public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux)
@ 2003-08-18 21:14 yuri at tsoft dot com
2003-08-18 21:47 ` [Bug c++/11973] " pinskia at gcc dot gnu dot org
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: yuri at tsoft dot com @ 2003-08-18 21:14 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
Summary: GCC 3.3 optimizer creates wrong code (i386/Linux)
Product: gcc
Version: 3.3
Status: UNCONFIRMED
Severity: critical
Priority: P3
Component: c++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: yuri at tsoft dot com
CC: gcc-bugs at gcc dot gnu dot org,yuri at tsoft dot com
Symptom: Code (see below) crashes when compiled with -O3 and works
when compiled non-optimized
Expected: both optimized and nonoptimized should exit "main" OK.
Immediate reason in ASM: in inlined function alc() in E::X_alc()
freed = freed->next and first operation of constructor of C class
(vtbl initialization) are swapped by optimizer.
So it fills VTBL pointer into freed->next before it's value is being
placed into freed by alc(). So after the first call to alc()
freed is already wrong (has VTBL in it). And it should have "next"
value from the previous "freed" instance.
Please contact me yuri@tsoft.com if explanation isn't clear.
This bug prevents us from switching to 3.3.
Thanx,
Yuri
----Version from "gcc -v"------------------------
Reading specs from /usr/gcc-3.3/bin/../lib/gcc-lib/i686-pc-linux-gnu/3.3/specs
Configured with: ./configure --prefix=/gjt/home/yuri/gcc
--exec-prefix=/gjt/home/yuri/gcc
Thread model: posix
gcc version 3.3
---end Version------------------------------------
---code-------------------------------------------
#include <stdio.h>
struct SList {
SList *next;
int i;
};
SList sl1, sl2;
SList *freed;
inline void *alc() {
void *r = freed;
// !!! HERE IS WHERE BUG IS IMPLANTED
freed = freed->next;
return (r);
}
class P {
public:
virtual int fn1() { return (1); }
virtual int fn2() { return (2); }
};
class C : public P {
public:
virtual int fn1() { return (3); }
virtual int fn2() { return (4); }
int i;
inline void * operator new(size_t sz) { return alc(); }
inline void operator delete(void *) { }
};
class D {
public:
virtual C* X_alc() { return (NULL); }
};
class E {
public:
virtual C* X_alc() { return (new C()); };
};
int
main(int argc[], const char *argv[]) {
C *c1, *c2;
E *a = new E;
// initialize
sl1.next = &sl2;
sl2.next = NULL;
freed = &sl1;
printf(" ** freed=%p **\n", freed);
printf(" ** alloc: %p **\n", (c1 = a->X_alc()));
printf(" ** freed=%p **\n", freed);
printf(" ** alloc: %p **\n", (c2 = a->X_alc()));
printf(" ** freed=%p **\n", freed);
delete c1;
delete c2;
return (0);
}
---end code---------------------------------------
---asm------(E::X_alc where alc() is inlined)-----
080485e0 <_ZN1E5X_alcEv>:
80485e0: 55 push %ebp
80485e1: a1 d8 98 04 08 mov 0x80498d8,%eax
80485e6: 89 e5 mov %esp,%ebp
80485e8: c7 00 c8 86 04 08 movl $0x80486c8,(%eax)
80485ee: 8b 08 mov (%eax),%ecx
80485f0: 5d pop %ebp
80485f1: 89 0d d8 98 04 08 mov %ecx,0x80498d8
80485f7: c3 ret
80485f8: 90 nop
80485f9: 8d b4 26 00 00 00 00 lea 0x0(%esi,1),%esi
---end asm----------------------------------------
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
@ 2003-08-18 21:47 ` pinskia at gcc dot gnu dot org
2003-08-18 21:55 ` bangerth at dealii dot org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-08-18 21:47 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
------- Additional Comments From pinskia at gcc dot gnu dot org 2003-08-18 21:47 -------
I think this is another aliasing problem, who knows the rules for C++ aliasing rules should look at
this. I think the code is violating them. In fact this look exactly the same problem as PR 11915,
even though it uses operator new and this code does not.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
2003-08-18 21:47 ` [Bug c++/11973] " pinskia at gcc dot gnu dot org
@ 2003-08-18 21:55 ` bangerth at dealii dot org
2003-08-18 22:48 ` pinskia at gcc dot gnu dot org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: bangerth at dealii dot org @ 2003-08-18 21:55 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
bangerth at dealii dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
------- Additional Comments From bangerth at dealii dot org 2003-08-18 21:55 -------
Your code is invalid. What you do is this:
- in new a->X_alc() you call C::operator new, which returns a C* which you later access
- however, C::operator new calls alc(), which returns the memory location of an object
which the compiler assumes is of type SList
Such type games violate C++'s type aliasing rules. The solution is either to fix your
code, or if you want to play hide-and-seek with the compiler, use -fno-strict-aliasing.
W.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
2003-08-18 21:47 ` [Bug c++/11973] " pinskia at gcc dot gnu dot org
2003-08-18 21:55 ` bangerth at dealii dot org
@ 2003-08-18 22:48 ` pinskia at gcc dot gnu dot org
2003-08-30 21:37 ` yuri at tsoft dot com
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-08-18 22:48 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Andreas dot Glowatz at
| |philips dot com
------- Additional Comments From pinskia at gcc dot gnu dot org 2003-08-18 22:48 -------
*** Bug 11915 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
` (2 preceding siblings ...)
