public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/110292] New: undefined value due to strict aliasing without warning
@ 2023-06-16 20:55 yann at droneaud dot fr
  2023-06-16 21:03 ` [Bug c/110292] " yann at droneaud dot fr
                   ` (5 more replies)
  0 siblings, 6 replies; 7+ messages in thread
From: yann at droneaud dot fr @ 2023-06-16 20:55 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110292

            Bug ID: 110292
           Summary: undefined value due to strict aliasing without warning
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: yann at droneaud dot fr
  Target Milestone: ---

The following code (reduced with some help from cvise) doesn't trigger any
warning from GCC 13+

    $ cat test.c
    #include <stdint.h>

    struct a {
      uint8_t b:6;
    };

    struct c {
      uint64_t d:6;
    };

    void e(uint64_t *f, uint64_t *g) {
      struct c *h = (struct c *)f;
      struct a i[8] = { [7] = { h -> d } };
      __builtin___memcpy_chk (g, i, sizeof(i),
         __builtin_object_size (g, 0));
    }

    int main(void) {
      uint64_t j = 0;
      uint64_t k;
      e(&j, &k);
      if (k)
        __builtin_trap();

      return 0;
    }

But compiled under Fedora 39 (Rawhide, gcc 13.1.1-2, x86_64), it aborts,
because j location on the stack is not set to 0 before its address is being
passed to e() ... 

    $ gcc -Wall -Wextra -O2 test.c -o test
    $ ./test
    Aborted (core dumped)

Even if it doesn't abort (because the stack is cleared), there's a problem and
valgrind reports:

    $ gcc -Wall -Wextra -O2 -g3 test.c -o test
    $ valgrind --track-origins=yes ./test 
    ==63110== Memcheck, a memory error detector
    ==63110== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
    ==63110== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright
info
    ==63110== Command: ./test
    ==63110== 
    ==63110== Conditional jump or move depends on uninitialised value(s)
    ==63110==    at 0x401047: main (test.c:22)
    ==63110==  Uninitialised value was created by a stack allocation
    ==63110==    at 0x401030: main (test.c:18)
   ...

And, as one could see, line 18 doesn't match any of the variables that are
allocated.

Below, the assembly compiled by GCC:
    $ gcc -Wall -Wextra -O2 -g3 test.c -S
    $ cat test.s
    e:
        movzbl  (%rdi), %eax
        andl    $63, %eax
        salq    $56, %rax
        movq    %rax, (%rsi)
        ret
    main:
        subq    $16, %rsp
        leaq    8(%rsp), %rsi
        movq    %rsp, %rdi
        call    e
        cmpq    $0, 8(%rsp)
        jne     .L5
        xorl    %eax, %eax
        addq    $16, %rsp
        ret
    .L5:
        ud2

Code available at https://godbolt.org/z/b8sn314K9

Is it an aliasing issue in the code and GCC doesn't reports a warning ? Or
worse ?

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-06-17  6:47 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-16 20:55 [Bug c/110292] New: undefined value due to strict aliasing without warning yann at droneaud dot fr
2023-06-16 21:03 ` [Bug c/110292] " yann at droneaud dot fr
2023-06-16 21:07 ` pinskia at gcc dot gnu.org
2023-06-16 21:27 ` [Bug middle-end/110292] " pinskia at gcc dot gnu.org
2023-06-16 21:29 ` pinskia at gcc dot gnu.org
2023-06-17  5:46 ` yann at droneaud dot fr
2023-06-17  6:47 ` xry111 at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).