Suspected bug, triggering code included

Suspected bug, triggering code included

[Nils M Holm]

Hello,

I suspect that I have found a bug in GCC. In this message you find
all information you request at http://gcc.gnu.org/bugs.html.

Best regards, Nils Holm

---------- description ----------
An member of an array A is assigned the value of a function P.
As a side effect, the function P realloc()s the array A.

When including the array A in a multiple assignment, the
old address of A is used instead of the address of the newly
allocated memory.

When splitting the multiple assignment in two (see #ifdef WORK_AROUND),
everything works fine.
---------- /description ----------

---------- code ----------
#include <stdlib.h>

int	*a;

int p() {
	int	*x, *y;

	x = a;
	y = x;
	a = (int *) realloc(a, 20 * sizeof(int));
	return 42;
}

main(void) {
	int	i;

	a = (int *) malloc(10 * sizeof(int));
#ifdef WORK_AROUND
	i = p();
	a[5] = i;
#else
	a[5] = i = p();
#endif
	printf("%d\n", a[5]);
}
---------- /code ----------

---------- GCC config ----------
Using built-in specs.
Configured with: FreeBSD/i386 system compiler
Thread model: posix
gcc version 3.4.4 [FreeBSD] 20050518
---------- /GCC config ----------

---------- environment ----------
FreeBSD 6.1-RELEASE i386

% gcc -o _ _.c
---------- /environment ----------

---------- intermediate output ----------
# 1 "_.c"
# 1 "<built-in>"
# 1 "<command line>"
# 1 "_.c"
# 1 "/usr/include/stdlib.h" 1 3 4
# 40 "/usr/include/stdlib.h" 3 4
# 1 "/usr/include/sys/cdefs.h" 1 3 4
# 41 "/usr/include/stdlib.h" 2 3 4
# 1 "/usr/include/sys/_null.h" 1 3 4
# 42 "/usr/include/stdlib.h" 2 3 4
# 1 "/usr/include/sys/_types.h" 1 3 4
# 33 "/usr/include/sys/_types.h" 3 4
# 1 "/usr/include/machine/_types.h" 1 3 4
# 51 "/usr/include/machine/_types.h" 3 4
typedef signed char __int8_t;
typedef unsigned char __uint8_t;
typedef short __int16_t;
typedef unsigned short __uint16_t;
typedef int __int32_t;
typedef unsigned int __uint32_t;







typedef int __attribute__((__mode__(__DI__))) __int64_t;
typedef unsigned int __attribute__((__mode__(__DI__))) __uint64_t;
# 76 "/usr/include/machine/_types.h" 3 4
typedef unsigned long __clock_t;
typedef unsigned int __cpumask_t;
typedef __int32_t __critical_t;
typedef double __double_t;
typedef double __float_t;
typedef __int32_t __intfptr_t;
typedef __int64_t __intmax_t;
typedef __int32_t __intptr_t;
typedef __int32_t __int_fast8_t;
typedef __int32_t __int_fast16_t;
typedef __int32_t __int_fast32_t;
typedef __int64_t __int_fast64_t;
typedef __int8_t __int_least8_t;
typedef __int16_t __int_least16_t;
typedef __int32_t __int_least32_t;
typedef __int64_t __int_least64_t;
typedef __int32_t __ptrdiff_t;
typedef __int32_t __register_t;
typedef __int32_t __segsz_t;
typedef __uint32_t __size_t;
typedef __int32_t __ssize_t;
typedef __int32_t __time_t;
typedef __uint32_t __uintfptr_t;
typedef __uint64_t __uintmax_t;
typedef __uint32_t __uintptr_t;
typedef __uint32_t __uint_fast8_t;
typedef __uint32_t __uint_fast16_t;
typedef __uint32_t __uint_fast32_t;
typedef __uint64_t __uint_fast64_t;
typedef __uint8_t __uint_least8_t;
typedef __uint16_t __uint_least16_t;
typedef __uint32_t __uint_least32_t;
typedef __uint64_t __uint_least64_t;
typedef __uint32_t __u_register_t;
typedef __uint32_t __vm_offset_t;
typedef __int64_t __vm_ooffset_t;



typedef __uint32_t __vm_paddr_t;

typedef __uint64_t __vm_pindex_t;
typedef __uint32_t __vm_size_t;





typedef __builtin_va_list __va_list;






typedef __va_list __gnuc_va_list;
# 34 "/usr/include/sys/_types.h" 2 3 4




typedef __uint32_t __blksize_t;
typedef __int64_t __blkcnt_t;
typedef __int32_t __clockid_t;
typedef __uint32_t __fflags_t;
typedef __uint64_t __fsblkcnt_t;
typedef __uint64_t __fsfilcnt_t;
typedef __uint32_t __gid_t;
typedef __int64_t __id_t;
typedef __uint32_t __ino_t;
typedef long __key_t;
typedef __int32_t __lwpid_t;
typedef __uint16_t __mode_t;
typedef int __nl_item;
typedef __uint16_t __nlink_t;
typedef __int64_t __off_t;
typedef __int32_t __pid_t;
typedef __int64_t __rlim_t;


typedef __uint8_t __sa_family_t;
typedef __uint32_t __socklen_t;
typedef long __suseconds_t;
typedef __int32_t __timer_t;
typedef __uint32_t __uid_t;
typedef unsigned int __useconds_t;
# 82 "/usr/include/sys/_types.h" 3 4
typedef int __ct_rune_t;
typedef __ct_rune_t __rune_t;
typedef __ct_rune_t __wchar_t;
typedef __ct_rune_t __wint_t;

typedef __uint32_t __dev_t;

typedef __uint32_t __fixpt_t;





typedef union {
 char __mbstate8[128];
 __int64_t _mbstateL;
} __mbstate_t;
# 43 "/usr/include/stdlib.h" 2 3 4



