Debian Bug report logs - #325670
gcc-4.0: regression: generates wrong code for inlined memcpy

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: submit@bugs.debian.org

Subject: gcc-4.0: regression: generates wrong code for inlined memcpy

Date: Tue, 30 Aug 2005 00:34:01 -0700

[Message part 1 (text/plain, inline)]

Package: gcc-4.0
Version: 4.0.1-2
Severity: important

When passing pointers to 4-byte types to memcpy(), gcc-4.0 generates
wrong code which assumes that these pointers are aligned at 4-byte
boundaries for purposes of optimization, ignoring the implicit cast to
(char *) in the prototype of memcpy().  I don't believe code should have
to explicitly cast to (char *) to guard against such optimizations, and
it seems that memcpy() is quite likely to be used for copying data from
unaligned locations to aligned buffers precisely because it's supposed
to be capable of unaligned access.  At least two packages, dhcp3 and
traceroute, have been reported as failing on sparc with bus errors when
built with gcc-4.0, because they use memcpy() to copy data from network
buffers where alignment is not guaranteed.

This bug has been reproduced with gcc-4.0 4.0.1-6 on vore using the
attached test case.  The test case is derived from the failing code in
dhcp3 (bug #321987, #325605).

vorlon@vore:~$ gcc-4.0 -g -o memcpytest ./memcpytest.c  && ./memcpytest
Bus error
vorlon@vore:~$ gcc-4.0 -DEXPLICIT_CAST -g -o memcpytest ./memcpytest.c && ./memcpytest
vorlon@vore:~$

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

[memcpytest.c (text/x-csrc, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 325670@bugs.debian.org (full text, mbox, reply):

From: Falk Hueffner <falk@debian.org>

To: 325670@bugs.debian.org, vorlon@debian.org

Subject: Re: Bug#325670: gcc-4.0: regression: generates wrong code for inlined memcpy

Date: Tue, 30 Aug 2005 14:08:17 +0200

Steve Langasek <vorlon@debian.org>, 325670@bugs.debian.org schrieb am 30.08.05 09:49:30:

> When passing pointers to 4-byte types to memcpy(), gcc-4.0 generates
> wrong code which assumes that these pointers are aligned at 4-byte
> boundaries for purposes of optimization, ignoring the implicit cast to
> (char *) in the prototype of memcpy().

If a pointer points to an object that requires an alignment, then gcc can of
course assume this alignment in the pointer. Later casting or passing of this
pointer does not change this fact. If the pointer isn't actually aligned
correctly for the object, then the error is already there (on the user's part),
and the behaviour of memcpy is a red herring. So this is not a gcc bug.

Message #15 received at 325670@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: Falk Hueffner <falk@debian.org>

Cc: 325670@bugs.debian.org

Subject: Re: Bug#325670: gcc-4.0: regression: generates wrong code for inlined memcpy

Date: Tue, 30 Aug 2005 14:45:41 -0700

[Message part 1 (text/plain, inline)]

On Tue, Aug 30, 2005 at 02:08:17PM +0200, Falk Hueffner wrote:
> Steve Langasek <vorlon@debian.org>, 325670@bugs.debian.org schrieb am 30.08.05 09:49:30:

> > When passing pointers to 4-byte types to memcpy(), gcc-4.0 generates
> > wrong code which assumes that these pointers are aligned at 4-byte
> > boundaries for purposes of optimization, ignoring the implicit cast to
> > (char *) in the prototype of memcpy().

> If a pointer points to an object that requires an alignment, then gcc can of
> course assume this alignment in the pointer. Later casting or passing of this
> pointer does not change this fact. If the pointer isn't actually aligned
> correctly for the object, then the error is already there (on the user's part),
> and the behaviour of memcpy is a red herring. So this is not a gcc bug.

By any chance, can you provide a reference to the C spec that shows
gcc's current behavior is valid?  Given that traceroute is among the
programs that breaks under gcc-4.0, it seems to me that the assumption
that it's safe to use memcpy this way has been around for quite some
time.

Note that we are talking about pointers that are used for *no* other
purpose than as a convenience for calculating offsets into buffers; the
pointers are never dereferenced by the code itself, and this unaligned
access is only happening because the gcc implementation of memcpy() is
making assumptions about its arguments that, AFAICT, it is not supposed
to be able to make.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 325670@bugs.debian.org (full text, mbox, reply):

From: Bastian Blank <waldi@debian.org>

To: Steve Langasek <vorlon@debian.org>, 325670@bugs.debian.org

Subject: Re: Bug#325670: gcc-4.0: regression: generates wrong code for inlined memcpy

Date: Wed, 31 Aug 2005 00:05:35 +0200

[Message part 1 (text/plain, inline)]

On Tue, Aug 30, 2005 at 02:45:41PM -0700, Steve Langasek wrote:
> By any chance, can you provide a reference to the C spec that shows
> gcc's current behavior is valid?  Given that traceroute is among the
> programs that breaks under gcc-4.0, it seems to me that the assumption
> that it's safe to use memcpy this way has been around for quite some
> time.

