https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113703
Bug ID: 113703 Summary: ivopts miscompiles loop Product: gcc Version: 14.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: kristerw at gcc dot gnu.org Target Milestone: --- The following function (gcc.dg/tree-ssa/ivopts-lt.c) is miscompiled when compiled with with -O1 for X86_64: #include "stdint.h" void f1 (char *p, uintptr_t i, uintptr_t n) { p += i; do { *p = '\0'; p += 1; i++; } while (i < n); } The IR after cunroll looks like: void f1 (char * p, uintptr_t i, uintptr_t n) { <bb 2>: p_6 = p_4(D) + i_5(D); <bb 3>: # p_1 = PHI <p_6(2), p_9(5)> # i_2 = PHI <i_5(D)(2), i_10(5)> *p_1 = 0; p_9 = p_1 + 1; i_10 = i_2 + 1; if (i_10 < n_11(D)) goto <bb 5>; else goto <bb 4>; <bb 5>: goto <bb 3>; <bb 4>: return; } This is then changed by ivopts to void f1 (char * p, uintptr_t i, uintptr_t n) { sizetype _13; char * _14; <bb 2>: p_6 = p_4(D) + i_5(D); _13 = n_11(D) - i_5(D); _14 = p_6 + _13; <bb 3>: # p_1 = PHI <p_6(2), p_9(5)> MEM[(char *)p_1] = 0; p_9 = p_1 + 1; if (p_9 < _14) goto <bb 5>; else goto <bb 4>; <bb 5>: goto <bb 3>; <bb 4>: return; } Suppose the function gets called with the values: p = 0x0002ffffffffffff i = 0xffff000000000001 n = 0xdffd7fffffffffff The original function writes 0 to address 0x0002000000000000, and then exits. The optimized function overflows when calculating _14, and the function does the equivalent of memset(0x0002000000000000, 0, 0xdffe7ffffffffffe);