[Bug c++/43555] New: wrong address calculation of multidimensional variable-length array element

[Bug c++/43555] New: wrong address calculation of multidimensional variable-length array element

[skir50 at gmail dot com]

In some cases addressing elements of multidimensioanl variable-length array
goes wrong. Consider the program:

------------------------
#include<stdio.h>
#include<stdlib.h>

int nx,ny;

void f(double *x1d,int choice)
{
  double (*x2d)[nx][ny]=(double(*)[nx][ny])x1d;
  unsigned long delta;
//  (*x2d)[0][0]=123; // <- this line affects the result
  if (choice!=0)
  {
    delta=&(*x2d)[1][0]-x1d;
  }
  else
  { 
    delta=&(*x2d)[1][0]-x1d;
  }
  printf("Choice: %d, Delta: %ld\n",choice,delta);
}

int main()
{ double *data;
  nx=100;
  ny=100;
  data=(double*)malloc(nx*ny*sizeof(double));
  f(data,0);
  f(data,1);
  free(data);
  return 0;
}
------------------------

The idea is to get a difference betweet the address of element [1][0] of
100*100 array and beginning of the array. If it is compiled as *.c by gcc,
everiyhing is right, and the output is:

$./a.exe
Choice: 0, Delta: 100
Choice: 1, Delta: 100

But if is compiled as *.cpp by g++, the output is:

$./a.exe
Choice: 0, Delta: 18517576
Choice: 1, Delta: 100

So, the error is in obtaining the address of element [1][0] in "else" section
in function "f". Analysis of assembler listing showed, that compiler makes a
copy of global variable "ny" on a stack and uses that copy to calculate an
address of any array element. But for the presented code it makes
initialisation of the copy only in the "if" section, when "choice!=0". And if
execution flow goes to "else" section, the copy of "ny" remains uninitialized
but still used. So, the calculated address of [1][0] is wrong.

If we add some array usage before "if" (for example, uncomment the commented
line), initialization of the copy of "ny" would be in right place and the
result would be correct.


-- 
           Summary: wrong address calculation of multidimensional variable-
                    length array element
           Product: gcc
           Version: 4.3.4
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: skir50 at gmail dot com
 GCC build triplet: i686-pc-cygwin
  GCC host triplet: i686-pc-cygwin
GCC target triplet: i686-pc-cygwin


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] wrong address calculation of multidimensional variable-length array element

[sezeroz at gmail dot com]

------- Comment #1 from sezeroz at gmail dot com  2010-03-28 15:49 -------
Happens with 4.3.0 and 4.4.4 on i686-pc-linux, too. Reproduced the problem with
g++ only at -O0. -O1 and higher output the wanted result.


-- 

sezeroz at gmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sezeroz at gmail dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] wrong address calculation of multidimensional variable-length array element

[rguenth at gcc dot gnu dot org]

------- Comment #2 from rguenth at gcc dot gnu dot org  2010-03-28 16:33 -------
Confirmed.  The problem seems to be gimplification of type sizes where
we end up putting the size calculation stmts into the conditional block,
a place not dominating the 2nd stmt where we re-use it:

  x2d = (double[0:(unsigned int) (SAVE_EXPR <(<unnamed-signed:32>) nx +
-1>)][0:(unsigned int) SAVE_EXPR <D.2820>] *) x1d;
  if (choice != 0) goto <D.2817>; else goto <D.2818>;
  <D.2817>:
  ny.2 = ny;
  D.2820 = ny.2 + -1;
  D.2821 = (unsigned int) D.2820;
  D.2822 = D.2821 + 1;
  D.2823 = &(*x2d)[1]{lb: 0 sz: D.2822 * 8}[0];
  D.2824 = (int) D.2823;
  x1d.3 = (int) x1d;
  D.2826 = D.2824 - x1d.3;
  D.2827 = D.2826 /[ex] 8;
  delta = (long unsigned int) D.2827;
  goto <D.2828>;
  <D.2818>:
  D.2829 = (unsigned int) D.2820;
  D.2830 = D.2829 + 1;
  D.2831 = &(*x2d)[1]{lb: 0 sz: D.2830 * 8}[0];
  D.2832 = (int) D.2831;
  x1d.4 = (int) x1d;
  D.2834 = D.2832 - x1d.4;
  D.2835 = D.2834 /[ex] 8;
  delta = (long unsigned int) D.2835;
  <D.2828>:
  printf (&"Choice: %d, Delta: %ld\n"[0], choice, delta);

