[Bug c/106068] New: Infinite loop generated with -mcpu=cortex-m7 and -O2

[Bug c/106068] New: Infinite loop generated with -mcpu=cortex-m7 and -O2

[dflogeras2 at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106068

            Bug ID: 106068
           Summary: Infinite loop generated with -mcpu=cortex-m7 and -O2
           Product: gcc
           Version: 10.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dflogeras2 at gmail dot com
  Target Milestone: ---

Created attachment 53197
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53197&action=edit
Preprocessed src to reproduce bug

We hit this suspected bug compiling an older firmware after recently upgrading
to a more recent version of GCC.  It can be triggered by 11.3.0, while the old
5.4.x version did not produce the infinite loop.

The code snippet is from a quite old version of LWIP (stripped down to the
minimal).  It appears to not be exiting the loop on the second condition (n<2).

The exact command I used to generate the .i is as follows:

  arm-none-eabi-gcc -mcpu=cortex-m7 src/core/dhcp.c -c -save-temps -g -O2


GCC that it definitely fails on is as follows:

arm-none-eabi-gcc -v
Using built-in specs.
COLLECT_GCC=arm-none-eabi-gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/arm-none-eabi/11.3.0/lto-wrapper
Target: arm-none-eabi
Configured with:
/var/tmp/notmpfs/portage/cross-arm-none-eabi/gcc-11.3.0/work/gcc-11.3.0/configure
--host=x86_64-pc-linux-gnu --target=arm-none-eabi --build=x86_64-pc-linux-gnu
--prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/arm-none-eabi/gcc-bin/11.3.0
--includedir=/usr/lib/gcc/arm-none-eabi/11.3.0/include
--datadir=/usr/share/gcc-data/arm-none-eabi/11.3.0
--mandir=/usr/share/gcc-data/arm-none-eabi/11.3.0/man
--infodir=/usr/share/gcc-data/arm-none-eabi/11.3.0/info
--with-gxx-include-dir=/usr/lib/gcc/arm-none-eabi/11.3.0/include/g++-v11
--with-python-dir=/share/gcc-data/arm-none-eabi/11.3.0/python
--enable-languages=c,c++ --enable-obsolete --enable-secureplt --disable-werror
--with-system-zlib --enable-nls --without-included-gettext
--disable-libunwind-exceptions --enable-checking=release
--with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo 11.3.0 p4'
--disable-esp --enable-libstdcxx-time --disable-libstdcxx-pch
--enable-poison-system-directories --disable-libstdcxx-time
--with-sysroot=/usr/arm-none-eabi --disable-bootstrap --with-newlib
--enable-multilib --disable-fixed-point --disable-libgomp --disable-libssp
--disable-libada --disable-cet --disable-systemtap
--disable-valgrind-annotations --disable-vtable-verify --disable-libvtv
--without-zstd --enable-lto --without-isl --disable-libsanitizer
--disable-default-pie --enable-default-ssp --with-multilib-list=rmprofile
Thread model: single
Supported LTO compression algorithms: zlib
gcc version 11.3.0 (Gentoo 11.3.0 p4)

[Bug target/106068] Infinite loop generated with -mcpu=cortex-m7 and -O2

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106068

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
You access an out of bounds for the array dhcp_rx_options_given in the while
statement:

  while((dhcp_rx_options_given[8 + n] != 0) && (n < 2)) {


Swap around the two expressions so you check to make sure n is less than 2
before doing the array access. that is:

  while((n < 2) && (dhcp_rx_options_given[8 + n] != 0)) {

[Bug target/106068] Infinite loop generated with -mcpu=cortex-m7 and -O2

[dflogeras2 at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106068

--- Comment #2 from Dave Flogeras <dflogeras2 at gmail dot com> ---
(In reply to Andrew Pinski from comment #1)
> You access an out of bounds for the array dhcp_rx_options_given in the while
> statement:
> 
>   while((dhcp_rx_options_given[8 + n] != 0) && (n < 2)) {
> 
> 
> Swap around the two expressions so you check to make sure n is less than 2
> before doing the array access. that is:
> 
>   while((n < 2) && (dhcp_rx_options_given[8 + n] != 0)) {


For that code, agreed, and that was indeed both our and upstreams workaround. 
We were just wondering if it was a legitimate compiler bug given that it
generated an infinite loop in asm.  Or does it just fall under "undefined"

[Bug target/106068] Infinite loop generated with -mcpu=cortex-m7 and -O2

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106068

--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Dave Flogeras from comment #2)
> For that code, agreed, and that was indeed both our and upstreams
> workaround.  We were just wondering if it was a legitimate compiler bug
> given that it generated an infinite loop in asm.  Or does it just fall under
> "undefined"

It is undefined if you access an out of bounds in an array. In this case the
compiler assumes there would be no such access and optimizes the range of n
because of the access and then removes the bounds check as the access already
happened.
So yes it is falls under undefined.