[Bug target/125516] New: [16/17 Regression] [RISCV] [Miscompile] GCC miscompiles at -O3 as well as -O2 since g:573ea59a48d95fc4e9f520865eae71c5d9de614f

Sat, 30 May 2026 12:51:26 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=125516

            Bug ID: 125516
           Summary: [16/17 Regression] [RISCV] [Miscompile] GCC
                    miscompiles at -O3 as well as -O2 since
                    g:573ea59a48d95fc4e9f520865eae71c5d9de614f
           Product: gcc
           Version: 16.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: skothadiya at whileone dot in
  Target Milestone: ---

Created attachment 64591
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=64591&action=edit
Attached reduced testcase

Description:
The testcase code involves for loops on various datatypes, compiles correctly
on x86_64 and produces the expected output. However, when compiled for the
riscv64 architecture, the resulting binary yields an incorrect value. The
expected output is 0, but the program returns 17. This miscompilation occurs
with optimization enabled at level -O3 & -O2.

COMMANDS:
/riscv-gnu-toolchain-build/bin/riscv64-unknown-linux-gnu-gcc
-march=rv64gcv_zvl256b -flto -O3 red.c -o user-config.out -fsigned-char
-fno-strict-aliasing -fwrapv -Wno-unknown-warning-option -Werror -Wfatal-errors
-Wall -Wformat -Wno-int-in-bool-context -Wno-dangling-pointer
-Wno-compare-distinct-pointer-types -Wno-overflow -Wuninitialized
-Warray-bounds -Wreturn-type -Wno-unused-function -Wno-unused-variable
-Wno-unused-but-set-variable -Wno-unused-value -Wno-address -Wno-bool-compare
-Wno-pointer-sign -Wno-bool-operation -Wno-tautological-compare
-Wno-self-assign -Wno-implicit-const-int-float-conversion
-Wno-constant-conversion -Wno-unused-value
-Wno-tautological-constant-out-of-range-compare -Wno-constant-logical-operand
-Wno-parentheses-equality -Wno-pointer-sign

QEMU_CPU=rv64,vlen=256,rvv_ta_all_1s=true,rvv_ma_all_1s=true,v=true,vext_spec=v1.0,zve32f=true,zve64f=true
timeout --verbose -k 0.1 4
/mnt/data1/sujayk/cifuzz-pad/riscv-gnu-toolchain-build/bin/qemu-riscv64
user-config.out 1
17
  //Expected Output: 0
  //Actual Output: 17

-- testcase (red.c) --
char a;
long long b;
short d[18][18][18][18];
short (*e)[18][18][18] = d;

int printf(const char *, ...);
int main() {
  for (long h=0; h<4; ++h)
    for (long i=0; i<18; ++i)
      for (long j=0; j<18; ++j)
        for (long k=0; k<18; ++k)
          d[h][i][j][k] = j;

  for (short i= 0; i< 8; i++)
    for (unsigned char j= 0; j< 18; j++)
      a = e[3][i][i][j] ? e[j][i][i][3] : 0;

  b = (int)a;
  printf("%llu\n", b);
}


The issue is Found via fuzzer.

Reply via email to