typedef __rune_t rune_t;





typedef __size_t size_t;





typedef __wchar_t wchar_t;




typedef struct {
 int quot;
 int rem;
} div_t;

typedef struct {
 long quot;
 long rem;
} ldiv_t;






extern int __mb_cur_max;



void abort(void) __attribute__((__noreturn__));
int abs(int) __attribute__((__const__));
int atexit(void (*)(void));
double atof(const char *);
int atoi(const char *);
long atol(const char *);
void *bsearch(const void *, const void *, size_t,
     size_t, int (*)(const void *, const void *));
void *calloc(size_t, size_t);
div_t div(int, int) __attribute__((__const__));
void exit(int) __attribute__((__noreturn__));
void free(void *);
char *getenv(const char *);
long labs(long) __attribute__((__const__));
ldiv_t ldiv(long, long) __attribute__((__const__));
void *malloc(size_t);
int mblen(const char *, size_t);
size_t mbstowcs(wchar_t * , const char * , size_t);
int mbtowc(wchar_t * , const char * , size_t);
void qsort(void *, size_t, size_t,
     int (*)(const void *, const void *));
int rand(void);
void *realloc(void *, size_t);
void srand(unsigned);
double strtod(const char * , char ** );
float strtof(const char * , char ** );
long strtol(const char * , char ** , int);
long double
  strtold(const char * , char ** );
unsigned long
  strtoul(const char * , char ** , int);
int system(const char *);
int wctomb(char *, wchar_t);
size_t wcstombs(char * , const wchar_t * , size_t);
# 130 "/usr/include/stdlib.h" 3 4
typedef struct {
 long long quot;
 long long rem;
} lldiv_t;


long long
  atoll(const char *);

long long
  llabs(long long) __attribute__((__const__));

lldiv_t lldiv(long long, long long) __attribute__((__const__));

long long
  strtoll(const char * , char ** , int);

unsigned long long
  strtoull(const char * , char ** , int);


void _Exit(int) __attribute__((__noreturn__));
# 161 "/usr/include/stdlib.h" 3 4
int rand_r(unsigned *);
int setenv(const char *, const char *, int);
void unsetenv(const char *);
# 174 "/usr/include/stdlib.h" 3 4
long a64l(const char *);
double drand48(void);

double erand48(unsigned short[3]);


int getsubopt(char **, char *const *, char **);
int grantpt(int);
char *initstate(unsigned long , char *, long);
long jrand48(unsigned short[3]);
char *l64a(long);
void lcong48(unsigned short[7]);
long lrand48(void);

int mkstemp(char *);



char *mktemp(char *);


long mrand48(void);
long nrand48(unsigned short[3]);
int posix_openpt(int);
char *ptsname(int);
int putenv(const char *);
long random(void);
char *realpath(const char *, char resolved_path[]);
unsigned short
 *seed48(unsigned short[3]);

int setkey(const char *);


char *setstate( char *);
void srand48(long);
void srandom(unsigned long);
int unlockpt(int);



extern const char *_malloc_options;
extern void (*_malloc_message)(const char *, const char *, const char *,
     const char *);
# 235 "/usr/include/stdlib.h" 3 4
__uint32_t
  arc4random(void);
void arc4random_addrandom(unsigned char *dat, int datlen);
void arc4random_stir(void);
char *getbsize(int *, long *);

char *cgetcap(char *, const char *, int);
int cgetclose(void);
int cgetent(char **, char **, const char *);
int cgetfirst(char **, char **);
int cgetmatch(const char *, const char *);
int cgetnext(char **, char **);
int cgetnum(char *, const char *, long *);
int cgetset(const char *);
int cgetstr(char *, const char *, char **);
int cgetustr(char *, const char *, char **);

int daemon(int, int);
char *devname(int, int);
char *devname_r(int, int, char *, int);
int getloadavg(double [], int);
const char *
  getprogname(void);

int heapsort(void *, size_t, size_t, int (*)(const void *, const void *));
int l64a_r(long, char *, int);
int mergesort(void *, size_t, size_t, int (*)(const void *, const void *));
void qsort_r(void *, size_t, size_t, void *,
     int (*)(void *, const void *, const void *));
int radixsort(const unsigned char **, int, const unsigned char *,
     unsigned);
void *reallocf(void *, size_t);
int rpmatch(const char *);
void setprogname(const char *);
int sradixsort(const unsigned char **, int, const unsigned char *,
     unsigned);
void sranddev(void);
void srandomdev(void);
long long
  strtonum(const char *, long long, long long, const char **);


__int64_t
  strtoq(const char *, char **, int);
__uint64_t
  strtouq(const char *, char **, int);

extern char *suboptarg;


# 2 "_.c" 2

int *a;

int p() {
 int *x, *y;

 x = a;
 y = x;
 a = (int *) realloc(a, 20 * sizeof(int));
 return 42;
}

main(void) {
 int i;

 a = (int *) malloc(10 * sizeof(int));




 a[5] = i = p();

 printf("%d\n", a[5]);
}
---------- /intermediate output ----------

-- 
Nils M Holm <nmh@t3x.org> -- http://t3x.org/nmh/

Re: Suspected bug, triggering code included

[Andreas Schwab]

Nils M Holm <nmh@t3x.org> writes:

> ---------- description ----------
> An member of an array A is assigned the value of a function P.
> As a side effect, the function P realloc()s the array A.
>
> When including the array A in a multiple assignment, the
> old address of A is used instead of the address of the newly
> allocated memory.

This is not a bug.  The evaluation order of the operands is unspecified.

> When splitting the multiple assignment in two (see #ifdef WORK_AROUND),
> everything works fine.

It's not a workaround, it's the only correct solution.

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."