Fixed
Created: Sep 8, 2014
Updated: Dec 3, 2018
Resolved Date: Oct 20, 2014
Found In Version: 6.0.0.10
Fix Version: 6.0.0.13
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Host Tools
The buggy code (access of numbers[0][SIZE]) somewhat explains why this bug has not been found. But I believe the compiler should generate a warning and correct code.
/Fredrik
Hi,
The code snippet below is representative of a code in the Ericsson codebase that triggers fault when upgrading from WR5 (gcc 4.6.3) to WR6 (gcc 4.8.1) toolchain.
Code is compiled as follows:
arm-wrs-linux-gnueabi/arm-wrs-linux-gnueabi-gcc --sysroot <path to WR6 sysroot> -O3 -Wpedantic want_warning.c -o want_warning
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#define SIZE 10
int main()
{
uint32_t numbers[2][SIZE];
uint32_t i = 0;
memset(&numbers, 0xff, sizeof(numbers));
while (numbers[0][i] != 0 && i < SIZE)
{
printf("Reading at [0][%u]: %u\n", i, numbers[0][i]);
i++;
}
return 0;
}
Executing the code gives the result as shown below, which is different from gcc 4.6.3 behavior. The expected result is to terminate the loop when i is equal to 10 but that is not happening. Reason is likely the new "aggressive loop optimization" behavior of gcc 4.8.1 resulting in that the condition "i < SIZE" is optimized away. Gcc likely determines that is does not need to check that "i < SIZE" since when i => SIZE then undefined behavior has already occurred (index out of range on the numbers array) so the condition "i < SIZE" always has to be true.
A warning or compiler error when such optimization is occurring is needed, we consider it a bug that this is not happening in this case.
Reading at [0][0]: 4294967295
Reading at [0][1]: 4294967295
Reading at [0][2]: 4294967295
Reading at [0][3]: 4294967295
Reading at [0][4]: 4294967295
Reading at [0][5]: 4294967295
Reading at [0][6]: 4294967295
Reading at [0][7]: 4294967295
Reading at [0][8]: 4294967295
Reading at [0][9]: 4294967295
Reading at [0][10]: 4294967295
Reading at [0][11]: 4294967295
Reading at [0][12]: 4294967295
Reading at [0][13]: 4294967295
Reading at [0][14]: 4294967295
Reading at [0][15]: 4294967295
Reading at [0][16]: 4294967295
Reading at [0][17]: 4294967295
Reading at [0][18]: 4294967295
Reading at [0][19]: 4294967295
Reading at [0][20]: 3069767680
Reading at [0][21]: 33612
Reading at [0][22]: 3069936832
Reading at [0][23]: 3068521280
Reading at [0][24]: 3069767680
Reading at [0][25]: 3198283012
Reading at [0][26]: 1
Reading at [0][27]: 33612
Use compiler option "-fdisable-tree-cunroll"