From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-155642-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 16135 invoked by alias); 25 Aug 2005 15:35:11 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 15982 invoked by uid 48); 25 Aug 2005 15:34:38 -0000
Date: Thu, 25 Aug 2005 15:39:00 -0000
From: "jakub at gcc dot gnu dot org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Message-ID: <20050825153435.23561.jakub@gcc.gnu.org>
Reply-To: gcc-bugzilla@gcc.gnu.org
Subject: [Bug rtl-optimization/23561] New: nonoverlapping_memrefs_p returns true even for overlapping memory references
X-Bugzilla-Reason: CC
X-SW-Source: 2005-08/txt/msg02921.txt.bz2
List-Id: <gcc-bugs.sourceware.org>

struct A
{
  char a1[1];
  char a2[5];
  char a3[1];
  char a4[2048 - 7];
} a;

typedef __SIZE_TYPE__ size_t;
extern void *memset (void *, int, size_t);
extern void *memcpy (void *, const void *, size_t);
extern int memcmp (const void *, const void *, size_t);
extern void abort (void);

void
bar (struct A *x)
{
  size_t i;
  if (memcmp (x, "\1HELLO\1", sizeof "\1HELLO\1"))
    abort ();
  for (i = 0; i < sizeof (x->a4); i++)
    if (x->a4[i])
      abort ();
}

int
foo (void)
{
  memset (&a, 0, sizeof (a));
  a.a1[0] = 1;
  memcpy (a.a2, "HELLO", sizeof "HELLO");
  a.a3[0] = 1;
  bar (&a);
  return 0;
}

int
main (void)
{
  foo ();
  return 0;
}

is miscompiled on ppc-linux at -O2 and -O3 (assuming the testcase is valid).
The 2 memcpy (a.a2, ...) instructions get swapped with a.a3[0] = 1 insn during
sched2, because nonoverlapping_memrefs_p says:
(mem/s:HI (plus:SI (reg/f:SI 29 29 [120]) (const_int 5 [0x5])) [0 a.a2+4 S2 A8])
and
(mem/s:QI (plus:SI (reg/f:SI 29 29 [120]) (const_int 6 [0x6])) [0 a.a3+0 S1 A8])
don't overlap (as they have recorded different fields of the same structure).
The patch that introduced this optimization was:
http://gcc.gnu.org/ml/gcc-patches/2001-12/msg00072.html
Now, is that valid C to overflow from one field into another one within the
same structure?  If yes, I think nonoverlapping_memrefs_p would need to take
into account offsets, sizes and relative distance of the fields.
If not, then perhaps glibc -D_FORTIFY_SOURCE=2 should use __builtin_offset_size
(dst, 1) rather than (dst, 0) even for memcpy/etc.

-- 
           Summary: nonoverlapping_memrefs_p returns true even for
                    overlapping memory references
           Product: gcc
           Version: 4.0.2
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: rtl-optimization
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: jakub at gcc dot gnu dot org
                CC: gcc-bugs at gcc dot gnu dot org,rth at gcc dot gnu dot
                    org
GCC target triplet: ppc-linux


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23561