https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98513
Bug ID: 98513
Summary: [10/11 Regression] Wrong code with -O3 since
r10-2804-gbf05a3bbb58b3558
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
CC: acoplan at gcc dot gnu.org, rguenth at gcc dot gnu.org
Target Milestone: ---
It's reduced from a yarpgen test-case:
$ cat combined.cc
extern unsigned long long var_20;
extern unsigned short arr_8[][26][1][1][11];
const int &max(int &a, const int &b) { return a > b ? a : b; }
int test___trans_tmp_1, var_5 = -1251116163, var_6 = -1745956746;
void test(int var_5, int var_6,
signed char arr_1[][26][19]) {
for (unsigned i_0 = 0; i_0 < 21; i_0 += 2)
for (int i_2 = 0; i_2 < 8; i_2 += 82) {
for (int i_3 = 0; i_3 < test___trans_tmp_1; i_3 += 70)
for (short i_4 = 0; i_4 < 20; i_4 += 4)
var_20 = max(var_5, 0);
for (int i_5 = 0; i_5 < 19;
i_5 += 20)
for (int i_6 = var_6 + 1745956746; i_6 < var_5 + 1251116173; i_6 += 1)
arr_8[3][2][i_2][i_5][i_6] = arr_1[3][2][i_2];
}
}
unsigned long long var_20;
signed char arr_1[1][26][19];
unsigned short arr_8[22][26][1][1][11];
int main() { test(var_5, var_6, arr_1); }
$ g++-10 -O3 combined.cc -Wall -Wextra -Werror && timeout 2 valgrind ./a.out
==9389== Memcheck, a memory error detector
==9389== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==9389== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==9389== Command: ./a.out
==9389==
==9389== Invalid write of size 2
==9389== at 0x401250: test(int, int, signed char (*) [26][19]) (in
/home/marxin/Programming/yarpgen/objdir/S3105191294/a.out)
==9389== by 0x401035: main (in
/home/marxin/Programming/yarpgen/objdir/S3105191294/a.out)
==9389== Address 0xffffffff00404740 is not stack'd, malloc'd or (recently)
free'd
==9389==
==9389==
==9389== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==9389== Access not within mapped region at address 0xFFFFFFFF00404740
==9389== at 0x401250: test(int, int, signed char (*) [26][19]) (in
/home/marxin/Programming/yarpgen/objdir/S3105191294/a.out)
==9389== by 0x401035: main (in
/home/marxin/Programming/yarpgen/objdir/S3105191294/a.out)
==9389== If you believe this happened as a result of a stack
==9389== overflow in your program's main thread (unlikely but
==9389== possible), you can try to increase the size of the
==9389== main thread stack using the --main-stacksize= flag.
==9389== The main thread stack size used in this run was 8388608.
==9389==
==9389== HEAP SUMMARY:
==9389== in use at exit: 0 bytes in 0 blocks
==9389== total heap usage: 1 allocs, 1 frees, 72,704 bytes allocated
==9389==
==9389== All heap blocks were freed -- no leaks are possible
==9389==
==9389== For lists of detected and suppressed errors, rerun with: -s
==9389== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
timeout: the monitored command dumped core
Segmentation fault
It should not contain any undefined behavior, verified with:
$ clang++ combined.cc -Wall -Wextra -Werror && timeout 1 ./a.out && g++
combined.cc -Wall -Wextra -Werror && timeout 1 ./a.out && g++-10
-fsanitize=address,undefined -fno-sanitize-recover=all combined.cc && timeout 2
./a.out
