https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63288
Bug ID: 63288
Summary: [5 Regression] gcc.c-torture/execute/20140326-1.c
FAILs with -Og -fgcse -fif-conversion2
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: zsojka at seznam dot cz
Created attachment 33508
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33508&action=edit
reduced testcase
Output:
$ gcc -Og -fgcse -fif-conversion2 testcase.c
$ valgrind -q ./a.out
==13302== Invalid read of size 1
==13302== at 0x400528: main (in /home/smatz/gcc-bug/1278/a.out)
==13302== Address 0xfff01f9d8 is not stack'd, malloc'd or (recently) free'd
==13302==
==13302==
==13302== Process terminating with default action of signal 11 (SIGSEGV)
==13302== Access not within mapped region at address 0xFFF01F9D8
==13302== at 0x400528: main (in /home/smatz/gcc-bug/1278/a.out)
==13302== If you believe this happened as a result of a stack
==13302== overflow in your program's main thread (unlikely but
==13302== possible), you can try to increase the size of the
==13302== main thread stack using the --main-stacksize= flag.
==13302== The main thread stack size used in this run was 8388608.
Segmentation fault
The segfault caused by e[131072] being speculatively loaded before the
comparison:
main:
# crashes here
movzx eax, BYTE PTR [rsp+131056]
cmp DWORD PTR a[rip], 131072
je .L2
mov eax, 0
.L2:
movsx eax, al
ret
Tested revisions:
r215315 - fail
r214876 - fail
4_9 r213788 - OK
