From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-457387-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 10214 invoked by alias); 30 Jul 2014 13:21:34 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 10177 invoked by uid 48); 30 Jul 2014 13:21:28 -0000
From: "andersk at mit dot edu" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/61964] New: [4.8 regression] krb5 database propagation enters infinite loop; reduced test case
Date: Wed, 30 Jul 2014 13:21:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.8.3
X-Bugzilla-Keywords:
X-Bugzilla-Severity: major
X-Bugzilla-Who: andersk at mit dot edu
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-61964-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-07/txt/msg01978.txt.bz2

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D61964

            Bug ID: 61964
           Summary: [4.8 regression] krb5 database propagation enters
                    infinite loop; reduced test case
           Product: gcc
           Version: 4.8.3
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: andersk at mit dot edu

Kerberos is miscompiled by gcc-4.8.  The impact is detailed at
https://bugs.launchpad.net/bugs/1347147, but here is a reduced test case.  =
The
expected return is 0, but when compiled with gcc-4.8 -O2, it returns 1.

$ cat bug.c

struct node { struct node *next, *prev; } node;
struct head { struct node *first; } heads[5];
int k =3D 2;
struct head *head =3D &heads[2];

int main()
{
  node.prev =3D (void *)head;
  head->first =3D &node;

  struct node *n =3D head->first;
  struct head *h =3D &heads[k];

  if (n->prev =3D=3D (void *)h)
    h->first =3D n->next;
  else
    n->prev->next =3D n->next;

  n->next =3D h->first;
  return n->next =3D=3D &node;
}

$ gcc-4.7 -Wall -O2 bug.c -o bug; ./bug; echo $?
0
$ gcc-4.8 -Wall -O2 bug.c -o bug; ./bug; echo $?
1
$ gcc-4.9 -Wall -O2 bug.c -o bug; ./bug; echo $?
0
$ dpkg -l gcc-4.7 gcc-4.8 gcc-4.9
[=E2=80=A6]
ii  gcc-4.7  4.7.4-2ubuntu1  amd64  GNU C compiler
ii  gcc-4.8  4.8.3-6ubuntu1  amd64  GNU C compiler
ii  gcc-4.9  4.9.1-3ubuntu2  amd64  GNU C compiler

I bisected the point where the problem disappeared between 4.8 and 4.9 at
r202525.  However, I don=E2=80=99t understand why.  I=E2=80=99m scared by t=
he fact that r202525
was intended to fix a =E2=80=9Cmissed-optimization=E2=80=9D bug (bug 58404).
>>From gcc-bugs-return-457388-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Wed Jul 30 13:39:45 2014
Return-Path: <gcc-bugs-return-457388-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 26090 invoked by alias); 30 Jul 2014 13:39:45 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 26061 invoked by uid 48); 30 Jul 2014 13:39:40 -0000
From: "rguenth at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/61964] [4.8 regression] krb5 database propagation enters infinite loop; reduced test case
Date: Wed, 30 Jul 2014 13:39:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 4.8.3
X-Bugzilla-Keywords:
X-Bugzilla-Severity: major
X-Bugzilla-Who: rguenth at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cf_known_to_work cf_known_to_fail
Message-ID: <bug-61964-4-Ldd9IwreIh@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-61964-4@http.gcc.gnu.org/bugzilla/>
References: <bug-61964-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-07/txt/msg01979.txt.bz2
Content-length: 836

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61964

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Known to work|4.7.4, 4.9.0                |
      Known to fail|4.8.3                       |

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
The testcase is violating strict-aliasing rules as you access a struct head
as struct node here:

  if (n->prev == (void *)h)
    h->first = n->next;
  else
    n->prev->next = n->next;

as n->prev points to &heads[0] while h is &heads[2] (an out-of-bound pointer).
So n->prev is a struct head and you access a next field of a struct node of it.

Changing k to 0 makes the testcase pass (now you don't run into the bogus
path).