https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113703
Bug ID: 113703
Summary: ivopts miscompiles loop
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: kristerw at gcc dot gnu.org
Target Milestone: ---
The following function (gcc.dg/tree-ssa/ivopts-lt.c) is miscompiled when
compiled with with -O1 for X86_64:
#include "stdint.h"
void
f1 (char *p, uintptr_t i, uintptr_t n)
{
p += i;
do
{
*p = '\0';
p += 1;
i++;
}
while (i < n);
}
The IR after cunroll looks like:
void f1 (char * p, uintptr_t i, uintptr_t n)
{
<bb 2>:
p_6 = p_4(D) + i_5(D);
<bb 3>:
# p_1 = PHI <p_6(2), p_9(5)>
# i_2 = PHI <i_5(D)(2), i_10(5)>
*p_1 = 0;
p_9 = p_1 + 1;
i_10 = i_2 + 1;
if (i_10 < n_11(D))
goto <bb 5>;
else
goto <bb 4>;
<bb 5>:
goto <bb 3>;
<bb 4>:
return;
}
This is then changed by ivopts to
void f1 (char * p, uintptr_t i, uintptr_t n)
{
sizetype _13;
char * _14;
<bb 2>:
p_6 = p_4(D) + i_5(D);
_13 = n_11(D) - i_5(D);
_14 = p_6 + _13;
<bb 3>:
# p_1 = PHI <p_6(2), p_9(5)>
MEM[(char *)p_1] = 0;
p_9 = p_1 + 1;
if (p_9 < _14)
goto <bb 5>;
else
goto <bb 4>;
<bb 5>:
goto <bb 3>;
<bb 4>:
return;
}
Suppose the function gets called with the values:
p = 0x0002ffffffffffff
i = 0xffff000000000001
n = 0xdffd7fffffffffff
The original function writes 0 to address 0x0002000000000000, and then exits.
The optimized function overflows when calculating _14, and the function does
the equivalent of
memset(0x0002000000000000, 0, 0xdffe7ffffffffffe);
