Wind River Support Network

Description

The buggy code (access of numbers[0][SIZE]) somewhat explains why this bug has not been found. But I believe the compiler should generate a warning and correct code.

/Fredrik


Hi,

The code snippet below is representative of a code in the Ericsson codebase that triggers fault when upgrading from WR5 (gcc 4.6.3) to WR6 (gcc 4.8.1) toolchain.

Code is compiled as follows:

arm-wrs-linux-gnueabi/arm-wrs-linux-gnueabi-gcc --sysroot <path to WR6 sysroot> -O3 -Wpedantic want_warning.c -o want_warning


#include <stdio.h>
#include <stdint.h>
#include <string.h>

#define SIZE 10

int main()
{
  uint32_t numbers[2][SIZE];
  uint32_t i = 0;

  memset(&numbers, 0xff, sizeof(numbers));

  while (numbers[0][i] != 0 && i < SIZE)
  {
    printf("Reading at [0][%u]: %u\n", i, numbers[0][i]);
    i++;
  }

  return 0;
}

Executing the code gives the result as shown below, which is different from gcc 4.6.3 behavior. The expected result is to terminate the loop when i is equal to 10 but that is not happening. Reason is likely the new "aggressive loop optimization" behavior of gcc 4.8.1 resulting in that the condition "i < SIZE" is optimized away.  Gcc likely determines that is does not need to check that "i < SIZE" since when i => SIZE then undefined behavior has already occurred (index out of range on the numbers array) so the condition "i < SIZE" always has to be true.

A warning or compiler error when such optimization is occurring is needed, we consider it a bug that this is not happening in this case.


Reading at [0][0]: 4294967295
Reading at [0][1]: 4294967295
Reading at [0][2]: 4294967295
Reading at [0][3]: 4294967295
Reading at [0][4]: 4294967295
Reading at [0][5]: 4294967295
Reading at [0][6]: 4294967295
Reading at [0][7]: 4294967295
Reading at [0][8]: 4294967295
Reading at [0][9]: 4294967295
Reading at [0][10]: 4294967295
Reading at [0][11]: 4294967295
Reading at [0][12]: 4294967295
Reading at [0][13]: 4294967295
Reading at [0][14]: 4294967295
Reading at [0][15]: 4294967295
Reading at [0][16]: 4294967295
Reading at [0][17]: 4294967295
Reading at [0][18]: 4294967295
Reading at [0][19]: 4294967295
Reading at [0][20]: 3069767680
Reading at [0][21]: 33612
Reading at [0][22]: 3069936832
Reading at [0][23]: 3068521280
Reading at [0][24]: 3069767680
Reading at [0][25]: 3198283012
Reading at [0][26]: 1
Reading at [0][27]: 33612

Workaround

Use compiler option "-fdisable-tree-cunroll"

Other Downloads

• binary-toolchain-4.8-39
• binary-toolchain-4.8-40
• binary-toolchain-4.8-42
• binary-toolchain-4.8-43
• binary-toolchain-4.8-44
• binary-toolchain-4.8-45
• binary-toolchain-4.8-47
• Wind River Linux 6.0.0.29
• Wind River Linux 6.0.0.30
• Wind River Linux 6.0.0.31
• Wind River Linux 6.0.0.32
• Wind River Linux 6.0.0.33
• Wind River Linux 6.0.0.34
• Wind River Linux 6.0.0.35
• Wind River Linux 6.0.0.36
• Wind River Linux 6.0.0.37
• Wind River Linux 6.0.0.38