From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 817813887011; Mon, 4 Jan 2021 15:21:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 817813887011 From: "marxin at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug tree-optimization/98513] New: [10/11 Regression] Wrong code with -O3 since r10-2804-gbf05a3bbb58b3558 Date: Mon, 04 Jan 2021 15:21:14 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: tree-optimization X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: marxin at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status keywords bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jan 2021 15:21:14 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D98513 Bug ID: 98513 Summary: [10/11 Regression] Wrong code with -O3 since r10-2804-gbf05a3bbb58b3558 Product: gcc Version: 11.0 Status: UNCONFIRMED Keywords: wrong-code Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: marxin at gcc dot gnu.org CC: acoplan at gcc dot gnu.org, rguenth at gcc dot gnu.org Target Milestone: --- It's reduced from a yarpgen test-case: $ cat combined.cc extern unsigned long long var_20; extern unsigned short arr_8[][26][1][1][11]; const int &max(int &a, const int &b) { return a > b ? a : b; } int test___trans_tmp_1, var_5 =3D -1251116163, var_6 =3D -1745956746; void test(int var_5, int var_6, signed char arr_1[][26][19]) { for (unsigned i_0 =3D 0; i_0 < 21; i_0 +=3D 2) for (int i_2 =3D 0; i_2 < 8; i_2 +=3D 82) { for (int i_3 =3D 0; i_3 < test___trans_tmp_1; i_3 +=3D 70) for (short i_4 =3D 0; i_4 < 20; i_4 +=3D 4) var_20 =3D max(var_5, 0); for (int i_5 =3D 0; i_5 < 19; i_5 +=3D 20) for (int i_6 =3D var_6 + 1745956746; i_6 < var_5 + 1251116173; i_6 = +=3D 1) arr_8[3][2][i_2][i_5][i_6] =3D arr_1[3][2][i_2]; } } unsigned long long var_20; signed char arr_1[1][26][19]; unsigned short arr_8[22][26][1][1][11]; int main() { test(var_5, var_6, arr_1); } $ g++-10 -O3 combined.cc -Wall -Wextra -Werror && timeout 2 valgrind ./a.out =3D=3D9389=3D=3D Memcheck, a memory error detector =3D=3D9389=3D=3D Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward e= t al. =3D=3D9389=3D=3D Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyri= ght info =3D=3D9389=3D=3D Command: ./a.out =3D=3D9389=3D=3D=20 =3D=3D9389=3D=3D Invalid write of size 2 =3D=3D9389=3D=3D at 0x401250: test(int, int, signed char (*) [26][19]) (= in /home/marxin/Programming/yarpgen/objdir/S3105191294/a.out) =3D=3D9389=3D=3D by 0x401035: main (in /home/marxin/Programming/yarpgen/objdir/S3105191294/a.out) =3D=3D9389=3D=3D Address 0xffffffff00404740 is not stack'd, malloc'd or (r= ecently) free'd =3D=3D9389=3D=3D=20 =3D=3D9389=3D=3D=20 =3D=3D9389=3D=3D Process terminating with default action of signal 11 (SIGS= EGV): dumping core =3D=3D9389=3D=3D Access not within mapped region at address 0xFFFFFFFF0040= 4740 =3D=3D9389=3D=3D at 0x401250: test(int, int, signed char (*) [26][19]) (= in /home/marxin/Programming/yarpgen/objdir/S3105191294/a.out) =3D=3D9389=3D=3D by 0x401035: main (in /home/marxin/Programming/yarpgen/objdir/S3105191294/a.out) =3D=3D9389=3D=3D If you believe this happened as a result of a stack =3D=3D9389=3D=3D overflow in your program's main thread (unlikely but =3D=3D9389=3D=3D possible), you can try to increase the size of the =3D=3D9389=3D=3D main thread stack using the --main-stacksize=3D flag. =3D=3D9389=3D=3D The main thread stack size used in this run was 8388608. =3D=3D9389=3D=3D=20 =3D=3D9389=3D=3D HEAP SUMMARY: =3D=3D9389=3D=3D in use at exit: 0 bytes in 0 blocks =3D=3D9389=3D=3D total heap usage: 1 allocs, 1 frees, 72,704 bytes alloca= ted =3D=3D9389=3D=3D=20 =3D=3D9389=3D=3D All heap blocks were freed -- no leaks are possible =3D=3D9389=3D=3D=20 =3D=3D9389=3D=3D For lists of detected and suppressed errors, rerun with: -s =3D=3D9389=3D=3D ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 fro= m 0) timeout: the monitored command dumped core Segmentation fault It should not contain any undefined behavior, verified with: $ clang++ combined.cc -Wall -Wextra -Werror && timeout 1 ./a.out && g++ combined.cc -Wall -Wextra -Werror && timeout 1 ./a.out && g++-10 -fsanitize=3Daddress,undefined -fno-sanitize-recover=3Dall combined.cc && t= imeout 2 ./a.out=