<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Wrong optimizations for pointers: `if (q == p) use p` -> `if (q == p) use q`"
href="https://bugs.llvm.org/show_bug.cgi?id=44313">44313</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Wrong optimizations for pointers: `if (q == p) use p` -> `if (q == p) use q`
</td>
</tr>
<tr>
<th>Product</th>
<td>new-bugs
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>new bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>ch3root@openwall.com
</td>
</tr>
<tr>
<th>CC</th>
<td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>It seems clang's optimizer changes `if (q == p) use p` to `if (q == p) use q`.
This is quite natural but unfortunately is wrong when `p` and `q` are pointers
with different provenance (similar to -0. and +0. in floating point numbers).
Most examples of equal pointers differing in provenance involve a past-the-end
pointer which usually leads discussions into wrong directions. For a change,
below are two somewhat different examples.
Example with restrict:
----------------------------------------------------------------------
#include <stdio.h>
static void g(int *p, int *q)
{
if (q == p)
*p = 2;
}
static int f(int *restrict p, int *restrict q)
{
*p = 1;
g(p, q);
return *p;
}
int main()
{
int x;
printf("%d\n", f(&x, &x));
}
----------------------------------------------------------------------
$ clang -std=c11 -Weverything test.c && ./a.out
2
$ clang -std=c11 -Weverything -O3 test.c && ./a.out
1
----------------------------------------------------------------------
Example with dead allocated memory:
----------------------------------------------------------------------
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
__attribute__((__optnone__)) // imagine it in a separate TU
static void expose(int *p)
{
(void)p;
}
int main()
{
char w[sizeof(int *)];
int *q = malloc(sizeof(int));
expose(q);
memcpy(&w, &q, sizeof(int *));
free(q);
int *p = malloc(sizeof(int));
expose(p);
*p = 1;
int been_there = 0;
if (memcmp(&w, &p, sizeof(int *)) == 0) {
been_there = 1;
*p = 2;
}
printf("%d %d\n", been_there, *p);
}
----------------------------------------------------------------------
$ clang -std=c11 -Weverything test.c && ./a.out
1 2
$ clang -std=c11 -Weverything -O3 test.c && ./a.out
1 1
----------------------------------------------------------------------
clang x86-64 version: clang version 10.0.0
(<a href="https://github.com/llvm/llvm-project.git">https://github.com/llvm/llvm-project.git</a>
755a66ebdeda38669f5498565cbc6af331b47bad)
Please note that these examples are designed not to involve any controversial
parts of the C standard, e.g., all accesses are via `p`, there are no accesses
via the "wrong" pointer `q`.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>