https://gcc.gnu.org/bugzilla/show_bug.cgi?id=120087

            Bug ID: 120087
           Summary: Miscompilation of a short-cut boolean expression in
                    the presence of assume attribute.
           Product: gcc
           Version: 13.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: danilov at gmail dot com
  Target Milestone: ---

Here is a minimal reproducer:

-----------------------------------------------------------------------------
struct rung {
        int   seq;
        void *data;
};

struct path {
        struct rung rung[1];
};

static int used;

static char ll(const struct rung *n) {
        return *(char *)n->data;
}

int main(int argc, char **argv) {
        (void)argc; (void)argv;
        struct path p = {};
        int result = 0;
        used = 0;
        __asm__ __volatile__("": : :"memory");
        for (int i = 0; i <= used && result == 0; ++i) {
                struct rung *r = &p.rung[i];
                __attribute__((assume(i <= 0 || ll(r) + 1 == ll(r - 1))));
                if (!(r->seq == 0 && (i <= 0 || ll(r) + 1 == ll(r - 1)))) {
                        result = -1;
                }
        }
        return 0;
}
-----------------------------------------------------------------------------

Compile as `gcc -O1 gcc-13-bug.c`, it crashes with SIGSEGV. Note that the loop
iterates only once (used == 0), i == 0 in the body of the loop, so l(r) should
not be called. Yet, l(r) and l(r-1) are both called.

The reproducer is minimal in the sense any small random change eliminates the
effect. For example,

 * Move used = 0 over the asm-barrier (or simply remove the barrier).

 * Remove result == 0 from the loop guard or r->seq == 0 from the conditional.

 * Replace struct path p with struct rung p[1] mutatis mutandis. This one is
especially surprising.

uname -a: Linux tau 6.8.0-52-generic #53~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed
Jan 15 19:18:46 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

Below is the output of `gcc -Wall -Wextra -O1 -v -save-temps gcc-13-bug.c`
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
13.1.0-8ubuntu1~22.04' --with-bugurl=file:///usr/share/doc/gcc-13/README.Bugs
--enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2,rust --prefix=/usr
--with-gcc-major-version-only --program-suffix=-13
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/libexec --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib
--enable-libphobos-checking=release --with-target-system-zlib=auto
--enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet
--with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-13-IvzKaI/gcc-13-13.1.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-13-IvzKaI/gcc-13-13.1.0/debian/tmp-gcn/usr
--enable-offload-defaulted --without-cuda-driver --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
--with-build-config=bootstrap-lto-lean --enable-link-serialization=2
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 13.1.0 (Ubuntu 13.1.0-8ubuntu1~22.04)
COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic'
'-march=x86-64' '-dumpdir' 'a-'
 /usr/libexec/gcc/x86_64-linux-gnu/13/cc1 -E -quiet -v -imultiarch
x86_64-linux-gnu gcc-13-bug.c -mtune=generic -march=x86-64 -Wall -Wextra -O1
-fpch-preprocess -fasynchronous-unwind-tables -fstack-protector-strong
-Wformat-security -fstack-clash-protection -fcf-protection -o a-gcc-13-bug.i
ignoring nonexistent directory "/usr/local/include/x86_64-linux-gnu"
ignoring nonexistent directory
"/usr/lib/gcc/x86_64-linux-gnu/13/include-fixed/x86_64-linux-gnu"
ignoring nonexistent directory "/usr/lib/gcc/x86_64-linux-gnu/13/include-fixed"
ignoring nonexistent directory
"/usr/lib/gcc/x86_64-linux-gnu/13/../../../../x86_64-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/lib/gcc/x86_64-linux-gnu/13/include
 /usr/local/include
 /usr/include/x86_64-linux-gnu
 /usr/include
End of search list.
COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic'
'-march=x86-64' '-dumpdir' 'a-'
 /usr/libexec/gcc/x86_64-linux-gnu/13/cc1 -fpreprocessed a-gcc-13-bug.i -quiet
-dumpdir a- -dumpbase gcc-13-bug.c -dumpbase-ext .c -mtune=generic
-march=x86-64 -O1 -Wall -Wextra -version -fasynchronous-unwind-tables
-fstack-protector-strong -Wformat-security -fstack-clash-protection
-fcf-protection -o a-gcc-13-bug.s
GNU C17 (Ubuntu 13.1.0-8ubuntu1~22.04) version 13.1.0 (x86_64-linux-gnu)
        compiled by GNU C version 13.1.0, GMP version 6.2.1, MPFR version
4.1.0, MPC version 1.2.1, isl version isl-0.24-GMP

GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Compiler executable checksum: d80f7a3177dda410206b6b40a1a1b357
COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic'
'-march=x86-64' '-dumpdir' 'a-'
 as -v --64 -o a-gcc-13-bug.o a-gcc-13-bug.s
GNU assembler version 2.38 (x86_64-linux-gnu) using BFD version (GNU Binutils
for Ubuntu) 2.38
COMPILER_PATH=/usr/libexec/gcc/x86_64-linux-gnu/13/:/usr/libexec/gcc/x86_64-linux-gnu/13/:/usr/libexec/gcc/x86_64-linux-gnu/:/usr/lib/gcc/x86_64-linux-gnu/13/:/usr/lib/gcc/x86_64-linux-gnu/
LIBRARY_PATH=/usr/lib/gcc/x86_64-linux-gnu/13/:/usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/:/usr/lib/gcc/x86_64-linux-gnu/13/../../../../lib/:/lib/x86_64-linux-gnu/:/lib/../lib/:/usr/lib/x86_64-linux-gnu/:/usr/lib/../lib/:/usr/lib/gcc/x86_64-linux-gnu/13/../../../:/lib/:/usr/lib/
COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic'
'-march=x86-64' '-dumpdir' 'a.'
 /usr/libexec/gcc/x86_64-linux-gnu/13/collect2 -plugin
/usr/libexec/gcc/x86_64-linux-gnu/13/liblto_plugin.so
-plugin-opt=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper
-plugin-opt=-fresolution=a.res -plugin-opt=-pass-through=-lgcc
-plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc
-plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s --build-id
--eh-frame-hdr -m elf_x86_64 --hash-style=gnu --as-needed -dynamic-linker
/lib64/ld-linux-x86-64.so.2 -pie -z now -z relro
/usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/Scrt1.o
/usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/crti.o
/usr/lib/gcc/x86_64-linux-gnu/13/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/13
-L/usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/13/../../../../lib -L/lib/x86_64-linux-gnu
-L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib
-L/usr/lib/gcc/x86_64-linux-gnu/13/../../.. a-gcc-13-bug.o -lgcc --push-state
--as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s
--pop-state /usr/lib/gcc/x86_64-linux-gnu/13/crtendS.o
/usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/crtn.o
COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic'
'-march=x86-64' '-dumpdir' 'a.'

Reply via email to