<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Wrong optimization: provenance affects comparison of saved bits of addresses of dead auto variables"

   href="https://bugs.llvm.org/show_bug.cgi?id=44342">44342</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Wrong optimization: provenance affects comparison of saved bits of addresses of dead auto variables

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>ch3root@openwall.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>It's known that the value of a pointer to an object becomes indeterminate after

the object is dead (C11, 6.2.4p2). Whether its representation becomes

indeterminate is up for debate but let's bypass the issue by saving the

representation while the object is still alive. For example, we can cast it to

an integer. And we'll get an ordinary integer, with a stable value etc., not

affected by changes in the life of the original object. Right?

This seems to be broken for the equality operators when the operands are

constructed from addresses of automatic variables and at least one of these

variables is dead at the time of comparison.

----------------------------------------------------------------------

#include <stdio.h>

int main()

{

    unsigned long u, v;

    {

        int x[5];

        u = (unsigned long)x;

    }

    {

        int y[5];

        v = (unsigned long)y;

    }

    printf("u = %#lx\n", u);

    printf("v = %#lx\n", v);

    printf("diff = %#lx\n", u - v);

    printf("eq = %d\n", u == v);

}

----------------------------------------------------------------------

$ clang -std=c11 -Weverything -O3 test.c && ./a.out

u = 0x7ffd6e1f3de0

v = 0x7ffd6e1f3de0

diff = 0

eq = 0

----------------------------------------------------------------------

clang x86-64 version: clang version 10.0.0

(<a href="https://github.com/llvm/llvm-project.git">https://github.com/llvm/llvm-project.git</a>

200cce345dcf114a1b1012bc9c68adef6c99a595)

If "diff" is 0 then "eq" should be 1.

gcc bug -- <a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93010">https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93010</a></pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>