https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102124
Bug ID: 102124
Summary: GCC 11.2.1 -ftree-loop-vectorize Causing Data To Lose
Sign Bit
Product: gcc
Version: 11.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: changyp6 at gmail dot com
Target Milestone: ---
Created attachment 51374
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51374&action=edit
Test program for gcc 11.2.1 on AARCH64
Description of problem:
When I'm building libgcrypt 1.9.4 with GCC 11.2.1 on my AARCH64 box(armv8.2
cortex-a76), I'm using -O3 compile options. however, -O3 generated code failed
to pass "basic" test of libgcrypt, it fails on "gcry_cipher_checktag" function.
After investigation, I found that, the problem occurs in buf_eq_const()
function in file cipher/bufhelp.h of libgcrypt-1.9.4
362 /* Constant-time compare of two buffers. Returns 1 if buffers are equal,
363 and 0 if buffers differ. */
364 static inline int
365 buf_eq_const(const void *_a, const void *_b, size_t len)
366 {
367 const byte *a = _a;
368 const byte *b = _b;
369 int ab, ba;
370 size_t i;
371
372 /* Constant-time compare. */
373 for (i = 0, ab = 0, ba = 0; i < len; i++)
374 {
375 /* If a[i] != b[i], either ab or ba will be negative. */
376 ab |= a[i] - b[i];
377 ba |= b[i] - a[i];
378 }
379
380 /* 'ab | ba' is negative when buffers are not equal. */
382 return (ab | ba) >= 0;
383 }
The calculation of 2 different array becomes >= 0 on the return value, however,
it should be negative value.
After I change -O3 to -O2, this function works again.
Then I compile libgcrypt 1.9.4 with -O2 plus additional GCC options which are
added by -O3 to locate the actual option that causing this issue, finally I
found that, if "-ftree-loop-vectorize" is used to compile this code, the
calculated result is a positive value, if removing "-ftree-loop-vectorize", the
calculated result is negative.
Then I downgraded GCC to 10.x, -ftree-loop-vectorize won't cause such issue.
So I'm sure this is a GCC bug.
It seems that "-ftree-loop-vectorize" causing "|=" operation ignore the "sign
bit" of "a[i] - b[i]" or "b[i] - a[i]".
I have summarized a test-case, which is attached
I have also compiled a cross-toolchain, using gcc git version
(98e482761b083dbc35ae59704ee1eeb0b8eeb5d1), which is also gcc 11.2.1, this git
version also has such issue.
Version-Release number of selected component (if applicable):
GCC 11.2.1
Additional Info:
GCC 11 for x86 / x86_64 doesn't have such issue.
GCC 10.x for aarch64 doesn't have such issue.
I have also submitted this bug to Fedora bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1998964
