[Bug c/50284] possible miscompilation with -fstrict-aliasing

Sun, 04 Sep 2011 01:58:18 -0700 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50284

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |INVALID

--- Comment #6 from Richard Guenther <rguenth at gcc dot gnu.org> 2011-09-04 
08:57:35 UTC ---
(In reply to comment #4)
> (In reply to comment #3)
> > struct Value {
> >   struct jsval data;
> > };
> > ...
> >     struct jsval y = t3.array[i];
> >     struct Value *z = (struct Value*)&y;
> >     if (z->data.tag == 0xFFFFFF85) {
> > 
> > that's invalid in GCCs reading of 6.5 p7. jsval is a subset of Value's
> > alias-set
> > but not the other way around.  GCC reads z->data.tag as an access to an
> > object of type Value which is invalid.
> 
> So downcast (i.e. casting to a more specialized type) are invalid even if
> original data type is correct (not that it is in the reduced testcase)? That 
> is
> really strict :-(

No, if there is an object of dynamic type Value at &y then the code is valid.
But you've stored to *&y via an lvalue of type jsval and are reading from
it via an lvalue of type Value.

> > The contorted reasoning is that the pointer conversion invokes undefined
> > behavior.  Definitely an interesting blog post ;)
> 
> is there any hope that gcc could be made a bit less strict? Either reading the
> member access as not involving an access to the full object or accepting
> downcasts (when the original type matches) would work. My preference would be
> for the second option, as downcasts are fairly common in OO.

Well, if we allow this case then we can drop any advanced TBAA we do
completely.  This restriction is really fundamental to TBAA based
optimizations.

Otherwise consider

int i;
struct X { int k; .... };

int foo(struct X *p)
{
  i = 0;
  p->k = 1;
  return i;
}

and we couldn't be sure that p->k is not accessing i and thus not optimize
the above to return 0.  That would be very bad.

You have -fno-strict-aliasing to "save" you.

Your better testcase doesn't change anything - you've just changed the
type of an unrelated object.

Reply via email to