[Bug middle-end/46488] [4.5 regression] server/core_filters.c from apache httpd 2.2.17 miscompiled at -O3

Mon, 29 Nov 2010 05:36:36 -0800 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46488

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rguenth at gcc dot gnu.org

--- Comment #23 from Richard Guenther <rguenth at gcc dot gnu.org> 2010-11-29 
13:36:20 UTC ---
(In reply to comment #22)
> > The pointers are constructed explicitly to never be dereferenced, only
> > compared for equality; if a dereference exists it would be a bug, but
> > I don't see one.
> 
> APR_RING_SPLICE_HEAD does such a dereference as far I can see:
> 
> #define APR_RING_SPLICE_HEAD(hp, ep1, epN, elem, link)            \
>     APR_RING_SPLICE_AFTER(APR_RING_SENTINEL((hp), elem, link),    \
>                  (ep1), (epN), link)
> 
> #define APR_RING_SPLICE_AFTER(lep, ep1, epN, link) do {            \
>     APR_RING_PREV((ep1), link) = (lep);                \
>     APR_RING_NEXT((epN), link) = APR_RING_NEXT((lep), link);    \
>     APR_RING_PREV(APR_RING_NEXT((lep), link), link) = (epN);    \
>     APR_RING_NEXT((lep), link) = (ep1);                \
>     } while (0)
> 
> #define APR_RING_NEXT(ep, link)    (ep)->link.next
> #define APR_RING_PREV(ep, link)    (ep)->link.prev
> 
> > In the absence of such a smoking gun, can an C99 aliasing issue occur merely
> > in handling pointer equivalence?
> 
> That would be a real compiler bug. :-)
> 
> 
> You seem to be quite familiar with the httpd code.  Can you pinpoint what is
> miscompiled exactly in ap_core_input_filter or ap_core_output_filter?  I'm not
> saying that the miscompilation comes from this strict aliasing issue, only 
> that
> it might at this point.

Btw, in 4.6 this was likely "fixed" by making all pointers inherit the
same alias set as void * (as this is a very common misconception that
you can alias all pointers with void *, or that all pointers do alias
in general):

2010-08-25  Richard Guenther  <[email protected]>

        * alias.c (get_alias_set): Assign a single alias-set to all pointers.
        * gimple.c (gimple_get_alias_set): Remove special handling
        for pointers.

it doesn't make the type-punning valid, of course, but in 4.6 we try
harder to not break users code just because we are allowed to.

Reply via email to