http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47337
Summary: memory unsafety bug leading to wrong code generation Product: gcc Version: 4.6.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c AssignedTo: unassig...@gcc.gnu.org ReportedBy: reg...@cs.utah.edu Valgrind reports some memory safety problems in the 'gcc -O3' execution. regehr@home:~$ current-gcc -O2 small.c -o small regehr@home:~$ ./small g_6 = 0 regehr@home:~$ current-gcc -O3 small.c -o small regehr@home:~$ ./small g_6 = 134513352 regehr@home:~$ current-gcc -v Using built-in specs. COLLECT_GCC=current-gcc COLLECT_LTO_WRAPPER=/mnt/z/z/compiler-install/gcc-r168941-install/libexec/gcc/i686-pc-linux-gnu/4.6.0/lto-wrapper Target: i686-pc-linux-gnu Configured with: ../configure --with-libelf=/usr/local --enable-lto --prefix=/mnt/z/z/compiler-install/gcc-r168941-install --program-prefix=r168941- --enable-languages=c,c++ Thread model: posix gcc version 4.6.0 20110118 (experimental) (GCC) regehr@home:~$ cat small.c static unsigned int crc32_tab[256]; static unsigned int crc32_context = 0; static char g_4 = 0; static int g_6 = 0; static long long g_83 = 0; static int *g_102 = &g_6; int printf(const char *format, ...); int strcmp(const char *s1, const char *s2); static short div(long long p1, long long p2) { return p1 / p2; } static char sub(char p1, char p2) { return p1 - p2; } static int func_95(int p_96, int p_97) { *g_102 = (p_97 != (short)(p_97 * 3)); for (g_4 = 0; g_4 < 2; g_4++) { lbl_210: if (g_6) { if (g_83) { g_83 = 1; } else { return p_96; } } else { g_6 = 1; goto lbl_210; } g_102 = &g_6; } return p_96; } static void crc32(unsigned long long val, int flag) { if (!flag) { crc32_context = crc32_tab[crc32_context & 1]; crc32_context = crc32_tab[crc32_context & 1]; crc32_context = crc32_tab[(crc32_context ^ (val & 1)) & 1]; crc32_context = crc32_tab[(crc32_context ^ (val & 1)) & 1]; } } int main(int argc, char* argv[]) { int print_hash_value = 0; unsigned int crc = 0; int l_338[8]; int i, j; if (argc == 2 && strcmp(argv[1], "1") == 0) print_hash_value = 1; for (i = 0; i < 256; i++) { for (j = 8; j > 0; j--) { crc = 1; } crc32_tab[i] = crc; } for (i = 0; i < 8; i++) l_338[i] = 0; g_6 = sub(g_4, g_4); g_6 = func_95(g_4, 1 | div(l_338[0], 10)); crc32(g_6, print_hash_value); crc32(g_83, print_hash_value); printf("g_6 = %d\n", g_6); return 0; }