Could someone tell me what is wrong here?

Could someone tell me what is wrong here?

[Máté Soós]

Dear All,

I maintain a program and I seemed to have stumbled into some bug of
either the program or gcc. Thanks to Vegard Nossum, we have a really
small (101 lines, most of them empty) example to reproduce it. The bug
appears when I compile the program with gcc 4.5.1 (I believe it
appears for 4.5.0 and 4.5.2 as well), with -O2. The program is meant
to print "success", but when compiled with -O2 it returns "failure",
while for -O0 works fine. The file is available here:

http://planete.inrialpes.fr/~soos/gcc/

as "Main.cpp" and "compile.sh".

Machine it is compiled on:
distribution: Fedora Core 14
gcc --version: gcc (GCC) 4.5.1 20100924 (Red Hat 4.5.1-4)
uname -a: Linux localhost.localdomain 2.6.35.6-45.fc14.i686 #1 SMP Mon
Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux

This bug seemed to have been triggered in the original (>13'000 LOC)
program by multiple people, using multiple 4.5.X versions, on
different computers&distributions.

Does anyone know why I get this bug? Could anyone confirm that this
the bug triggers on their architecture, distribution, and compiler
version (only >= 4.5.0 seems to be affected)?

Thank you in advance,

Mate

--
Mate Soos
Security Research Labs
www.srlabs.de
www.msoos.org

Re: Could someone tell me what is wrong here?

[Brian Budge]

I haven't done an in-depth analysis of your code, but I noticed that
in my own code, that casting a bool to an integer type did not always
yield 0 or 1 (I believe this was new in 4.5x).  I ended up changing
from
 += (uint32_t)mybool
to
 += mybool ? 1 : 0

Does this help in your code?

  Brian

On Wed, Jan 19, 2011 at 1:14 PM, Máté Soós <soos.mate@gmail.com> wrote:
> Dear All,
>
> I maintain a program and I seemed to have stumbled into some bug of
> either the program or gcc. Thanks to Vegard Nossum, we have a really
> small (101 lines, most of them empty) example to reproduce it. The bug
> appears when I compile the program with gcc 4.5.1 (I believe it
> appears for 4.5.0 and 4.5.2 as well), with -O2. The program is meant
> to print "success", but when compiled with -O2 it returns "failure",
> while for -O0 works fine. The file is available here:
>
> http://planete.inrialpes.fr/~soos/gcc/
>
> as "Main.cpp" and "compile.sh".
>
> Machine it is compiled on:
> distribution: Fedora Core 14
> gcc --version: gcc (GCC) 4.5.1 20100924 (Red Hat 4.5.1-4)
> uname -a: Linux localhost.localdomain 2.6.35.6-45.fc14.i686 #1 SMP Mon
> Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux
>
> This bug seemed to have been triggered in the original (>13'000 LOC)
> program by multiple people, using multiple 4.5.X versions, on
> different computers&distributions.
>
> Does anyone know why I get this bug? Could anyone confirm that this
> the bug triggers on their architecture, distribution, and compiler
> version (only >= 4.5.0 seems to be affected)?
>
> Thank you in advance,
>
> Mate
>
> --
> Mate Soos
> Security Research Labs
> www.srlabs.de
> www.msoos.org
>

Re: Could someone tell me what is wrong here?

[Jonathan Wakely]

On 19 January 2011 21:14, Máté Soós wrote:
> Dear All,
>
> I maintain a program and I seemed to have stumbled into some bug of
> either the program or gcc. Thanks to Vegard Nossum, we have a really
> small (101 lines, most of them empty) example to reproduce it.

It'd be under 100 lines without the unnecessary extern "C" block  ;-)

> The bug
> appears when I compile the program with gcc 4.5.1 (I believe it
> appears for 4.5.0 and 4.5.2 as well), with -O2. The program is meant
> to print "success", but when compiled with -O2 it returns "failure",
> while for -O0 works fine. The file is available here:
>
> http://planete.inrialpes.fr/~soos/gcc/
>
> as "Main.cpp" and "compile.sh".
>
> Machine it is compiled on:
> distribution: Fedora Core 14
> gcc --version: gcc (GCC) 4.5.1 20100924 (Red Hat 4.5.1-4)
> uname -a: Linux localhost.localdomain 2.6.35.6-45.fc14.i686 #1 SMP Mon
> Oct 18 23:56:17 UTC 2010 i686 i686 i386 GNU/Linux
>
> This bug seemed to have been triggered in the original (>13'000 LOC)
> program by multiple people, using multiple 4.5.X versions, on
> different computers&distributions.
>
> Does anyone know why I get this bug? Could anyone confirm that this
> the bug triggers on their architecture, distribution, and compiler
> version (only >= 4.5.0 seems to be affected)?

FWIW, 4.6.0 prints "success" but I do get "error" with GCC 4.5.3 at
-O2 or -O3, on x86_64 Fedora 13

Re: Could someone tell me what is wrong here?

[Jonathan Wakely]

On 19 January 2011 21:22, Brian Budge wrote:
> I haven't done an in-depth analysis of your code, but I noticed that
> in my own code, that casting a bool to an integer type did not always
> yield 0 or 1 (I believe this was new in 4.5x).  I ended up changing
> from
>  += (uint32_t)mybool
> to
>  += mybool ? 1 : 0
>
> Does this help in your code?

That would be a (fairly serious IMHO) bug, if you can reproduce it
please report it to bugzilla.

Re: Could someone tell me what is wrong here?