2003-08-18 22:48 ` pinskia at gcc dot gnu dot org
@ 2003-08-30 21:37 ` yuri at tsoft dot com
2003-08-30 23:07 ` pinskia at gcc dot gnu dot org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: yuri at tsoft dot com @ 2003-08-30 21:37 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
yuri at tsoft dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|INVALID |
------- Additional Comments From yuri at tsoft dot com 2003-08-30 21:37 -------
Since I can not reopen similar to this Bug #11915 which was closed I
reopen this one:
I still think this is bug in GCC even considering aliasing rules.
Grounds:
* in "operator new" object is not created yet so aliasing rules no not apply.
NOTE1: aliasing rules begin to apply the moment after the operator new() exits
NOTE2: also if to treat memory area returned as an object and apply
operator new any "light memory allocating" there will become impossible,
which undermines the meaningfullness of operator new overloading.
Yuri
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
` (3 preceding siblings ...)
2003-08-30 21:37 ` yuri at tsoft dot com
@ 2003-08-30 23:07 ` pinskia at gcc dot gnu dot org
2003-08-31 2:04 ` yuri at tsoft dot com
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-08-30 23:07 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|critical |normal
Keywords| |wrong-code
------- Additional Comments From pinskia at gcc dot gnu dot org 2003-08-30 23:07 -------
I still think that this is not true. There is attribut in GCC (if this is really an aliasing problem) that
marks the type might alias other types, __may_alias__.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
` (4 preceding siblings ...)
2003-08-30 23:07 ` pinskia at gcc dot gnu dot org
@ 2003-08-31 2:04 ` yuri at tsoft dot com
2003-09-01 22:29 ` pinskia at gcc dot gnu dot org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: yuri at tsoft dot com @ 2003-08-31 2:04 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
------- Additional Comments From yuri at tsoft dot com 2003-08-31 02:04 -------
When "operator new" is called object is non-existent yet.
Aliasing rules talk about accessing two different types with one lvalue.
But in case of "operator new" the second one doesn't exist yet. Therefore
aliasing rules do not apply in this case. We return "void*" from operator new,
not object pointer.
If it was some other function (not operator new) I agree with you totally.
Yuri.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
` (5 preceding siblings ...)
2003-08-31 2:04 ` yuri at tsoft dot com
@ 2003-09-01 22:29 ` pinskia at gcc dot gnu dot org
2004-04-02 14:02 ` giovannibajo at libero dot it
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-09-01 22:29 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
------- Additional Comments From pinskia at gcc dot gnu dot org 2003-09-01 22:29 -------
Actually since "operator new" is still just a function, your anlysis is not true as they are still
the same lvalue and inlining the "operator new" just make sure they are the same lvalue
so the code is still invalid.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
` (6 preceding siblings ...)
2003-09-01 22:29 ` pinskia at gcc dot gnu dot org
@ 2004-04-02 14:02 ` giovannibajo at libero dot it
2005-06-05 8:43 ` pinskia at gcc dot gnu dot org
2005-06-05 8:43 ` pinskia at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: giovannibajo at libero dot it @ 2004-04-02 14:02 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From giovannibajo at libero dot it 2004-04-02 14:02 -------
Since this bug recently came up againt to my attention, I'd like to note that
both Segher Boessenkool and Nathan Sidwell confirmed that the code is illegal
because it breaks aliasing rules.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
` (8 preceding siblings ...)
2005-06-05 8:43 ` pinskia at gcc dot gnu dot org
@ 2005-06-05 8:43 ` pinskia at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-06-05 8:43 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2005-06-05 08:43 -------
Reopening to ...
--
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|INVALID |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug c++/11973] GCC 3.3 optimizer creates wrong code (i386/Linux)
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
` (7 preceding siblings ...)
2004-04-02 14:02 ` giovannibajo at libero dot it
@ 2005-06-05 8:43 ` pinskia at gcc dot gnu dot org
2005-06-05 8:43 ` pinskia at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-06-05 8:43 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2005-06-05 08:43 -------
Mark as a dup of bug 21920.
*** This bug has been marked as a duplicate of 21920 ***
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |DUPLICATE
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11973
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2005-06-05 8:43 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-18 21:14 [Bug c++/11973] New: GCC 3.3 optimizer creates wrong code (i386/Linux) yuri at tsoft dot com
2003-08-18 21:47 ` [Bug c++/11973] " pinskia at gcc dot gnu dot org
2003-08-18 21:55 ` bangerth at dealii dot org
2003-08-18 22:48 ` pinskia at gcc dot gnu dot org
2003-08-30 21:37 ` yuri at tsoft dot com
2003-08-30 23:07 ` pinskia at gcc dot gnu dot org
2003-08-31 2:04 ` yuri at tsoft dot com
2003-09-01 22:29 ` pinskia at gcc dot gnu dot org
2004-04-02 14:02 ` giovannibajo at libero dot it
2005-06-05 8:43 ` pinskia at gcc dot gnu dot org
2005-06-05 8:43 ` pinskia at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).