[Bug c++/51759] New: miscompile writes past end of bitfield

2012-01-05 Thread nobled at dreamwidth dot org 
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51759

 Bug #: 51759
   Summary: miscompile writes past end of bitfield
Classification: Unclassified
   Product: gcc
   Version: 4.5.2
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: c++
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: nob...@dreamwidth.org


Compiling the attached preprocessed file with this:
g++-4.5 -Os -fPIC -g -pedantic -Wno-long-long -fno-exceptions -o Type2.cpp.o -c
Type2.ii

Results in writing 32 bits to a 24-bit bitfield, overwriting the first byte of
the next member variable.

These two members of class Type are (on x86_64) at offset 0x8:
  TypeID   ID : 8;
  unsigned SubclassData : 24;

When setSubclassData() isn't inlined, it's called (from StructType::setBody()
and PointerType's constructor) with the address of 'SubclassData' in %rdi...:

   0x776d684f <+71>:lea 0x9(%rdi),%r12
   0x776d6853 <+75>:or $0x1,%esi
   0x776d6856 <+78>:mov %r12,%rdi
   0x776d6859 <+81>:callq 0x776d6774


...but then, setSubclassData writes more than 24 bits to that address:

   0x776d6774 <+0>:mov %esi,%eax
   0x776d6776 <+2>:sub $0x8,%rsp
   0x776d677a <+6>:and $0xff,%eax
   0x776d677f <+11>:cmp %esi,%eax
   0x776d6781 <+13>:mov %eax,(%rdi) # corruption

[Bug c++/51759] miscompile writes past end of bitfield

2012-01-05 Thread nobled at dreamwidth dot org 
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51759

--- Comment #1 from nobled at dreamwidth dot org 2012-01-05 09:35:51 UTC ---
Created attachment 26244
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=26244
output of `gcc -v -save-temps`

[Bug c++/51759] miscompile writes past end of bitfield

2012-01-05 Thread nobled at dreamwidth dot org 
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51759

--- Comment #2 from nobled at dreamwidth dot org 2012-01-05 09:38:45 UTC ---
Created attachment 26245
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=26245
pre-processed file (gzip-compressed)