https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113630
Bug ID: 113630
Summary: -fno-strict-aliasing introduces out-of-bounds memory
access
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: kristerw at gcc dot gnu.org
Target Milestone: ---
The test gcc.dg/torture/pr110799.c crashes because of an out of bounds memory
access when compiled with "-O2 -fno-strict-aliasing".
What is happening is that the pre pass has changed
struct S {
int a;
};
struct M {
int a, b;
};
__attribute__((noipa, noinline, noclone, no_icf))
int f (struct S * p, int c, int d)
{
int r;
<bb 2>:
if (c_2(D) != 0)
goto <bb 3>;
else
goto <bb 6>;
<bb 3>:
if (d_6(D) != 0)
goto <bb 4>;
else
goto <bb 5>;
<bb 4>
r_8 = p_4(D)->a;
goto <bb 7>;
<bb 5>
r_7 = MEM[(struct M *)p_4(D)].a;
goto <bb 7>;
<bb 6>
r_5 = MEM[(struct M *)p_4(D)].b;
<bb 7>
# r_1 = PHI <r_7(5), r_5(6), r_8(4)>
return r_1;
}
by combining bb 4 and bb 5 and doing all accesses as struct M:
__attribute__((noipa, noinline, noclone, no_icf))
int f (struct S * p, int c, int d)
{
int r;
int pretmp_9;
<bb 2>:
if (c_2(D) != 0)
goto <bb 3>; [50.00%]
else
goto <bb 4>; [50.00%]
<bb 3>:
pretmp_9 = MEM[(struct M *)p_4(D)].a;
goto <bb 5>;
<bb 4>:
r_5 = MEM[(struct M *)p_4(D)].b;
<bb 5>:
# r_1 = PHI <pretmp_9(3), r_5(4)>
return r_1;
}
This in turn allows later passes to hoist the two loads
__attribute__((noipa, noinline, noclone, no_icf))
int f (struct S * p, int c, int d)
{
int r;
int pretmp_9;
<bb 2>:
pretmp_9 = MEM[(struct M *)p_4(D)].a;
r_5 = MEM[(struct M *)p_4(D)].b;
if (c_2(D) != 0)
goto <bb 3>;
else
goto <bb 4>;
<bb 3>:
<bb 4>:
# r_1 = PHI <pretmp_9(3), r_5(2)>
return r_1;
}
which now reads out of bounds when we pass a struct S as f(&s, 1, 1).