6.3.2.3, paragraph 7.

Bastian

-- 
	"... freedom ... is a worship word..."
	"It is our worship word too."
		-- Cloud William and Kirk, "The Omega Glory", stardate unknown

[signature.asc (application/pgp-signature, inline)]

Message #25 received at 325670@bugs.debian.org (full text, mbox, reply):

From: Bastian Blank <waldi@debian.org>

To: Steve Langasek <vorlon@debian.org>, 325670@bugs.debian.org

Subject: Re: Bug#325670: gcc-4.0: regression: generates wrong code for inlined memcpy

Date: Wed, 31 Aug 2005 00:09:40 +0200

[Message part 1 (text/plain, inline)]

On Tue, Aug 30, 2005 at 12:34:01AM -0700, Steve Langasek wrote:
> When passing pointers to 4-byte types to memcpy(), gcc-4.0 generates
> wrong code which assumes that these pointers are aligned at 4-byte
> boundaries for purposes of optimization, ignoring the implicit cast to
> (char *) in the prototype of memcpy().

There is no implicit cast to char *. memcpy gets two void pointers.

Bastian

-- 
The joys of love made her human and the agonies of love destroyed her.
		-- Spock, "Requiem for Methuselah", stardate 5842.8

[signature.asc (application/pgp-signature, inline)]

Message #30 received at 325670@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: Bastian Blank <waldi@debian.org>

Cc: 325670@bugs.debian.org

Subject: Re: Bug#325670: gcc-4.0: regression: generates wrong code for inlined memcpy

Date: Tue, 30 Aug 2005 15:56:43 -0700

[Message part 1 (text/plain, inline)]

On Wed, Aug 31, 2005 at 12:09:40AM +0200, Bastian Blank wrote:
> On Tue, Aug 30, 2005 at 12:34:01AM -0700, Steve Langasek wrote:
> > When passing pointers to 4-byte types to memcpy(), gcc-4.0 generates
> > wrong code which assumes that these pointers are aligned at 4-byte
> > boundaries for purposes of optimization, ignoring the implicit cast to
> > (char *) in the prototype of memcpy().

> There is no implicit cast to char *. memcpy gets two void pointers.

Hmm, yes...  Unfortunately, it appears that using (void *) is not
sufficient to stop gcc-4.0 from peeking at the pointer in this case --
whereas, if memcpy() is implemented as a function, it certainly would
be...

On Wed, Aug 31, 2005 at 12:05:35AM +0200, Bastian Blank wrote:
> On Tue, Aug 30, 2005 at 02:45:41PM -0700, Steve Langasek wrote:
> > By any chance, can you provide a reference to the C spec that shows
> > gcc's current behavior is valid?  Given that traceroute is among the
> > programs that breaks under gcc-4.0, it seems to me that the assumption
> > that it's safe to use memcpy this way has been around for quite some
> > time.

> 6.3.2.3, paragraph 7.

That paragraph appears to read:

   A pointer to an object or incomplete type may be converted to a
   pointer to a different object or incomplete type. If the resulting
   pointer is not correctly aligned for the pointed-to type, the
   behavior is undefined. Otherwise, when converted back again, the
   result shall compare equal to the original pointer. When a pointer to
   an object is converted to a pointer to a character type, the result
   points to the lowest addressed byte of the object.

So by making the initial cast from char * to the pointer type that
requires greater alignment, the programmer is invoking undefined
behavior, which means gcc's implementation of memcpy() is allowed by the
spec.  That's what I wanted to know, thanks.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

[signature.asc (application/pgp-signature, inline)]

Message #35 received at 325670-done@bugs.debian.org (full text, mbox, reply):

From: Falk Hueffner <falk@debian.org>

To: 325670-done@bugs.debian.org

Subject: Bug#325670: gcc-4.0: regression: generates wrong code for inlined memcpy

Date: Sun, 02 Oct 2005 16:45:54 +0200

Hi,

consensus seems to be that his is not a bug in gcc, so closing.

-- 
	Falk

Send a report that this bug log contains spam.