also see how the type-sizes in the cast are not gimplified.  Thus, if
we'd have gimplified type-sizes when gimplifying

  <<cleanup_point <<< Unknown tree: expr_stmt
  (void) (x2d = (double[0:(unsigned int) (SAVE_EXPR <(<unnamed-signed:32>) nx +
-1>)][0:(unsigned int) (SAVE_EXPR <(<unnamed-signed:32>) ny + -1>)] *) x1d) >>>
>>;

it all would have worked out.  The C frontend seems to be lucky because
it decomposes the address difference internally:

  if (choice != 0)
    {
      delta = (long unsigned int) (((int) ((double *) x2d + (unsigned int)
SAVE_EXPR <ny> * 8) - (int) x1d) /[ex] 8);
    }
  else
    {
      delta = (long unsigned int) (((int) ((double *) x2d + (unsigned int)
SAVE_EXPR <ny> * 8) - (int) x1d) /[ex] 8);
    }

but even changing the testcase to sth different shows that for C we
properly gimplify type-sizes of casts.


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1
           Keywords|                            |wrong-code
      Known to fail|                            |4.3.4 4.4.2 4.5.0
   Last reconfirmed|0000-00-00 00:00:00         |2010-03-28 16:33:10
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[pinskia at gcc dot gnu dot org]

------- Comment #3 from pinskia at gcc dot gnu dot org  2010-04-09 21:01 -------
This used to work in 4.1.x.


-- 

pinskia at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  GCC build triplet|i686-pc-cygwin              |
   GCC host triplet|i686-pc-cygwin              |
 GCC target triplet|i686-pc-cygwin              |
      Known to work|                            |4.1.3
            Summary|wrong address calculation of|[4.3/4.4/4.5/4.6 Regression]
                   |multidimensional variable-  |wrong address calculation of
                   |length array element        |multidimensional variable-
                   |                            |length array element
   Target Milestone|---                         |4.3.5


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[hjl dot tools at gmail dot com]

------- Comment #4 from hjl dot tools at gmail dot com  2010-04-10 13:37 -------
It is caused by revision 117493:

http://gcc.gnu.org/ml/gcc-cvs/2006-10/msg00158.html


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[hjl dot tools at gmail dot com]

------- Comment #5 from hjl dot tools at gmail dot com  2010-04-10 13:39 -------
(In reply to comment #4)
> It is caused by revision 117493:
> 
> http://gcc.gnu.org/ml/gcc-cvs/2006-10/msg00158.html
> 

Maybe C++ frontend needs similar adjustment.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[rguenth at gcc dot gnu dot org]

-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P2


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[rguenth at gcc dot gnu dot org]

------- Comment #6 from rguenth at gcc dot gnu dot org  2010-05-22 18:13 -------
GCC 4.3.5 is being released, adjusting target milestone.


-- 

rguenth at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|4.3.5                       |4.3.6


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jason at gcc dot gnu dot org]

------- Comment #7 from jason at gcc dot gnu dot org  2010-05-27 18:32 -------
This doesn't work with my 4.1 tree.  Or with 3.2 for that matter.  It does work
with 2.95.


-- 

jason at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to work|4.1.3                       |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jason at gcc dot gnu dot org]

------- Comment #8 from jason at gcc dot gnu dot org  2010-05-27 18:36 -------
Subject: Bug 43555

Author: jason
Date: Thu May 27 18:36:22 2010
New Revision: 159938

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=159938
Log:
        PR c++/43555
        * decl.c (grokdeclarator) [cdk_pointer et al]: Force evaluation of
        anonymous VLA size.

