http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60183
Bug ID: 60183 Summary: [4.7/4.8/4.9 Regression] phiprop creates invalid code Product: gcc Version: 4.8.2 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: jakub at gcc dot gnu.org On: unsigned long c[32] = { 1 }; static void foo (unsigned long *x, unsigned long *y) { int i; unsigned long w = x[0]; for (i = 0; i < 8; i++) { w ^= *y++; w += *y++; w ^= *y++; w += *y++; } x[1] = w; } __attribute__((noinline, noclone)) void bar (unsigned long *x) { foo (x, c); } int main () { unsigned long a[2] = { 0, -1UL }; asm volatile ("" : : "r" (c) : "memory"); c[0] = 0; bar (a); if (a[1] != 0) __builtin_abort (); return 0; } at -O1 or higher phiprop causes invalid code to be generated, where the loop body reads the next *y value into a SSA_NAME and in loop preheader it reads c[0] into a SSA_NAME which is then used in a PHI on the loop header and the result of the PHI is used instead of the first *y read. In this particular case, I don't even see any advantages of doing that, but more importantly it can read one past the end of the array. With -O{1,2,3} -fsanitize=address this fails loudly, otherwise if you are unlucky enough and the variable is at the end of some mmapped area, you could get a crash as well.