[Bug 1072650] Re: gcc -O2 produces incorrect code for accessing struct by its address

David david at edeca.net
Wed Mar 19 09:51:33 UTC 2014 

Also see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60581 (reported
upstream to GCC by Rafał) and
https://bugs.gentoo.org/show_bug.cgi?id=505026 (further discussion of
why this has occurred).

** Bug watch added: GCC Bugzilla #60581
   http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60581

** Bug watch added: Gentoo Bugzilla #505026
   https://bugs.gentoo.org/show_bug.cgi?id=505026

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/1072650

Title:
  gcc -O2 produces incorrect code for accessing struct by its address

Status in “gcc-defaults” package in Ubuntu:
  New

Bug description:
  The repro code (attached below), when compiled under Ubuntu 12.04 LTS on x86_64, with -O2 flag, produces incorrect code.
  As seen in the disassembly, the assignment to hdr.saddr is completely optimized out, and subsequent accesses to this field reads garbage from the stack.
  Without -02, or on x86_32, the code is correct (so on x86_64, the same program compiled with -O2 produces different output than the one compiled without -O2).
  At least on one other 64bit system (Fedora 14), gcc -O2 produces correct code. This looks like a gcc bug, specific to the particular version.
  Because of this bug, libnids library is not working on x86_64 12.04 LTS (as originally reported by Carlos Vega, carlosvm91 at gmail.com).

  ========== Repro code =========
  #include <stdio.h>

  struct psuedo_hdr
  {
    int saddr;      
    int daddr;      
    char zero;        
    char protocol; 
    short len;   
  } __attribute__((packed));

  main()
  {
    unsigned int i;
    unsigned int sum = 0;
    struct psuedo_hdr hdr;

    hdr.saddr = 0xaabbccdd;
    hdr.daddr = 0x11223344;
    hdr.zero = 0;
    hdr.protocol = 6;
    hdr.len = 2;
    for (i = 0; i < sizeof(hdr); i += 2)
      sum += *(short *)((char *)(&hdr) + i);
    printf("0x%x\n", sum); 
    return 0;
  }   
  ==== Repro code end ====

  ==== packages versions ====
  user at user-MS-7808:~/gccbug$ dpkg -s gcc binutils
  Package: gcc
  Status: install ok installed
  Priority: optional
  Section: devel
  Installed-Size: 41
  Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
  Architecture: amd64
  Source: gcc-defaults (1.112ubuntu5)
  Version: 4:4.6.3-1ubuntu5
  Provides: c-compiler
  Depends: cpp (>= 4:4.6.3-1ubuntu5), gcc-4.6 (>= 4.6.3-1~)
  Recommends: libc6-dev | libc-dev
  Suggests: gcc-multilib, make, manpages-dev, autoconf, automake1.9, libtool,
  flex, bison, gdb, gcc-doc
  Conflicts: gcc-doc (<< 1:2.95.3)
  Description: GNU C compiler
   This is the GNU C compiler, a fairly portable optimizing compiler for C.
   .
   This is a dependency package providing the default GNU C compiler.
  Original-Maintainer: Debian GCC Maintainers <debian-gcc at lists.debian.org>

  Package: binutils
  Status: install ok installed
  Priority: optional
  Section: devel
  Installed-Size: 8564
  Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
  Architecture: amd64
  Version: 2.22-6ubuntu1
  Replaces: binutils-gold (<< 2.20.51.20100415)
  Provides: elf-binutils
  Depends: libc6 (>= 2.14), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.6), zlib1g
  (>= 1:1.2.0)
  Suggests: binutils-doc (>= 2.22-6ubuntu1)
  Conflicts: binutils-gold (<< 2.20.51.20100415), elf-binutils, gas, modutils
  (<< 2.4.19-1)
  Description: GNU assembler, linker and binary utilities
   The programs in this package are used to assemble, link and manipulate
   binary and object files.  They may be used in conjunction with a compiler
   and various libraries to build programs.
  Original-Maintainer: Matthias Klose <doko at debian.org>

  === packages version end ====

  ==== disassembly of code produced with -O2 ====
  0000000000400440 <main>:
    400440:       48 83 ec 18             sub    $0x18,%rsp
    400444:       31 d2                   xor    %edx,%edx
    400446:       48 8d 74 24 0c          lea    0xc(%rsp),%rsi
    40044b:       c6 44 24 08 00          movb   $0x0,0x8(%rsp)
    400450:       c6 44 24 09 06          movb   $0x6,0x9(%rsp)
    400455:       66 c7 44 24 0a 02 00    movw   $0x2,0xa(%rsp)
    40045c:       48 89 e0                mov    %rsp,%rax
    40045f:       90                      nop
    400460:       0f bf 08                movswl (%rax),%ecx
    400463:       48 83 c0 02             add    $0x2,%rax
    400467:       01 ca                   add    %ecx,%edx
    400469:       48 39 f0                cmp    %rsi,%rax
    40046c:       75 f2                   jne    400460 <main+0x20>
    40046e:       be 5c 06 40 00          mov    $0x40065c,%esi
    400473:       bf 01 00 00 00          mov    $0x1,%edi
    400478:       31 c0                   xor    %eax,%eax
    40047a:       e8 b1 ff ff ff          callq  400430 <__printf_chk at plt>
    40047f:       31 c0                   xor    %eax,%eax
    400481:       48 83 c4 18             add    $0x18,%rsp
    400485:       c3                      retq
    400486:       90                      nop
    400487:       90                      nop

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-defaults/+bug/1072650/+subscriptions

More information about the foundations-bugs mailing list