 #1 0x420753 in main /home/marxin/Programming/testcases/pr84433.c:62:3 #2 0x76eb1f49 in __libc_start_main (/lib64/libc.so.6+0x20f49) #3 0x402829 in _start /home/abuild/rpmbuild/BUILD/glibc-2.26/csu/../sysdeps/x86_64/start.S:120 B.int1 = 16 expected 16
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 Martin Liška changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2018-02-18 CC||marxin at gcc dot gnu.org Assignee|unassigned at gcc dot gnu.org |marxin at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #3 from Martin Liška --- Let me take a look.
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 --- Comment #2 from Segher Boessenkool --- Is that fixed in trunk then, or just hidden?
[Bug middle-end/84433] gcc 7 and before miscompile loop and remove exit due to incorrect range calculation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84433 Mikael Pettersson changed: What|Removed |Added CC||mikpelinux at gmail dot com --- Comment #1 from Mikael Pettersson --- Appears this wrong-code was fixed for gcc-8.0 by r251690.
