From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25856 invoked by alias); 4 Sep 2011 08:58:13 -0000 Received: (qmail 25839 invoked by uid 22791); 4 Sep 2011 08:58:12 -0000 X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,TW_JS X-Spam-Check-By: sourceware.org Received: from localhost (HELO gcc.gnu.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 04 Sep 2011 08:57:57 +0000 From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/50284] possible miscompilation with -fstrict-aliasing Date: Sun, 04 Sep 2011 08:58:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Status Resolution Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2011-09/txt/msg00242.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50284 Richard Guenther changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID --- Comment #6 from Richard Guenther 2011-09-04 08:57:35 UTC --- (In reply to comment #4) > (In reply to comment #3) > > struct Value { > > struct jsval data; > > }; > > ... > > struct jsval y = t3.array[i]; > > struct Value *z = (struct Value*)&y; > > if (z->data.tag == 0xFFFFFF85) { > > > > that's invalid in GCCs reading of 6.5 p7. jsval is a subset of Value's > > alias-set > > but not the other way around. GCC reads z->data.tag as an access to an > > object of type Value which is invalid. > > So downcast (i.e. casting to a more specialized type) are invalid even if > original data type is correct (not that it is in the reduced testcase)? That is > really strict :-( No, if there is an object of dynamic type Value at &y then the code is valid. But you've stored to *&y via an lvalue of type jsval and are reading from it via an lvalue of type Value. > > The contorted reasoning is that the pointer conversion invokes undefined > > behavior. Definitely an interesting blog post ;) > > is there any hope that gcc could be made a bit less strict? Either reading the > member access as not involving an access to the full object or accepting > downcasts (when the original type matches) would work. My preference would be > for the second option, as downcasts are fairly common in OO. Well, if we allow this case then we can drop any advanced TBAA we do completely. This restriction is really fundamental to TBAA based optimizations. Otherwise consider int i; struct X { int k; .... }; int foo(struct X *p) { i = 0; p->k = 1; return i; } and we couldn't be sure that p->k is not accessing i and thus not optimize the above to return 0. That would be very bad. You have -fno-strict-aliasing to "save" you. Your better testcase doesn't change anything - you've just changed the type of an unrelated object.