https://gcc.gnu.org/bugzilla/show_bug.cgi?id=120087
Bug ID: 120087 Summary: Miscompilation of a short-cut boolean expression in the presence of assume attribute. Product: gcc Version: 13.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: danilov at gmail dot com Target Milestone: --- Here is a minimal reproducer: ----------------------------------------------------------------------------- struct rung { int seq; void *data; }; struct path { struct rung rung[1]; }; static int used; static char ll(const struct rung *n) { return *(char *)n->data; } int main(int argc, char **argv) { (void)argc; (void)argv; struct path p = {}; int result = 0; used = 0; __asm__ __volatile__("": : :"memory"); for (int i = 0; i <= used && result == 0; ++i) { struct rung *r = &p.rung[i]; __attribute__((assume(i <= 0 || ll(r) + 1 == ll(r - 1)))); if (!(r->seq == 0 && (i <= 0 || ll(r) + 1 == ll(r - 1)))) { result = -1; } } return 0; } ----------------------------------------------------------------------------- Compile as `gcc -O1 gcc-13-bug.c`, it crashes with SIGSEGV. Note that the loop iterates only once (used == 0), i == 0 in the body of the loop, so l(r) should not be called. Yet, l(r) and l(r-1) are both called. The reproducer is minimal in the sense any small random change eliminates the effect. For example, * Move used = 0 over the asm-barrier (or simply remove the barrier). * Remove result == 0 from the loop guard or r->seq == 0 from the conditional. * Replace struct path p with struct rung p[1] mutatis mutandis. This one is especially surprising. uname -a: Linux tau 6.8.0-52-generic #53~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Jan 15 19:18:46 UTC 2 x86_64 x86_64 x86_64 GNU/Linux Below is the output of `gcc -Wall -Wextra -O1 -v -save-temps gcc-13-bug.c` Using built-in specs. COLLECT_GCC=/usr/bin/gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa OFFLOAD_TARGET_DEFAULT=1 Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 13.1.0-8ubuntu1~22.04' --with-bugurl=file:///usr/share/doc/gcc-13/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2,rust --prefix=/usr --with-gcc-major-version-only --program-suffix=-13 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/libexec --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-13-IvzKaI/gcc-13-13.1.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-13-IvzKaI/gcc-13-13.1.0/debian/tmp-gcn/usr --enable-offload-defaulted --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto-lean --enable-link-serialization=2 Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 13.1.0 (Ubuntu 13.1.0-8ubuntu1~22.04) COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic' '-march=x86-64' '-dumpdir' 'a-' /usr/libexec/gcc/x86_64-linux-gnu/13/cc1 -E -quiet -v -imultiarch x86_64-linux-gnu gcc-13-bug.c -mtune=generic -march=x86-64 -Wall -Wextra -O1 -fpch-preprocess -fasynchronous-unwind-tables -fstack-protector-strong -Wformat-security -fstack-clash-protection -fcf-protection -o a-gcc-13-bug.i ignoring nonexistent directory "/usr/local/include/x86_64-linux-gnu" ignoring nonexistent directory "/usr/lib/gcc/x86_64-linux-gnu/13/include-fixed/x86_64-linux-gnu" ignoring nonexistent directory "/usr/lib/gcc/x86_64-linux-gnu/13/include-fixed" ignoring nonexistent directory "/usr/lib/gcc/x86_64-linux-gnu/13/../../../../x86_64-linux-gnu/include" #include "..." search starts here: #include <...> search starts here: /usr/lib/gcc/x86_64-linux-gnu/13/include /usr/local/include /usr/include/x86_64-linux-gnu /usr/include End of search list. COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic' '-march=x86-64' '-dumpdir' 'a-' /usr/libexec/gcc/x86_64-linux-gnu/13/cc1 -fpreprocessed a-gcc-13-bug.i -quiet -dumpdir a- -dumpbase gcc-13-bug.c -dumpbase-ext .c -mtune=generic -march=x86-64 -O1 -Wall -Wextra -version -fasynchronous-unwind-tables -fstack-protector-strong -Wformat-security -fstack-clash-protection -fcf-protection -o a-gcc-13-bug.s GNU C17 (Ubuntu 13.1.0-8ubuntu1~22.04) version 13.1.0 (x86_64-linux-gnu) compiled by GNU C version 13.1.0, GMP version 6.2.1, MPFR version 4.1.0, MPC version 1.2.1, isl version isl-0.24-GMP GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072 Compiler executable checksum: d80f7a3177dda410206b6b40a1a1b357 COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic' '-march=x86-64' '-dumpdir' 'a-' as -v --64 -o a-gcc-13-bug.o a-gcc-13-bug.s GNU assembler version 2.38 (x86_64-linux-gnu) using BFD version (GNU Binutils for Ubuntu) 2.38 COMPILER_PATH=/usr/libexec/gcc/x86_64-linux-gnu/13/:/usr/libexec/gcc/x86_64-linux-gnu/13/:/usr/libexec/gcc/x86_64-linux-gnu/:/usr/lib/gcc/x86_64-linux-gnu/13/:/usr/lib/gcc/x86_64-linux-gnu/ LIBRARY_PATH=/usr/lib/gcc/x86_64-linux-gnu/13/:/usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/:/usr/lib/gcc/x86_64-linux-gnu/13/../../../../lib/:/lib/x86_64-linux-gnu/:/lib/../lib/:/usr/lib/x86_64-linux-gnu/:/usr/lib/../lib/:/usr/lib/gcc/x86_64-linux-gnu/13/../../../:/lib/:/usr/lib/ COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic' '-march=x86-64' '-dumpdir' 'a.' /usr/libexec/gcc/x86_64-linux-gnu/13/collect2 -plugin /usr/libexec/gcc/x86_64-linux-gnu/13/liblto_plugin.so -plugin-opt=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper -plugin-opt=-fresolution=a.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s --build-id --eh-frame-hdr -m elf_x86_64 --hash-style=gnu --as-needed -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie -z now -z relro /usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/Scrt1.o /usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/13/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/13 -L/usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/13/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/13/../../.. a-gcc-13-bug.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/13/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/crtn.o COLLECT_GCC_OPTIONS='-Wall' '-Wextra' '-O1' '-v' '-save-temps' '-mtune=generic' '-march=x86-64' '-dumpdir' 'a.'