[LLVMbugs] [Bug 11938] New: Silent miscompilation of memcpy()

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Feb 6 22:40:20 PST 2012 

http://llvm.org/bugs/show_bug.cgi?id=11938

             Bug #: 11938
           Summary: Silent miscompilation of memcpy()
           Product: clang
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: LLVM Codegen
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: nicolasweber at gmx.de
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified


Look at this program:

tests-MacBook-Pro-2:src test$ cat test.cc
#include <string.h>

typedef unsigned char uint8;

static const uint8 kClusterHeader[] = {
  0x1F, 0x43, 0xB6, 0x75,  // CLUSTER ID
  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // cluster(size = 0)
  0xE7,  // Timecode ID
  0x88,  // timecode(size=8)
  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // timecode value
};

uint8* buffer_;

void f() {
  buffer_ = new uint8[sizeof(kClusterHeader)];
  memcpy(buffer_, kClusterHeader, sizeof(kClusterHeader));
}



Building it with clang r149419 miscompiles the memcpy (the -arch i386 doesn't
matter):

tests-MacBook-Pro-2:src test$ Release+Asserts/bin/clang -c test.cc -O2 -arch
i386
tests-MacBook-Pro-2:src test$ otx test.o 
/Users/test/src/chrome-git/src/test.o:

md5: b2c1c251e3a8bbf6a1b25ed8d86d5798

(__TEXT,__text) section

f()
    +0  00000000  55                      pushl       %ebp
    +1  00000001  89e5                    movl        %esp,%ebp
    +3  00000003  56                      pushl       %esi
    +4  00000004  50                      pushl       %eax
    +5  00000005  e800000000              calll       0x0000000a
   +10  0000000a  5e                      popl        %esi
   +11  0000000b  c7042416000000          movl        $0x00000016,(%esp)
   +18  00000012  e8e9ffffff              calll       operator new[](unsigned
long)
   +23  00000017  89868e000000            movl        %eax,0x0000008e(%esi)    
    _buffer_
   +29  0000001d  66c740140000            movw        $0x0000,0x14(%eax)
   +35  00000023  c7401000000000          movl        $0x00000000,0x10(%eax)
   +42  0000002a  c7400c00000000          movl        $0x00000000,0x0c(%eax)
   +49  00000031  c7400800000000          movl        $0x00000000,0x08(%eax)
   +56  00000038  c7400401000000          movl        $0x00000001,0x04(%eax)
   +63  0000003f  c7001f43b675            movl        $0x75b6431f,(%eax)
   +69  00000045  83c404                  addl        $0x04,%esp
   +72  00000048  5e                      popl        %esi
   +73  00000049  5d                      popl        %ebp
   +74  0000004a  c3                      ret


Note how the e7 and 88 never make it into the output.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list