From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id DB3C6386EC02; Mon, 6 Jun 2022 12:51:23 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DB3C6386EC02 From: "tpg+gcc at mutabah dot net" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/105860] New: Miscompilation causing clobbered union contents Date: Mon, 06 Jun 2022 12:51:23 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 10.3.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: tpg+gcc at mutabah dot net X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2022 12:51:24 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105860 Bug ID: 105860 Summary: Miscompilation causing clobbered union contents Product: gcc Version: 10.3.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: tpg+gcc at mutabah dot net Target Milestone: --- Created attachment 53092 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D53092&action=3Dedit Reproduction source file, compile with `gcc -O1` Found while debugging this issue with auto-generated code: https://github.com/thepowersgang/mrustc/issues/266#issuecomment-1147389581 gcc generates code that reads 32-bits from offset 8 of a union, and then wr= ites that value back to offset 4 before copying 64-bits from offset 4, causing d= ata corruption. This issue is present on gcc 10.3.0 (`gcc (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0`) and on gcc 11.1 (`gcc-11 (Ubuntu 11.1.0-1ubuntu1~20.04) 11.1.0`), = but not on gcc 9.4.0 (`gcc-9 (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0`) Compiler flags required: `-O1` Disassembly with comments pointing to the faulty instructions. ``` 0000000000000000 : 0: f3 0f 1e fa endbr64=20 4: 41 56 push %r14 6: 41 55 push %r13 8: 41 54 push %r12 a: 49 89 fc mov %rdi,%r12 d: 55 push %rbp e: 53 push %rbx f: 48 83 ec 10 sub $0x10,%rsp 13: 8b 5c 24 40 mov 0x40(%rsp),%ebx 17: 8b 6c 24 48 mov 0x48(%rsp),%ebp ; Read word 3 1b: 81 fb 01 ff ff ff cmp $0xffffff01,%ebx 21: 74 4d je 70 23: 81 fb 03 ff ff ff cmp $0xffffff03,%ebx 29: 74 5d je 88 -- SNIP --- 88: 89 6c 24 44 mov %ebp,0x44(%rsp) ; Write word 3 over word 2 8c: 48 8b 44 24 44 mov 0x44(%rsp),%rax ; Read words 2/3 (values from 3/3) 91: 48 89 47 04 mov %rax,0x4(%rdi) ; Write to words 2= /3 of output 95: eb af jmp 46 ```=