[Bug other/95971] New: [10 regression] Optimizer converts a false boolean value into a true boolean value

Mon, 29 Jun 2020 09:19:58 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95971

            Bug ID: 95971
           Summary: [10 regression] Optimizer converts a false boolean
                    value into a true boolean value
           Product: gcc
           Version: 10.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: other
          Assignee: unassigned at gcc dot gnu.org
          Reporter: 0xe2.0x9a.0x9b at gmail dot com
  Target Milestone: ---

Hello. I have found an optimization issue that is triggered by the -O2
optimization option in GCC 10.1.0.

The source code (see below) contains an infinite while(cond){} loop. The loop
condition is expected to always evaluate to true. The optimizer incorrectly
derives that the loop condition evaluates to false and removes the loop. It is
possible that the issue is related to optimizations of the delete operator in
C++.

Reproducibility:

  g++ 10.1.0 -O0: not reproducible
  g++ 10.1.0 -O1: not reproducible
  g++ 10.1.0 -O2: REPRODUCIBLE
  g++ 10.1.0 -O3: not reproducible
  g++ 9.3.0  -O2: not reproducible
  clang++ 10 -O2: not reproducible

Full source code:

$ cat a.cc
void xbool(bool value);

struct A {
        char *a = (char*)1;
        ~A() { delete a; }
        bool isZero() { return a == (void*)0; }
};

int main() {
        A a;
        xbool(a.isZero());
        while(!a.isZero());
        xbool(a.isZero()); // This line isn't required to trigger the issue
        return 0;
}

$ cat b.cc
void xbool(bool value) {}

$ cat Makefile 
test:
        g++ -c -O2 a.cc
        g++ -c b.cc
        g++ -o a a.o b.o
        time ./a

Dump of assembler code for function main:

   push   %rbp
   xor    %edi,%edi // %rdi := false
   sub    $0x10,%rsp
   movq   $0x1,0x8(%rsp)
   callq  xbool(bool)
   mov    $0x1,%edi // %rdi := true
   callq  xbool(bool)
   lea    0x8(%rsp),%rdi
   callq  A::~A()
   add    $0x10,%rsp
   xor    %eax,%eax
   pop    %rbp
   retq   
   mov    %rax,%rbp
   jmpq   main.cold

In the assembler code: The compiler correctly passes zero (false) in the 1st
call to function xbool(bool), then incorrectly passes one (true) in the 2nd
call to function xbool(bool).

The source code initializes A::a to (char*)1 in order to keep the code as small
as possible to trigger the issue. A::a could have been initialized to a valid
delete-able heap address, but this would unnecessarily enlarge the source code.

The GCC version string on my machine is "g++ (Gentoo 10.1.0-r1 p2) 10.1.0".


Please confirm the reproducibility of this issue.

Reply via email to