From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7370 invoked by alias); 17 Jan 2015 09:23:17 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 7347 invoked by uid 48); 17 Jan 2015 09:23:07 -0000 From: "meisenmann.lba@fh-salzburg.ac.at" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/64642] New: Malformed code as result of C-cast to (polymorphic) object-reference (an opt-level ...) Date: Sat, 17 Jan 2015 09:23:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 4.9.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: meisenmann.lba@fh-salzburg.ac.at X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-01/txt/msg01639.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64642 Bug ID: 64642 Summary: Malformed code as result of C-cast to (polymorphic) object-reference (an opt-level ...) Product: gcc Version: 4.9.2 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: meisenmann.lba@fh-salzburg.ac.at Hi! I've analyzed some (IMHO) malicious/mallformed cast(s) to a reference-type by using a C-cast. Additional to the already documented issue on an ICE (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64641), I've determined a similar test, which generates malformed (assembler) code. Note: I've used a (private) build of an GCC Cross-compiler (target=i386-elf, host=mingw32), but the Mingw-W64 build of GCC 4.9.2 *) shows the same result. *) Downloaded from http://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/4.9.2/threads-posix/dwarf/ (package i686-4.9.2-release-posix-dwarf-rt_v3-rev1.7z) Following (minimal) sample: /*-----*/ class A { public: virtual int get() const { return m_val; } protected: int m_val; }; int Test3(int arg) { A& ref = (A&) arg; return ref.get(); } /*-----*/ The difference to the "ICE-sample" (bug 64641) is only the type of the argument (Ie. using 'int' instead of 'int*'). If the method get() has an inline-definition (like above) and if (for example) the compiler-optimization '-Os' is used, the generated i386/x86-code is: __Z5Test3i: LFB1: .cfi_startproc pushl %ebp .cfi_def_cfa_offset 8 .cfi_offset 5, -8 movl %esp, %ebp .cfi_def_cfa_register 5 .cfi_endproc And nothing "more"; Ie. only the function-prolog is there, but the body (cast, virtual call) and function-epilog is dropped! Note: As noted above, it' depends on the inline-definition and opt-level (maybe other optimization-options). Best regards from Salzburg, Markus