Added:
    branches/gcc-4_5-branch/gcc/testsuite/g++.dg/ext/vla9.C
Modified:
    branches/gcc-4_5-branch/gcc/cp/ChangeLog
    branches/gcc-4_5-branch/gcc/cp/decl.c
    branches/gcc-4_5-branch/gcc/testsuite/ChangeLog


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jason at gcc dot gnu dot org]

------- Comment #9 from jason at gcc dot gnu dot org  2010-05-27 18:39 -------
Subject: Bug 43555

Author: jason
Date: Thu May 27 18:39:28 2010
New Revision: 159939

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=159939
Log:
        PR c++/43555
        * decl.c (grokdeclarator) [cdk_pointer et al]: Force evaluation of
        anonymous VLA size.

Added:
    trunk/gcc/testsuite/g++.dg/ext/vla9.C
Modified:
    trunk/gcc/cp/ChangeLog
    trunk/gcc/cp/decl.c
    trunk/gcc/testsuite/ChangeLog


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jason at gcc dot gnu dot org]

------- Comment #10 from jason at gcc dot gnu dot org  2010-05-27 19:00 -------
Subject: Bug 43555

Author: jason
Date: Thu May 27 19:00:33 2010
New Revision: 159942

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=159942
Log:
        PR c++/43555
        * decl.c (grokdeclarator) [cdk_pointer et al]: Force evaluation of
        anonymous VLA size.

Added:
    branches/gcc-4_4-branch/gcc/testsuite/g++.dg/ext/vla9.C
Modified:
    branches/gcc-4_4-branch/gcc/cp/ChangeLog
    branches/gcc-4_4-branch/gcc/cp/decl.c
    branches/gcc-4_4-branch/gcc/testsuite/ChangeLog


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jason at gcc dot gnu dot org]

------- Comment #11 from jason at gcc dot gnu dot org  2010-05-27 19:10 -------
Fixed for 4.4.6.  I'm inclined not to apply the change to 4.3 just in case it
causes problems somehow, but I could be convinced otherwise.


-- 

jason at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED
   Target Milestone|4.3.6                       |4.4.6


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jakub at gcc dot gnu dot org]

-- 

jakub at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|4.4.6                       |4.4.5


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jason at gcc dot gnu dot org]

------- Comment #12 from jason at gcc dot gnu dot org  2010-05-27 20:02 -------
Subject: Bug 43555

Author: jason
Date: Thu May 27 20:02:10 2010
New Revision: 159945

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=159945
Log:
        PR c++/43555
        * decl.c (grokdeclarator) [cdk_pointer et al]: Force evaluation of
        anonymous VLA size.

Added:
    branches/gcc-4_3-branch/gcc/testsuite/g++.dg/ext/vla9.C
Modified:
    branches/gcc-4_3-branch/gcc/cp/ChangeLog
    branches/gcc-4_3-branch/gcc/cp/decl.c
    branches/gcc-4_3-branch/gcc/testsuite/ChangeLog


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jason at gcc dot gnu dot org]

------- Comment #13 from jason at gcc dot gnu dot org  2010-05-27 20:04 -------
On reflection, I went ahead and applied it to 4.3 since it only affects VLA
code anyway.


-- 

jason at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to fail|4.3.4 4.4.2 4.5.0           |3.0 3.2 3.3 4.3.4 4.4.2
                   |                            |4.5.0
      Known to work|                            |2.95
   Target Milestone|4.4.5                       |4.3.7


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555

[Bug c++/43555] [4.3/4.4/4.5/4.6 Regression] wrong address calculation of multidimensional variable-length array element

[jakub at gcc dot gnu dot org]

-- 

jakub at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|4.3.7                       |4.3.6


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43555