https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98513
Bug ID: 98513 Summary: [10/11 Regression] Wrong code with -O3 since r10-2804-gbf05a3bbb58b3558 Product: gcc Version: 11.0 Status: UNCONFIRMED Keywords: wrong-code Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: marxin at gcc dot gnu.org CC: acoplan at gcc dot gnu.org, rguenth at gcc dot gnu.org Target Milestone: --- It's reduced from a yarpgen test-case: $ cat combined.cc extern unsigned long long var_20; extern unsigned short arr_8[][26][1][1][11]; const int &max(int &a, const int &b) { return a > b ? a : b; } int test___trans_tmp_1, var_5 = -1251116163, var_6 = -1745956746; void test(int var_5, int var_6, signed char arr_1[][26][19]) { for (unsigned i_0 = 0; i_0 < 21; i_0 += 2) for (int i_2 = 0; i_2 < 8; i_2 += 82) { for (int i_3 = 0; i_3 < test___trans_tmp_1; i_3 += 70) for (short i_4 = 0; i_4 < 20; i_4 += 4) var_20 = max(var_5, 0); for (int i_5 = 0; i_5 < 19; i_5 += 20) for (int i_6 = var_6 + 1745956746; i_6 < var_5 + 1251116173; i_6 += 1) arr_8[3][2][i_2][i_5][i_6] = arr_1[3][2][i_2]; } } unsigned long long var_20; signed char arr_1[1][26][19]; unsigned short arr_8[22][26][1][1][11]; int main() { test(var_5, var_6, arr_1); } $ g++-10 -O3 combined.cc -Wall -Wextra -Werror && timeout 2 valgrind ./a.out ==9389== Memcheck, a memory error detector ==9389== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==9389== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==9389== Command: ./a.out ==9389== ==9389== Invalid write of size 2 ==9389== at 0x401250: test(int, int, signed char (*) [26][19]) (in /home/marxin/Programming/yarpgen/objdir/S3105191294/a.out) ==9389== by 0x401035: main (in /home/marxin/Programming/yarpgen/objdir/S3105191294/a.out) ==9389== Address 0xffffffff00404740 is not stack'd, malloc'd or (recently) free'd ==9389== ==9389== ==9389== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==9389== Access not within mapped region at address 0xFFFFFFFF00404740 ==9389== at 0x401250: test(int, int, signed char (*) [26][19]) (in /home/marxin/Programming/yarpgen/objdir/S3105191294/a.out) ==9389== by 0x401035: main (in /home/marxin/Programming/yarpgen/objdir/S3105191294/a.out) ==9389== If you believe this happened as a result of a stack ==9389== overflow in your program's main thread (unlikely but ==9389== possible), you can try to increase the size of the ==9389== main thread stack using the --main-stacksize= flag. ==9389== The main thread stack size used in this run was 8388608. ==9389== ==9389== HEAP SUMMARY: ==9389== in use at exit: 0 bytes in 0 blocks ==9389== total heap usage: 1 allocs, 1 frees, 72,704 bytes allocated ==9389== ==9389== All heap blocks were freed -- no leaks are possible ==9389== ==9389== For lists of detected and suppressed errors, rerun with: -s ==9389== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) timeout: the monitored command dumped core Segmentation fault It should not contain any undefined behavior, verified with: $ clang++ combined.cc -Wall -Wextra -Werror && timeout 1 ./a.out && g++ combined.cc -Wall -Wextra -Werror && timeout 1 ./a.out && g++-10 -fsanitize=address,undefined -fno-sanitize-recover=all combined.cc && timeout 2 ./a.out