https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103551
Bug ID: 103551 Summary: [12 Regression] wrong code with -O1 -fno-tree-dominator-opts -ftree-vectorize -ftree-vrp Product: gcc Version: 12.0 Status: UNCONFIRMED Keywords: wrong-code Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: zsojka at seznam dot cz Target Milestone: --- Host: x86_64-pc-linux-gnu Created attachment 51925 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51925&action=edit reduced testcase (from OpenTTD sources) Output: $ x86_64-pc-linux-gnu-g++ -O1 -fno-tree-dominator-opts -ftree-vectorize -ftree-vrp testcase.C $ valgrind -q ./a.out ==4448== Invalid write of size 8 ==4448== at 0x40116E: S::S(unsigned short, unsigned short, unsigned short) (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4C8777C: (below main) (in /lib64/libc-2.33.so) ==4448== Address 0x4e31c88 is 8 bytes inside a block of size 10 alloc'd ==4448== at 0x483F835: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4448== by 0x401144: S::S(unsigned short, unsigned short, unsigned short) (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4C8777C: (below main) (in /lib64/libc-2.33.so) ==4448== ==4448== Invalid write of size 8 ==4448== at 0x401178: S::S(unsigned short, unsigned short, unsigned short) (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4C8777C: (below main) (in /lib64/libc-2.33.so) ==4448== Address 0x4e31ca0 is 22 bytes after a block of size 10 alloc'd ==4448== at 0x483F835: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4448== by 0x401144: S::S(unsigned short, unsigned short, unsigned short) (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4C8777C: (below main) (in /lib64/libc-2.33.so) ==4448== ==4448== ==4448== Process terminating with default action of signal 11 (SIGSEGV) ==4448== Access not within mapped region at address 0x5220000 ==4448== at 0x401178: S::S(unsigned short, unsigned short, unsigned short) (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4011EC: _GLOBAL__sub_I__ZN1SC2Ettt (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x40124C: __libc_csu_init (in /home/smatz/gcc-bug/97/a.out) ==4448== by 0x4C8777C: (below main) (in /lib64/libc-2.33.so) ==4448== If you believe this happened as a result of a stack ==4448== overflow in your program's main thread (unlikely but ==4448== possible), you can try to increase the size of the ==4448== main thread stack using the --main-stacksize= flag. ==4448== The main thread stack size used in this run was 8388608. Segmentation fault 0x0000000000401164 <+78>: movzwl %cx,%ecx 0x0000000000401167 <+81>: shl $0x4,%rcx 0x000000000040116b <+85>: add %rax,%rcx => 0x000000000040116e <+88>: movups %xmm0,(%rax) 0x0000000000401171 <+91>: add $0x10,%rax 0x0000000000401175 <+95>: cmp %rax,%rcx 0x0000000000401178 <+98>: jne 0x40116e <_ZN1SC2Ettt+88> $ x86_64-pc-linux-gnu-g++ -v Using built-in specs. COLLECT_GCC=/repo/gcc-trunk/binary-latest/bin/x86_64-pc-linux-gnu-g++ COLLECT_LTO_WRAPPER=/repo/gcc-trunk/binary-trunk-r12-5767-20211203172717-g6262e3a22b3-checking-yes-rtl-df-extra-nobootstrap-pr103149-amd64/bin/../libexec/gcc/x86_64-pc-linux-gnu/12.0.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /repo/gcc-trunk//configure --enable-languages=c,c++ --enable-valgrind-annotations --disable-nls --enable-checking=yes,rtl,df,extra --disable-bootstrap --with-cloog --with-ppl --with-isl --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu --with-ld=/usr/bin/x86_64-pc-linux-gnu-ld --with-as=/usr/bin/x86_64-pc-linux-gnu-as --disable-libstdcxx-pch --prefix=/repo/gcc-trunk//binary-trunk-r12-5767-20211203172717-g6262e3a22b3-checking-yes-rtl-df-extra-nobootstrap-pr103149-amd64 Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 12.0.0 20211203 (experimental) (GCC)