https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93010
Bug ID: 93010
Summary: Wrong optimization: provenance affects comparison of
saved bits of addresses of dead auto variables
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: ch3root at openwall dot com
Target Milestone: ---
It's known that the value of a pointer to an object becomes indeterminate after
the object is dead (C11, 6.2.4p2). Whether its representation becomes
indeterminate is up for debate but let's bypass the issue by saving the
representation while the object is still alive. For example, we can cast it to
an integer. And we'll get an ordinary integer, with a stable value etc., not
affected by changes in the life of the original object. Right?
This seems to be broken for the equality operators when the operands are
constructed from addresses of automatic variables and at least one of these
variables is dead at the time of comparison.
----------------------------------------------------------------------
#include <stdio.h>
int main()
{
unsigned long u, v;
{
int x[5];
u = (unsigned long)x;
}
{
int y[5];
v = (unsigned long)y;
}
printf("u = %#lx\n", u);
printf("v = %#lx\n", v);
printf("diff = %#lx\n", u - v);
printf("eq = %d\n", u == v);
}
----------------------------------------------------------------------
$ gcc -std=c11 -pedantic -Wall -Wextra -O3 test.c && ./a.out
u = 0x7ffeb6326180
v = 0x7ffeb6326180
diff = 0
eq = 0
----------------------------------------------------------------------
gcc x86-64 version: gcc (GCC) 10.0.0 20191219 (experimental)
If "diff == 0" then "eq" should be 1.