[Brian Budge]

On Wed, Jan 19, 2011 at 1:54 PM, Jonathan Wakely <jwakely.gcc@gmail.com> wrote:
> On 19 January 2011 21:22, Brian Budge wrote:
>> I haven't done an in-depth analysis of your code, but I noticed that
>> in my own code, that casting a bool to an integer type did not always
>> yield 0 or 1 (I believe this was new in 4.5x).  I ended up changing
>> from
>>  += (uint32_t)mybool
>> to
>>  += mybool ? 1 : 0
>>
>> Does this help in your code?
>
> That would be a (fairly serious IMHO) bug, if you can reproduce it
> please report it to bugzilla.
>

I'll see if I can work up a minimal repro.

  Brian

Re: Re: Could someone tell me what is wrong here?

[Zdeněk Sojka]

> ------------ Původní zpráva ------------
> Od: Brian Budge <brian.budge@gmail.com>
> Předmět: Re: Could someone tell me what is wrong here?
> Datum: 19.1.2011 23:02:57
> ----------------------------------------
> On Wed, Jan 19, 2011 at 1:54 PM, Jonathan Wakely <jwakely.gcc@gmail.com> wrote:
> > On 19 January 2011 21:22, Brian Budge wrote:
> >> I haven't done an in-depth analysis of your code, but I noticed that
> >> in my own code, that casting a bool to an integer type did not always
> >> yield 0 or 1 (I believe this was new in 4.5x).  I ended up changing
> >> from
> >>  += (uint32_t)mybool
> >> to
> >>  += mybool ? 1 : 0
> >>
> >> Does this help in your code?
> >
> > That would be a (fairly serious IMHO) bug, if you can reproduce it
> > please report it to bugzilla.
> >
>
> I'll see if I can work up a minimal repro.
>
>   Brian
>
>

Sorry, I didn't notice this issue is being discussed here as well. I have already opened http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47365 for that.

Zdenek

Re: Re: Could someone tell me what is wrong here?

[Brian Budge]

2011/1/19 Zdeněk Sojka <zsojka@seznam.cz>:
>
>> ------------ Původní zpráva ------------
>> Od: Brian Budge <brian.budge@gmail.com>
>> Předmět: Re: Could someone tell me what is wrong here?
>> Datum: 19.1.2011 23:02:57
>> ----------------------------------------
>> On Wed, Jan 19, 2011 at 1:54 PM, Jonathan Wakely <jwakely.gcc@gmail.com> wrote:
>> > On 19 January 2011 21:22, Brian Budge wrote:
>> >> I haven't done an in-depth analysis of your code, but I noticed that
>> >> in my own code, that casting a bool to an integer type did not always
>> >> yield 0 or 1 (I believe this was new in 4.5x).  I ended up changing
>> >> from
>> >>  += (uint32_t)mybool
>> >> to
>> >>  += mybool ? 1 : 0
>> >>
>> >> Does this help in your code?
>> >
>> > That would be a (fairly serious IMHO) bug, if you can reproduce it
>> > please report it to bugzilla.
>> >
>>
>> I'll see if I can work up a minimal repro.
>>
>>   Brian
>>
>>
>
> Sorry, I didn't notice this issue is being discussed here as well. I have already opened http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47365 for that.
>
> Zdenek
>

Is this the same issue?  I don't see casting through a bool in your
attached example.

  Brian

Re: Could someone tell me what is wrong here?

[Mate Soos]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On 01/19/2011 11:53 PM, Brian Budge wrote:
> 2011/1/19 ZdenĂŹk Sojka <zsojka@seznam.cz>:
>> 
>>> ------------ PĂšvodnĂ­ zprĂĄva ------------ Od: Brian Budge
>>> <brian.budge@gmail.com> PøedmÏt: Re: Could someone tell me what
>>> is wrong here? Datum: 19.1.2011 23:02:57 
>>> ---------------------------------------- On Wed, Jan 19, 2011 at
>>> 1:54 PM, Jonathan Wakely <jwakely.gcc@gmail.com> wrote:
>>>> On 19 January 2011 21:22, Brian Budge wrote:
>>>>> I haven't done an in-depth analysis of your code, but I
>>>>> noticed that in my own code, that casting a bool to an
>>>>> integer type did not always yield 0 or 1 (I believe this was
>>>>> new in 4.5x).  I ended up changing from += (uint32_t)mybool 
>>>>> to += mybool ? 1 : 0
>>>>> 
>>>>> Does this help in your code?
>>>> 
>>>> That would be a (fairly serious IMHO) bug, if you can reproduce
>>>> it please report it to bugzilla.
>>> 
>>> I'll see if I can work up a minimal repro.
>> 
>> Sorry, I didn't notice this issue is being discussed here as well.
>> I have already opened
>> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47365 for that.
>> 
>> Zdenek
>> 
> 
> Is this the same issue?

I believe it's the same, Vegard discussed this through IRC, and this is
meant to be the reduced down version of the same bug.

> I don't see casting through a bool in your attached example.

I believe casting through a bool was not part of this problem (doing "b
? 1 : 0" doesn't fix my example).

Bests,

Mate

- -- 
Mate Soos
Security Research Labs
http://www.srlabs.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk03bF0ACgkQsTOOstKb0jnA2gCbBxhBiS8Isncr6XEmyVs5hBIx
CXwAmwTyjLmGv4JQh0TY+C+dx/Hsbyw5
=qfVj
-----END PGP SIGNATURE-----