Re: c/4925: __builtin_memcpy overcopies on ix86 in gcc 3.0.2

Re: c/4925: __builtin_memcpy overcopies on ix86 in gcc 3.0.2

[rodrigc]

The following reply was made to PR c/4925; it has been noted by GNATS.

From: rodrigc@gcc.gnu.org
To: gcc-bugs@gcc.gnu.org, gcc-gnats@gcc.gnu.org, gcc-prs@gcc.gnu.org,
  ian@airs.com, nobody@gcc.gnu.org
Cc:  
Subject: Re: c/4925: __builtin_memcpy overcopies on ix86 in gcc 3.0.2
Date: 22 Nov 2001 03:08:13 -0000

 Synopsis: __builtin_memcpy overcopies on ix86 in gcc 3.0.2
 
 State-Changed-From-To: open->closed
 State-Changed-By: rodrigc
 State-Changed-When: Wed Nov 21 19:08:13 2001
 State-Changed-Why:
     I tested with gcc version 3.0.3 20011118 (prerelease),
     and it seems to be fixed with the patch
     to i386.md.
     
     See http://gcc.gnu.org/ml/gcc/2001-11/msg00761.html
     for tentative gcc 3.0.3 schedule.
 
 http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&pr=4925&database=gcc

Re: c/4925: __builtin_memcpy overcopies on ix86 in gcc 3.0.2

[rodrigc]

Synopsis: __builtin_memcpy overcopies on ix86 in gcc 3.0.2

State-Changed-From-To: open->closed
State-Changed-By: rodrigc
State-Changed-When: Wed Nov 21 19:08:13 2001
State-Changed-Why:
    I tested with gcc version 3.0.3 20011118 (prerelease),
    and it seems to be fixed with the patch
    to i386.md.
    
    See http://gcc.gnu.org/ml/gcc/2001-11/msg00761.html
    for tentative gcc 3.0.3 schedule.

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&pr=4925&database=gcc

Re: c/4925: __builtin_memcpy overcopies on ix86 in gcc 3.0.2

[Ian Lance Taylor]

The following reply was made to PR c/4925; it has been noted by GNATS.

From: Ian Lance Taylor <ian@airs.com>
To: gcc-gnats@gcc.gnu.org
Cc:  
Subject: Re: c/4925: __builtin_memcpy overcopies on ix86 in gcc 3.0.2
Date: 21 Nov 2001 16:46:38 -0800

 gcc-gnats@gcc.gnu.org writes:
 
 > Thank you very much for your problem report.
 > It has the internal identification `c/4925'.
 > The individual assigned to look at your
 > report is: unassigned. 
 > 
 > >Category:       c
 > >Responsible:    unassigned
 > >Synopsis:       __builtin_memcpy overcopies on ix86 in gcc 3.0.2
 > >Arrival-Date:   Wed Nov 21 16:26:00 PST 2001
 
 I believe this is the patch which fixes the bug.  A version of this
 patch appears in the current development sources.
 
 Ian
 
 Index: i386.md
 ===================================================================
 RCS file: /home/cvsfiles/tools/egcs/gcc/config/i386/i386.md,v
 retrieving revision 1.1.1.4
 diff -u -r1.1.1.4 i386.md
 --- i386.md	2001/11/14 22:28:55	1.1.1.4
 +++ i386.md	2001/11/22 00:46:27
 @@ -10917,7 +10917,7 @@
  	  LABEL_NUSES (label) = 1;
  	}
        if (align > 1 && count > 0 && (count & 1))
 -	emit_insn (gen_strmovsi (destreg, srcreg));
 +	emit_insn (gen_strmovqi (destreg, srcreg));
        if (align <= 1 || count < 0)
  	{
  	  rtx label = gen_label_rtx ();

c/4925: __builtin_memcpy overcopies on ix86 in gcc 3.0.2

[ian]

>Number:         4925
>Category:       c
>Synopsis:       __builtin_memcpy overcopies on ix86 in gcc 3.0.2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          wrong-code
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 21 16:26:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Ian Lance Taylor
>Release:        3.0.2
>Organization:
>Environment:
System: Linux daffy.airs.com 2.2.18 #5 Tue Feb 6 13:57:37 PST 2001 i686 unknown
Architecture: i686

	
host: i686-pc-linux-gnu
build: i686-pc-linux-gnu
target: i686-pc-linux-gnu
configured with: ../../tools/egcs/configure  : (reconfigured) ../../tools/egcs/configure --with-gcc-version-trigger=/home/ian/tools/tools/egcs/gcc/version.c --host=i686-pc-linux-gnu --enable-shared=libstdc++
>Description:

On the ix86, with gcc 3.0.2, when compiling with optimization,
__builtin_memcpy can copy bytes which it should not copy.  The
following program demonstrates the problem.  This is an example of the
common C idiom in which a trailing field in a struct is only partially
allocated and used.  The test program does not show the partial
allocation, but it does show that __builtin_memcpy overwrites a byte
which it should not overwrite.

This program exits 0 when compiled without optimization and run.  It
exits 1 when compiled with optimization (-O) and run.

This bug causes a miscompilation of Postgres 7.1.3 when configured
with --enable-cassert.  In actual practice the code calls memcpy,
which gcc automatically translates into __builtin_memcpy when
optimizing.

This bug does not appear to occur in the current development sources,
in which the i386 movstrsi handling has been at least somewhat
rewritten.  If there is a gcc 3.0.3 release, the fix should be
incorporated.

>How-To-Repeat:

struct s
{
  int i[20];
  short s;
  char f;
  char b[100];
};

struct s s1;

int
main()
{
  struct s s2;
  s2.b[0] = 100;
  __builtin_memcpy(&s2, &s1, ((unsigned int) &((struct s *)0)->b));
  exit(s2.b[0] != 100);
}


>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: