From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id B25053858D28; Mon, 28 Aug 2023 16:38:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B25053858D28 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1693240730; bh=hZLHIHBGkiFNKrXRPxpfQz8rpGz+woW5lIa0iAl4LFQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=rtztln8ekv1PeZlG3bW8+vGxhMGpXoGG6Di02x14qNQEOr7LOhvnE4spa4d99S+yb DDXawMS5l/S7UkmAODUQkmrp+NP3r3i/qnEUnfMxjQgX6SnJuW1iHRXVXS5LspJmYr uezpcKBNQTmNYR8bauXA5q3v1fDoJfLemvyiSkVk= From: "tg at mirbsd dot org" To: gcc-bugs@gcc.gnu.org Subject: [Bug target/111165] [13 regression] builtin strchr miscompiles on Debian/x32 with dietlibc Date: Mon, 28 Aug 2023 16:38:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: target X-Bugzilla-Version: 13.2.0 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: tg at mirbsd dot org X-Bugzilla-Status: WAITING X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 13.3 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D111165 --- Comment #18 from Thorsten Glaser --- I cannot, unfortunately. But I have found _another_ =E2=80=9Cmitigation=E2= =80=9D: varsub() is static and has only one caller: https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=3Dalioth/mksh.git;a= =3Dblob;f=3Deval.c;h=3Dcb959b1d1104229ead20a698ff2dc974b8da3b10;hb=3D35563a= 7897b98de2743233c5f3340a14bea6ebf2#l400 By making varsub=E2=80=A6 https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=3Dalioth/mksh.git;a= =3Dblob;f=3Deval.c;h=3Dcb959b1d1104229ead20a698ff2dc974b8da3b10;hb=3D35563a= 7897b98de2743233c5f3340a14bea6ebf2#l1238 =E2=80=A6 not static, the bug *also* goes away. (Probably because varsub is= not inlined.) Now we see that=E2=80=A6 399 sp =3D cstrchr(sp, '\0') + 1; 400 type =3D varsub(&x, varname, sp, &styp= e, &slen); =E2=80=A6 the varsub call is *directly* below the strchr/strlen line, *and*= it gets passed the sp variable. (Inside varsub, the variable is also modified.) My suspicion here is that, somehow only triggerable on x32+dietlibc, someth= ing about the multiple modifications of sp (just before and within varsub) conf= uses GCC? And indeed. Adding -O2, -O1, -O0 to the GCC command line doesn=E2=80=99t he= lp, but -fno-inline again does. As does adding an attribute to the function prototype: static int varsub(Expand *, const char *, const char *, unsigned int *, int= *) __attribute__((noinline)); Could we somehow debug there further? I really don=E2=80=99t see a way to r= eproduce this on x32/glibc or amd64=E2=80=A6=