public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "kungfujesus06 at gmail dot com" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c/108498] New: ppc64 big endian generates uninitialized reads with -fstore-merging Date: Mon, 23 Jan 2023 14:18:08 +0000 [thread overview] Message-ID: <bug-108498-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108498 Bug ID: 108498 Summary: ppc64 big endian generates uninitialized reads with -fstore-merging Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: kungfujesus06 at gmail dot com Target Milestone: --- It seems that populating a bit field of many with store merging enabled produces an access to uninitialized memory. Here's the minimal reproducer: ``` #include <stdio.h> #include <stdint.h> #define NVFX_FP_MASK_X 1 #define NVFX_FP_MASK_Y 2 #define NVFX_FP_MASK_Z 4 #define NVFX_FP_MASK_W 8 #define NVFX_FP_MASK_ALL 0xf #define NV40_FP_OP_OUT_NONE (1U << 30) #define NVFX_FP_OP_OPCODE_MUL 0x02 #define NVFX_COND_TR 7 #define NVFXSR_NONE 0 #define arith(s,o,d,m,s0,s1,s2) \ nvfx_insn((s), NVFX_FP_OP_OPCODE_##o, -1, \ (d), (m), (s0), (s1), (s2)) struct nvfx_reg { int8_t type; int32_t index; }; struct nvfx_src { struct nvfx_reg reg; uint8_t indirect : 1; uint8_t indirect_reg : 1; uint8_t indirect_swz : 2; uint8_t negate : 1; uint8_t abs : 1; uint8_t swz[4]; }; struct nvfx_insn { uint8_t op; char scale; int8_t unit; uint8_t mask; uint8_t cc_swz[4]; uint8_t sat : 1; uint8_t cc_update : 1; uint8_t cc_update_reg : 1; uint8_t cc_test : 3; uint8_t cc_test_reg : 1; struct nvfx_reg dst; struct nvfx_src src[3]; }; static inline struct nvfx_insn nvfx_insn(uint8_t sat, unsigned op, int unit, struct nvfx_reg dst, unsigned mask, struct nvfx_src s0, struct nvfx_src s1, struct nvfx_src s2) { struct nvfx_insn insn = { .op = op, .scale = 0, .unit = unit, .sat = sat, .mask = mask, .cc_update = 0, .cc_update_reg = 0, .cc_test = NVFX_COND_TR, .cc_test_reg = 0, .cc_swz = { 0, 1, 2, 3 }, .dst = dst, .src = {s0, s1, s2} }; return insn; } static inline struct nvfx_reg nvfx_reg(int type, int index) { struct nvfx_reg temp = { .type = type, .index = index, }; return temp; } static inline struct nvfx_src nvfx_src(struct nvfx_reg reg) { struct nvfx_src temp = { .reg = reg, .abs = 0, .negate = 0, .swz = { 0, 1, 2, 3 }, .indirect = 0, }; return temp; } struct nvfx_insn emit_test(void) { const struct nvfx_src none = nvfx_src(nvfx_reg(NVFXSR_NONE, 0)); struct nvfx_insn insn; struct nvfx_src src[2]; struct nvfx_reg tmp = {0, 1}; int mask, sat, unit = 0; int ai = -1, ci = -1, ii = -1; int i; src[0].reg.type = 0; src[0].reg.index = 2; src[1].reg.type = 4; src[1].reg.index = 8; return arith(0, MUL, tmp, NVFX_FP_MASK_X | NVFX_FP_MASK_Y, src[0], src[1], none); } int main(void) { struct nvfx_insn ins = emit_test(); printf("sat? = %d\n", ins.sat); } ``` This should print 0, with -fstore-merging it often prints 1. Valgrind shows it's access unitialized memory. The assembly with that optimization disabled and enabled are in the bug report filed here: https://gitlab.freedesktop.org/mesa/mesa/-/issues/8134
next reply other threads:[~2023-01-23 14:18 UTC|newest] Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-01-23 14:18 kungfujesus06 at gmail dot com [this message] 2023-01-23 15:18 ` [Bug c/108498] " kungfujesus06 at gmail dot com 2023-01-23 15:20 ` [Bug middle-end/108498] " pinskia at gcc dot gnu.org 2023-01-23 15:22 ` kungfujesus06 at gmail dot com 2023-01-23 15:34 ` kungfujesus06 at gmail dot com 2023-01-23 15:38 ` rguenth at gcc dot gnu.org 2023-01-23 15:48 ` kungfujesus06 at gmail dot com 2023-01-23 15:51 ` kungfujesus06 at gmail dot com 2023-01-23 15:54 ` kungfujesus06 at gmail dot com 2023-01-23 17:39 ` pinskia at gcc dot gnu.org 2023-01-23 17:40 ` pinskia at gcc dot gnu.org 2023-01-23 17:42 ` kungfujesus06 at gmail dot com 2023-01-23 17:45 ` pinskia at gcc dot gnu.org 2023-01-23 17:51 ` [Bug tree-optimization/108498] " pinskia at gcc dot gnu.org 2023-01-23 17:51 ` kungfujesus06 at gmail dot com 2023-01-23 18:18 ` kungfujesus06 at gmail dot com 2023-01-23 19:04 ` jakub at gcc dot gnu.org 2023-01-24 12:20 ` [Bug tree-optimization/108498] [11/12/13 Regression] " jakub at gcc dot gnu.org 2023-01-24 12:55 ` jakub at gcc dot gnu.org 2023-01-24 15:35 ` jakub at gcc dot gnu.org 2023-01-24 16:09 ` jakub at gcc dot gnu.org 2023-01-24 16:48 ` ebotcazou at gcc dot gnu.org 2023-01-24 17:10 ` jakub at gcc dot gnu.org 2023-01-24 17:33 ` ebotcazou at gcc dot gnu.org 2023-01-24 17:46 ` jakub at gcc dot gnu.org 2023-01-25 9:51 ` cvs-commit at gcc dot gnu.org 2023-01-25 10:35 ` [Bug tree-optimization/108498] [11/12 " jakub at gcc dot gnu.org 2023-02-10 17:46 ` cvs-commit at gcc dot gnu.org 2023-02-10 18:00 ` [Bug tree-optimization/108498] [11 " jakub at gcc dot gnu.org 2023-05-02 20:13 ` cvs-commit at gcc dot gnu.org 2023-05-03 10:35 ` jakub at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-108498-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).