https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93105
Bug ID: 93105
Summary: Wrong optimization for pointers: provenance of `p +
(q1 - q2)` is treated as `q` when the provenance of
`p` is unknown
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: rtl-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: ch3root at openwall dot com
Target Milestone: ---
gcc seems to wrongly infer provenance of a pointer expression of the form `p +
(q1 - q2)` when the following conditions hold:
- the provenance of the pointer `p` couldn't be tracked;
- the provenance of `q1` or `q2` is known;
- `q1 - q2` couldn't be simplified to get rid of pointers.
----------------------------------------------------------------------
#include <stdio.h>
__attribute__((noipa)) // imagine it in a separate TU
static int *opaque(int *p) { return p; }
int main()
{
static int x, y;
int *r = opaque(&x) + (opaque(&y) - &y);
x = 1;
*r = 2;
printf("x = %d\n", x);
}
----------------------------------------------------------------------
$ gcc -std=c11 -pedantic -Wall -Wextra test.c && ./a.out
x = 2
$ gcc -std=c11 -pedantic -Wall -Wextra -O3 test.c && ./a.out
x = 1
----------------------------------------------------------------------
gcc x86-64 version: gcc (GCC) 10.0.0 20191230 (experimental)
----------------------------------------------------------------------
The problem is similar to pr49330. Analysis by Alexander Monakov via bug 49330,
comment 29:
"It's a separate issue, and it's also a regression, gcc-4.7 did not miscompile
this. The responsible pass seems to be RTL DSE."
