https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106292
Bug ID: 106292
Summary: Wrong code with -O3
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: vsevolod.livinskiy at gmail dot com
Target Milestone: ---
The wrong optimization causes out-of-bounds array access, which leads to a
Segmentation fault. Unfortunately, I was not able to merge the reproducer into
a single file ([[gnu::noipa]] and __attribute__((noipa)) didn't work or I've
used them incorrectly). This looks like a recent bug because we started to
detect it on Tuesday (June 12th).
Reproducer:
//driver.cpp
#include <stdio.h>
bool var_0 = (bool)1;
unsigned int arr_44 = 3397135069U;
bool arr_8 [7];
short arr_61 [140];
void test();
int main() {
test();
printf("%u\n", arr_61[117]);
if (arr_61[117] != 9)
__builtin_abort();
}
//func.cpp
extern bool var_0;
extern unsigned arr_44;
extern bool arr_8[];
extern short arr_61[];
const unsigned &a(const unsigned &c, unsigned &f) { return f ? c : f; }
bool bar(bool c) { return c; }
void test() {
for (int b = 0; b < 7; b += var_0)
arr_8[b] = 1;
for (int d = 0; d < bar(var_0) + 9; d++)
for (unsigned e = 0; e < 14; e++)
arr_61[d * e] = a(d, arr_44);
}
Error:
>$ g++ -O2 func.cpp driver.cpp && ./a.out
9
>$ g++ -O3 func.cpp driver.cpp && ./a.out
Segmentation fault (core dumped)
gcc version 13.0.0 20220713 (c479c40f8c8fee0fb70e8a365b61c55739f448e1)
