Debian Bug report logs - #619963
gcc-4.6: wrongly optimizes memmove() into memcpy()

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Remi Denis-Courmont <remi@remlab.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: gcc-4.6: wrongly optimizes memmove() into memcpy()

Date: Mon, 28 Mar 2011 20:10:11 +0300

Package: gcc-4.6
Version: 4.6.0-1
Severity: grave
Justification: renders package unusable


	Hello,

Trying to compile VLC media player using Debian gcc-4.6.
It turns out that the compiler is silently replacing memmove() calls
with memcpy() ones, when it is clearly NOT a legal optimization. The
issue was uncovered with valgrind. For instance, this one is failing,
even though both source and destination obviously overlap:

     memmove( &p_aout->pp_inputs[i_input], &p_aout->pp_inputs[i_input + 1],
              (AOUT_MAX_INPUTS - i_input - 1) * sizeof(aout_input_t *) );

This results in memory corruption at run-time and eventually crashes.

Compiler flags used were: -g -O2 -ffast-math -funroll-loops -fPIC
I can provide the full .i file if needed.

Best regards,

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gcc-4.6 depends on:
ii  binutils               2.21.0.20110327-1 The GNU assembler, linker and bina
ii  cpp-4.6                4.6.0-1           The GNU C preprocessor
ii  gcc-4.6-base           4.6.0-1           The GNU Compiler Collection (base 
ii  libc6                  2.11.2-11         Embedded GNU C Library: Shared lib
ii  libcloog-ppl0          0.15.9-3          the Chunky Loop Generator (runtime
ii  libgcc1                1:4.6.0-1         GCC support library
ii  libgmp10               2:5.0.1+dfsg-7    Multiprecision arithmetic library
ii  libgmpxx4ldbl          2:5.0.1+dfsg-7    Multiprecision arithmetic library 
ii  libgomp1               4.6.0-1           GCC OpenMP (GOMP) support library
ii  libmpc2                0.9-2             multiple precision complex floatin
ii  libmpfr4               3.0.0-9           multiple precision floating-point 
ii  libppl-c4              0.11.2-3          Parma Polyhedra Library (C interfa
ii  libppl9                0.11.2-3          Parma Polyhedra Library (runtime l
ii  libquadmath0           4.6.0-1           GCC Quad-Precision Math Library
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

Versions of packages gcc-4.6 recommends:
ii  libc6-dev                     2.11.2-11  Embedded GNU C Library: Developmen

Versions of packages gcc-4.6 suggests:
pn  binutils-gold                 <none>     (no description available)
pn  gcc-4.6-doc                   <none>     (no description available)
pn  gcc-4.6-locales               <none>     (no description available)
pn  gcc-4.6-multilib              <none>     (no description available)
ii  libgcc1-dbg                   1:4.6.0-1  GCC support library (debug symbols
pn  libgomp1-dbg                  <none>     (no description available)
pn  libmudflap0-4.6-dev           <none>     (no description available)
pn  libmudflap0-dbg               <none>     (no description available)
pn  libquadmath0-dbg              <none>     (no description available)

-- no debconf information

Message #10 received at 619963@bugs.debian.org (full text, mbox, reply):

From: "Rémi Denis-Courmont" <remi@remlab.net>

To: Matthias Klose <doko@debian.org>

Cc: 619963@bugs.debian.org

Subject: Re: Bug#619963: gcc-4.6: wrongly optimizes memmove() into memcpy()

Date: Mon, 28 Mar 2011 21:29:28 +0300

Le lundi 28 mars 2011 21:06:31 Matthias Klose, vous avez écrit :
> severity  619963 important
> thanks
> 
> On 28.03.2011 19:10, Remi Denis-Courmont wrote:
> > Package: gcc-4.6
> > Version: 4.6.0-1
> > Severity: grave
> > Justification: renders package unusable
> 
> does it?

It does not compile Debian's "own" source code base correctly on i386.
What more do you need?

