[Bug c/115477] New: compiling with gcc flips the sign of a float return value

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c/115477] New: compiling with gcc flips the sign of a float return value
@ 2024-06-13 15:28 s00na at protonmail dot com
  2024-06-13 15:39 ` [Bug middle-end/115477] " pinskia at gcc dot gnu.org
  2024-06-13 15:41 ` pinskia at gcc dot gnu.org
  0 siblings, 2 replies; 3+ messages in thread
From: s00na at protonmail dot com @ 2024-06-13 15:28 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115477

            Bug ID: 115477
           Summary: compiling with gcc flips the sign of a float return
                    value
           Product: gcc
           Version: 14.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: s00na at protonmail dot com
  Target Milestone: ---

##############
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/local/libexec/gcc/x86_64-linux-gnu/14.1.0/lto-wrapper
Target: x86_64-linux-gnu
Configured with: /usr/src/gcc/configure --build=x86_64-linux-gnu
--disable-multilib --enable-languages=c,c++,fortran,go
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 14.1.0 (GCC)
##############
A little context. I was playing around with the fast inverse square root
algorithm (https://en.wikipedia.org/wiki/Fast_inverse_square_root) and found
that compiling my own version of it returns the correct answer, but with the
wrong sign. I ecountered this behavior first on my archlinux system with gcc
14.1.1. To verify that it wasn't anything wrong with my setup I also spun up
docker containers for the latest versions of ubuntu, arch, gcc itself and
alpine. It happened on all of these except for the alpine container (gcc
13.2.1). Using clang to compile produces the correct/expected result except for
the gcc container where clang also produces the wrong result.
In all cases I compiled with:
gcc test.c
and ran the resulting file with:
./a.out
The expected result is:
0.447141
0.447141
The actual result with gcc is:
0.447141
-0.447141
Below is the code that produces the error.
test.c:

#include <stdio.h>
float bug(float number) {
        long i;
        float y = number;
        i = * ( long * ) &y;
        i = 0x5f3759df - ( i >> 1 );
        y = * ( float * ) &i;
        return (1.5F * y) + (-0.5F * number * y * y * y);
}
int main() {
        const float test = 5;
        printf("%f\n",bug(test));
        printf("%f\n",bug(test));
        return 0;
}

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug middle-end/115477] compiling with gcc flips the sign of a float return value
  2024-06-13 15:28 [Bug c/115477] New: compiling with gcc flips the sign of a float return value s00na at protonmail dot com
@ 2024-06-13 15:39 ` pinskia at gcc dot gnu.org
  2024-06-13 15:41 ` pinskia at gcc dot gnu.org
  1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-06-13 15:39 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115477

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
          Component|c                           |middle-end
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
        float y = number;
        i = * ( long * ) &y;


This is undefined (not just because of aliasing reasons) because you are
reading past the size of y here.  If you use int, since `sizeof(int) ==
sizeof(float)` the code will be less undefined. Note if you used memcpy
instead, the code would have been defined.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug middle-end/115477] compiling with gcc flips the sign of a float return value
  2024-06-13 15:28 [Bug c/115477] New: compiling with gcc flips the sign of a float return value s00na at protonmail dot com
  2024-06-13 15:39 ` [Bug middle-end/115477] " pinskia at gcc dot gnu.org
@ 2024-06-13 15:41 ` pinskia at gcc dot gnu.org
  1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2024-06-13 15:41 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115477

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Note with -fsanitize=address we get errors as one would expect:

=================================================================
==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7dc0b8500030
at pc 0x0000004012de bp 0x7ffdaad9b020 sp 0x7ffdaad9b018
READ of size 8 at 0x7dc0b8500030 thread T0
    #0 0x4012dd in bug(float) (/app/output.s+0x4012dd) (BuildId:
a1b2ef91caf86d8cdb54f9543157d73b050c2ddf)
    #1 0x401456 in main (/app/output.s+0x401456) (BuildId:
a1b2ef91caf86d8cdb54f9543157d73b050c2ddf)
    #2 0x7dc0ba229d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId:
962015aa9d133c6cbcfb31ec300596d7f44d3348)
    #3 0x7dc0ba229e3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId:
962015aa9d133c6cbcfb31ec300596d7f44d3348)
    #4 0x401114 in _start (/app/output.s+0x401114) (BuildId:
a1b2ef91caf86d8cdb54f9543157d73b050c2ddf)

Address 0x7dc0b8500030 is located in stack of thread T0 at offset 48 in frame
    #0 0x4011e5 in bug(float) (/app/output.s+0x4011e5) (BuildId:
a1b2ef91caf86d8cdb54f9543157d73b050c2ddf)

  This frame has 2 object(s):
    [48, 52) 'y' (line 5) <== Memory access at offset 48 partially overflows
this variable
    [64, 72) 'i' (line 4)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/app/output.s+0x4012dd)
(BuildId: a1b2ef91caf86d8cdb54f9543157d73b050c2ddf) in bug(float)
Shadow bytes around the buggy address:
  0x7dc0b84ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7dc0b84ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7dc0b84ffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7dc0b84fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7dc0b84fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x7dc0b8500000: f1 f1 f1 f1 f1 f1[04]f2 00 f3 f3 f3 00 00 00 00
  0x7dc0b8500080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7dc0b8500100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7dc0b8500180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7dc0b8500200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7dc0b8500280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1==ABORTING

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-06-13 15:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-06-13 15:28 [Bug c/115477] New: compiling with gcc flips the sign of a float return value s00na at protonmail dot com
2024-06-13 15:39 ` [Bug middle-end/115477] " pinskia at gcc dot gnu.org
2024-06-13 15:41 ` pinskia at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).