[Bug c++/56392] New: Crash while filling an odd-pitch 16bpp image with auto-vectorization enabled on x86_64 Linux platform

[Bug c++/56392] New: Crash while filling an odd-pitch 16bpp image with auto-vectorization enabled on x86_64 Linux platform

[s.jodogne at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56392

             Bug #: 56392
           Summary: Crash while filling an odd-pitch 16bpp image with
                    auto-vectorization enabled on x86_64 Linux platform
    Classification: Unclassified
           Product: gcc
           Version: 4.6.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: s.jodogne@gmail.com


Created attachment 29491
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=29491
Source code to reproduce the problem

I have written a very simple code to fill a 32x32 16bpp image with a constant
value (1024). The pitch/stride of my image (i.e. the number of bytes between
two successive lines) is large enough to hold an entire line, but is purposely
set to an odd number. The code is attached to this report.

I am using Linux x86_64 with gcc 4.6.1 (Ubuntu 11.10). The code runs fine with
the -O0, -O1 and -O2 optimization levels. Valgrind does not report any access
violation. However, as soon as I switch to -O3 or use the -ftree-vectorize
option to enable auto-vectorization, the program crashes:

# g++ -g -O2 -ftree-vectorize ./test.cpp -Wall -pedantic && ./a.out
Segmentation fault

The crash does not happen when I switch to 32bit binaries with the -m32 gcc
flag. It does not occur either if I use an even pitch (e.g. pitch = width * 2 +
2). This is also a C++-related problem: the code does not crash when I use
malloc() instead of the new[] operator. The problem is also present in g++
4.4.6 and g++ 4.5.4.

As I understand, this is related to memory alignment due to the odd pitch, but
should not the code produced by gcc be protected against this?

[Bug c++/56392] Crash while filling an odd-pitch 16bpp image with auto-vectorization enabled on x86_64 Linux platform

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56392

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |INVALID

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> 2013-02-19 11:51:47 UTC ---
You are dereferencing a pointer to uint16_t that is not sufficiently aligned
for that type.  The C standard prohibits this, resulting in undefined behavior.

[Bug c++/56392] Crash while filling an odd-pitch 16bpp image with auto-vectorization enabled on x86_64 Linux platform

[s.jodogne at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56392

--- Comment #2 from s.jodogne at gmail dot com 2013-02-19 11:56:45 UTC ---
(In reply to comment #1)
> You are dereferencing a pointer to uint16_t that is not sufficiently aligned
> for that type.  The C standard prohibits this, resulting in undefined behavior.

Thanks for your answer, but should not a warning be generated by gcc in such a
circumstance?

[Bug c++/56392] Crash while filling an odd-pitch 16bpp image with auto-vectorization enabled on x86_64 Linux platform

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56392

--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> 2013-02-19 12:25:04 UTC ---
(In reply to comment #2)
> (In reply to comment #1)
> > You are dereferencing a pointer to uint16_t that is not sufficiently aligned
> > for that type.  The C standard prohibits this, resulting in undefined behavior.
> 
> Thanks for your answer, but should not a warning be generated by gcc in such a
> circumstance?

It is, with -Wcast-align, but only on targets where unaligned accesses are
not supported.  That vectorization ends up turing x86_64 into such one isn't
considered by the warning code ...

[Bug c++/56392] Crash while filling an odd-pitch 16bpp image with auto-vectorization enabled on x86_64 Linux platform

[org.gnu.gcc.bugtracker at sotecware dot net]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56392

Jonas Wielicki <org.gnu.gcc.bugtracker at sotecware dot net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |org.gnu.gcc.bugtracker at
                   |                            |sotecware dot net

--- Comment #4 from Jonas Wielicki <org.gnu.gcc.bugtracker at sotecware dot net> 2013-02-19 15:25:32 UTC ---
Is there a way we could get a warning for doing this? Seems to be like a hole
one could easily fall in.

[Bug c++/56392] Crash while filling an odd-pitch 16bpp image with auto-vectorization enabled on x86_64 Linux platform

[redi at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56392

--- Comment #5 from Jonathan Wakely <redi at gcc dot gnu.org> 2013-02-19 15:52:31 UTC ---
Any code containing reinterpret_cast should serve as a warning!