> > Trying to compile VLC media player using Debian gcc-4.6.
> > It turns out that the compiler is silently replacing memmove() calls
> > with memcpy() ones, when it is clearly NOT a legal optimization. The
> > issue was uncovered with valgrind. For instance, this one is failing,
> > 
> > even though both source and destination obviously overlap:
> >      memmove( &p_aout->pp_inputs[i_input], &p_aout->pp_inputs[i_input +
> >      1],
> >      
> >               (AOUT_MAX_INPUTS - i_input - 1) * sizeof(aout_input_t *) );
> > 
> > This results in memory corruption at run-time and eventually crashes.
> > 
> > Compiler flags used were: -g -O2 -ffast-math -funroll-loops -fPIC
> > I can provide the full .i file if needed.
> 
> please could you provide a test case?

I don't have that at hand, unless you count the entire VLC a test case.

-- 
Rémi Denis-Courmont
Looking for a job: http://www.remlab.info/
http://fi.linkedin.com/in/remidenis

Message #15 received at 619963@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>

To: Remi Denis-Courmont <remi@remlab.net>, 619963@bugs.debian.org

Subject: Re: Bug#619963: gcc-4.6: wrongly optimizes memmove() into memcpy()

Date: Mon, 28 Mar 2011 20:06:31 +0200

severity  619963 important
thanks

On 28.03.2011 19:10, Remi Denis-Courmont wrote:
> Package: gcc-4.6
> Version: 4.6.0-1
> Severity: grave
> Justification: renders package unusable

does it?

> Trying to compile VLC media player using Debian gcc-4.6.
> It turns out that the compiler is silently replacing memmove() calls
> with memcpy() ones, when it is clearly NOT a legal optimization. The
> issue was uncovered with valgrind. For instance, this one is failing,
> even though both source and destination obviously overlap:
> 
>      memmove( &p_aout->pp_inputs[i_input], &p_aout->pp_inputs[i_input + 1],
>               (AOUT_MAX_INPUTS - i_input - 1) * sizeof(aout_input_t *) );
> 
> This results in memory corruption at run-time and eventually crashes.
> 
> Compiler flags used were: -g -O2 -ffast-math -funroll-loops -fPIC
> I can provide the full .i file if needed.

please could you provide a test case?

thanks, Matthias

Message #24 received at 619963@bugs.debian.org (full text, mbox, reply):

From: Török Edwin <edwintorok@gmail.com>

To: 619963@bugs.debian.org

Subject: testcase

Date: Sat, 02 Apr 2011 17:58:53 +0300

[Message part 1 (text/plain, inline)]

Hi,

Attached is a simple testcase from VLC.

At -O0 everything is fine:
$ gcc-4.6 -S -O0 x.i
$ grep memmove x.s
        call    __memmove_chk

At -O1 it incorrectly it is incorrectly changed to memcpy:
$ gcc-4.6 -S -O1 x.i
$ grep memcpy x.s
        call    memcpy

If I change the provided x.i, and remove the extern inline declaration
of memmove, then memmove is no longer changed to memcpy!

Also all is good with gcc-4.5:
$ gcc-4.5 -S -O2 x.i
$ grep memmove x.s
        call    memmove

Poking around in gcc-4.6 sources this place in gcc/builtins.c seems to
be the place where memmove_chk -> memcpy conversion happens, I didn't
verify that though:

 if (fcode == BUILT_IN_MEMMOVE_CHK)
	{
	  unsigned int src_align
	    = get_pointer_alignment (src, BIGGEST_ALIGNMENT);

	  if (src_align == 0)
	    return NULL_RTX;

	  /* If src is categorized for a readonly section we can use
	     normal __memcpy_chk.  */
	  if (readonly_data_expr (src))
	    {
	      tree fn = built_in_decls[BUILT_IN_MEMCPY_CHK];



Best regards,
--Edwin

[x.i (text/plain, attachment)]

Message #29 received at 619963@bugs.debian.org (full text, mbox, reply):

From: Marc Glisse <marc.glisse@inria.fr>

To: 619963@bugs.debian.org

Subject: Re: testcase

Date: Mon, 4 Apr 2011 00:19:30 +0200 (CEST)

Hello,

in the prototype of memmove (taken from glibc bits/string3.h), you will 
notice __restrict in front of the arguments. This is not present in more 
recent glibc versions and is a likely cause of your trouble.

