[llvm-dev] clang10 mis-compiles simple C program transpiled from brainfxxk
Haoran Xu via llvm-dev
llvm-dev at lists.llvm.org
Wed Oct 21 20:47:38 PDT 2020
Hello,
I'm really amazed to find out that under -O3, a simple piece of C code
generated from a brainfxxk-to-C transpiler is miscompiled.
As one probably know, the C code transpiled from brainfxxk only contains 3
kind of statements:
> (1) ++(*ptr) / --(*ptr)
> (2) ++ptr / --ptr
> (3) while (*ptr) { ... }
>
where ptr is a uint8_t*.
So it seems very clear to me that the code contains no undefined behavior
(the pointer is uint8_t* and unsigned integer overflow is not UD).
After further investigation, it seems like clang compiled this loop:
> while (*ptr) {
> --(*ptr);
> ++ptr;
> ++(*ptr);
> --ptr;
> }
>
to an unconditional infinite loop under -O3, resulting in the bug. The
code snippet above seems completely benign to me.
I attached the offending program. With
> clang a.c -O0
>
it worked fine (it should print out an ASCII-art picture of mandelbrot
fracture). However, with -O1 or -O3, it goes into a dead loop (in the code
snippet above) after printing out a few characters.
I also tried UndefinedBehaviorSanitizer. Strangely, when compiling using
> clang a.c -O3 -fsanitize=undefined
>
the code worked again, with no infinite loop, and no undefined behavior
reported.
So it seems to me a LLVM optimizer bug. I would greatly appreciate if any
one is willing to investigate.
Best,
Haoran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20201021/23bd7517/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: src.zip
Type: application/zip
Size: 4747 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20201021/23bd7517/attachment.zip>
More information about the llvm-dev
mailing list