[Bug 1267761] Re: miscompilation of unsigned comparison on aarch64

Bug Watch Updater 1267761 at bugs.launchpad.net
Fri Jan 10 10:41:45 UTC 2014 

Launchpad has imported 2 comments from the remote bug at
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59744.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2014-01-10T00:30:27+00:00 Michael Hudson-Doyle wrote:

Hi,

This slightly strangely written program (it's distilled down from
frame_offset_overflow in the gcc source itself) should print "bigger" if
the first argument is bigger than 10 (or negative, but let's ignore that
please):

#include <stdlib.h>
#include <stdio.h>

int a[2] = { 10, 20 };

int
is_bigger (long offset, int index)
{
  unsigned long size = -offset;

  if (size > a[index])
    {
      printf("bigger\n");
      return 1;
    }

  return 0;
}


int
main (int argc, char** argv)
{
  long v;
  v = atol(argv[1]);
  is_bigger(-v, 0);
  return 0;
}

When compiled at -O1 or above (and with inlining disabled at -O2 and
above), though, it bungles the 0 case:

(t-doko)mwhudson at arm64:~$ gcc-4.9 -O3 test.c -o test -fno-inline -Wall
(t-doko)mwhudson at arm64:~$ ./test 1
(t-doko)mwhudson at arm64:~$ ./test 11
bigger
(t-doko)mwhudson at arm64:~$ ./test 0 
bigger
(t-doko)mwhudson at arm64:~$ gcc-4.9 -O0 test.c -o test -Wall
(t-doko)mwhudson at arm64:~$ ./test 1
(t-doko)mwhudson at arm64:~$ ./test 11
bigger
(t-doko)mwhudson at arm64:~$ ./test 0
(t-doko)mwhudson at arm64:~$ 

What's going on?  Here's the disassembly of is_bigger (at O3):

0000000000400608 <is_bigger>:
  400608:       b0000082        adrp    x2, 411000 <_GLOBAL_OFFSET_TABLE_+0x28>
  40060c:       91010042        add     x2, x2, #0x40
  400610:       a9bf7bfd        stp     x29, x30, [sp,#-16]!
  400614:       52800003        mov     w3, #0x0                        // #0
  400618:       910003fd        mov     x29, sp
  40061c:       b8a1d841        ldrsw   x1, [x2,w1,sxtw #2]
  400620:       ab00003f        cmn     x1, x0
  400624:       540000a2        b.cs    400638 <is_bigger+0x30>
  400628:       90000000        adrp    x0, 400000 <_init-0x3f8>
  40062c:       911b6000        add     x0, x0, #0x6d8
  400630:       97ffff90        bl      400470 <puts at plt>
  400634:       52800023        mov     w3, #0x1                        // #1
  400638:       2a0303e0        mov     w0, w3
  40063c:       a8c17bfd        ldp     x29, x30, [sp],#16
  400640:       d65f03c0        ret

Basically it seems that the condition "-offset > val" is being compiled
as "val + offset does not overflow", which is not valid for offset == 0.

Reply at: https://bugs.launchpad.net/gcc-linaro/+bug/1267761/comments/0

------------------------------------------------------------------------
On 2014-01-10T01:00:19+00:00 Pinskia wrote:

(insn 14 13 15 2 (set (reg:CC_SWP 66 cc)
        (compare:CC_SWP (neg:DI (reg:DI 0 x0 [ offset ]))
            (reg:DI 1 x1 [orig:85 D.3895 ] [85]))) t7.c:11 114 {*compare_negdi}
     (expr_list:REG_DEAD (reg:DI 1 x1 [orig:85 D.3895 ] [85])
        (expr_list:REG_DEAD (reg:DI 0 x0 [ offset ])
            (nil))))

--- CUT ---
Here is a testcase that fails at -O1 and above without any arguments.

int a[2] = { 10, 20 };

int
is_bigger (long, int) __attribute__((noinline,noclone));

int
is_bigger (long offset, int index)
{
  unsigned long size = -offset;

  if (size > a[index])
   return 1;

  return 0;
}


int
main (int argc, char** argv)
{
  long v;
  if (is_bigger(0, 0))
    __builtin_abort ();
  if (!is_bigger(1, 0))
    __builtin_abort ();
  if (is_bigger(-10, 0))
    __builtin_abort ();
  if (!is_bigger(10, 0))
    __builtin_abort ();
  return 0;
}

Reply at: https://bugs.launchpad.net/gcc-linaro/+bug/1267761/comments/1


** Changed in: gcc
       Status: Unknown => Confirmed

** Changed in: gcc
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-4.8 in Ubuntu.
https://bugs.launchpad.net/bugs/1267761

Title:
  miscompilation of unsigned comparison on aarch64

Status in The GNU Compiler Collection:
  Confirmed
Status in Linaro GCC:
  New
Status in “gcc-4.8” package in Ubuntu:
  Confirmed
Status in “gcc-4.8” source package in Trusty:
  Confirmed

Bug description:
  see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59744

To manage notifications about this bug go to:
https://bugs.launchpad.net/gcc/+bug/1267761/+subscriptions

More information about the foundations-bugs mailing list