[Bug tree-optimization/91597] New: [9/10 Regression] GCC miscompiles a branch depending on a pointer tag

Thu, 29 Aug 2019 04:26:58 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91597

            Bug ID: 91597
           Summary: [9/10 Regression] GCC miscompiles a branch depending
                    on a pointer tag
           Product: gcc
           Version: 9.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: wjnawrocki at protonmail dot com
  Target Milestone: ---

Created attachment 46782
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=46782&action=edit
Preprocessed testcase

The following bit of C++ source code (also attached preprocessed):

#include <cstddef>
#include <cstdint>

enum class foo_kind { A, B, C };

struct alignas(4) foo {
    foo_kind m_kind;
};

foo_kind kind_(foo * o) {
    if ((reinterpret_cast<std::uintptr_t>(o) & 1) == 0)
        return o->m_kind;
    else
        return foo_kind::A;
}

bool is_bc(foo * o) { return kind_(o) == foo_kind::B || kind_(o) ==
foo_kind::C; }

__attribute__((always_inline)) inline void loop_if_bc(foo * o, int depth) {
    if (__builtin_expect(!is_bc(o), 0))
        throw "what";
    if (depth > 0) return;
    loop_if_bc(o, depth+1);
}

void destruct_foo(foo * o) {
    switch (o->m_kind) {
    case foo_kind::A: return;
    case foo_kind::B: loop_if_bc(o, 0); break;
    case foo_kind::C: loop_if_bc(o, 0); break;
    }
}

int main(int, char**, char**) {
    foo obj { foo_kind::C };
    destruct_foo(&obj);
    return 0;
}
is miscompiled by GCC 9.1.0, 9.2.0 and maybe other versions when compiled with
at least -O2. The correct output should be nothing (exit code 0), but the
compiled program terminates with an uncaught "what" exception:
$ g++ dealloc.cpp -o dealloc -O2 -Wall -Wextra -Wpedantic
$ ./dealloc
terminate called after throwing an instance of 'char const*'

Info:
$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /build/gcc/src/gcc/configure --prefix=/usr --libdir=/usr/lib
--libexecdir=/usr/lib --mandir=/usr/share/man --infodir=/usr/share/info
--with-bugurl=https://bugs.archlinux.org/
--enable-languages=c,c++,ada,fortran,go,lto,objc,obj-c++ --enable-shared
--enable-threads=posix --with-system-zlib --with-isl --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-clocale=gnu --disable-libstdcxx-pch
--disable-libssp --enable-gnu-unique-object --enable-linker-build-id
--enable-lto --enable-plugin --enable-install-libiberty
--with-linker-hash-style=gnu --enable-gnu-indirect-function --enable-multilib
--disable-werror --enable-checking=release --enable-default-pie
--enable-default-ssp --enable-cet=auto
Thread model: posix
gcc version 9.1.0 (GCC)

Reply via email to