[llvm-bugs] [Bug 44313] New: Wrong optimizations for pointers: `if (q == p) use p` -> `if (q == p) use q`
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Dec 16 06:59:10 PST 2019
https://bugs.llvm.org/show_bug.cgi?id=44313
Bug ID: 44313
Summary: Wrong optimizations for pointers: `if (q == p) use p`
-> `if (q == p) use q`
Product: new-bugs
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: ch3root at openwall.com
CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org
It seems clang's optimizer changes `if (q == p) use p` to `if (q == p) use q`.
This is quite natural but unfortunately is wrong when `p` and `q` are pointers
with different provenance (similar to -0. and +0. in floating point numbers).
Most examples of equal pointers differing in provenance involve a past-the-end
pointer which usually leads discussions into wrong directions. For a change,
below are two somewhat different examples.
Example with restrict:
----------------------------------------------------------------------
#include <stdio.h>
static void g(int *p, int *q)
{
if (q == p)
*p = 2;
}
static int f(int *restrict p, int *restrict q)
{
*p = 1;
g(p, q);
return *p;
}
int main()
{
int x;
printf("%d\n", f(&x, &x));
}
----------------------------------------------------------------------
$ clang -std=c11 -Weverything test.c && ./a.out
2
$ clang -std=c11 -Weverything -O3 test.c && ./a.out
1
----------------------------------------------------------------------
Example with dead allocated memory:
----------------------------------------------------------------------
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
__attribute__((__optnone__)) // imagine it in a separate TU
static void expose(int *p)
{
(void)p;
}
int main()
{
char w[sizeof(int *)];
int *q = malloc(sizeof(int));
expose(q);
memcpy(&w, &q, sizeof(int *));
free(q);
int *p = malloc(sizeof(int));
expose(p);
*p = 1;
int been_there = 0;
if (memcmp(&w, &p, sizeof(int *)) == 0) {
been_there = 1;
*p = 2;
}
printf("%d %d\n", been_there, *p);
}
----------------------------------------------------------------------
$ clang -std=c11 -Weverything test.c && ./a.out
1 2
$ clang -std=c11 -Weverything -O3 test.c && ./a.out
1 1
----------------------------------------------------------------------
clang x86-64 version: clang version 10.0.0
(https://github.com/llvm/llvm-project.git
755a66ebdeda38669f5498565cbc6af331b47bad)
Please note that these examples are designed not to involve any controversial
parts of the C standard, e.g., all accesses are via `p`, there are no accesses
via the "wrong" pointer `q`.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191216/3b43955d/attachment.html>
More information about the llvm-bugs
mailing list