[llvm-bugs] [Bug 44342] New: Wrong optimization: provenance affects comparison of saved bits of addresses of dead auto variables

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Dec 19 07:24:22 PST 2019 

https://bugs.llvm.org/show_bug.cgi?id=44342

            Bug ID: 44342
           Summary: Wrong optimization: provenance affects comparison of
                    saved bits of addresses of dead auto variables
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: ch3root at openwall.com
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

It's known that the value of a pointer to an object becomes indeterminate after
the object is dead (C11, 6.2.4p2). Whether its representation becomes
indeterminate is up for debate but let's bypass the issue by saving the
representation while the object is still alive. For example, we can cast it to
an integer. And we'll get an ordinary integer, with a stable value etc., not
affected by changes in the life of the original object. Right?

This seems to be broken for the equality operators when the operands are
constructed from addresses of automatic variables and at least one of these
variables is dead at the time of comparison.

----------------------------------------------------------------------
#include <stdio.h>

int main()
{
    unsigned long u, v;

    {
        int x[5];
        u = (unsigned long)x;
    }

    {
        int y[5];
        v = (unsigned long)y;
    }

    printf("u = %#lx\n", u);
    printf("v = %#lx\n", v);
    printf("diff = %#lx\n", u - v);
    printf("eq = %d\n", u == v);
}
----------------------------------------------------------------------
$ clang -std=c11 -Weverything -O3 test.c && ./a.out
u = 0x7ffd6e1f3de0
v = 0x7ffd6e1f3de0
diff = 0
eq = 0
----------------------------------------------------------------------
clang x86-64 version: clang version 10.0.0
(https://github.com/llvm/llvm-project.git
200cce345dcf114a1b1012bc9c68adef6c99a595)


If "diff" is 0 then "eq" should be 1.

gcc bug -- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93010

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191219/d98a2493/attachment.html>

More information about the llvm-bugs mailing list