-- 
Marc Glisse

Message #34 received at 619963@bugs.debian.org (full text, mbox, reply):

From: Török Edwin <edwintorok@gmail.com>

To: 619963@bugs.debian.org

Cc: Matthias Klose <doko@debian.org>, Marc Glisse <marc.glisse@inria.fr>, Remi Denis-Courmont <remi@remlab.net>

Subject: memmove

Date: Sun, 10 Apr 2011 12:18:43 +0300

Marc Glisse wrote:
> Hello,
> 
> in the prototype of memmove (taken from glibc bits/string3.h), you will 
> notice __restrict in front of the arguments. This is not present in more 
> recent glibc versions and is a likely cause of your trouble.
> 

Indeed if I remove __restrict the bug is gone, and if I upgrade to libc6
2.13-0exp5, VLC's dec.c seems to be compiled correctly too.

Should gcc-4.6 depend on glibc >= 2.13?
Or should gcc-4.6 provide a fixed prototype for memmove via fix-includes?

Best regards,
--Edwin

Message #39 received at 619963@bugs.debian.org (full text, mbox, reply):

From: Jonathan Nieder <jrnieder@gmail.com>

To: 619963@bugs.debian.org

Cc: libc6-dev@packages.debian.org

Subject: Re: gcc-4.6: wrongly optimizes memmove() into memcpy()

Date: Thu, 28 Apr 2011 16:50:15 -0500

tags 619963 - moreinfo
quit

Hi,

Török Edwin wrote:

> Indeed if I remove __restrict the bug is gone, and if I upgrade to libc6
> 2.13-0exp5, VLC's dec.c seems to be compiled correctly too.
>
> Should gcc-4.6 depend on glibc >= 2.13?
> Or should gcc-4.6 provide a fixed prototype for memmove via fix-includes?

In other words, it is a libc6-dev bug, but it seems that gcc (<< 4.6) did
not expose it.  I suppose that means gcc-4.6 could benefit from

	Breaks: libc6-dev (<< fixed version), libc0.1-dev (<< fixed version),
	 libc0.3-dev (<< fixed version), libc6.1-dev (<< fixed version)

to force an upgrade.  (Side note: it might make sense to rename those
packages to libc-dev and make libc<n>-dev into a dummy package.)

libc maintainers: any idea which versions mistakenly annotate memmove
with __restrict?  Would that be worth fixing in stable (my hunch is
"yes")?

Thanks for tracking this down.
Jonathan

Message #46 received at 619963@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: Jonathan Nieder <jrnieder@gmail.com>

Cc: 619963@bugs.debian.org, libc6-dev@packages.debian.org

Subject: Re: gcc-4.6: wrongly optimizes memmove() into memcpy()

Date: Sun, 1 May 2011 16:42:25 +0200

On Thu, Apr 28, 2011 at 04:50:15PM -0500, Jonathan Nieder wrote:
> tags 619963 - moreinfo
> quit
> 
> Hi,
> 
> Török Edwin wrote:
> 
> > Indeed if I remove __restrict the bug is gone, and if I upgrade to libc6
> > 2.13-0exp5, VLC's dec.c seems to be compiled correctly too.
> >
> > Should gcc-4.6 depend on glibc >= 2.13?
> > Or should gcc-4.6 provide a fixed prototype for memmove via fix-includes?
> 
> In other words, it is a libc6-dev bug, but it seems that gcc (<< 4.6) did
> not expose it.  I suppose that means gcc-4.6 could benefit from
> 
> 	Breaks: libc6-dev (<< fixed version), libc0.1-dev (<< fixed version),
> 	 libc0.3-dev (<< fixed version), libc6.1-dev (<< fixed version)
> 
> to force an upgrade.  (Side note: it might make sense to rename those
> packages to libc-dev and make libc<n>-dev into a dummy package.)
> 
> libc maintainers: any idea which versions mistakenly annotate memmove
> with __restrict?  Would that be worth fixing in stable (my hunch is
> "yes")?
> 

It's probably worth fixing that in stable, but I don't think we should
do an upload to stable just to fix that. I'll include a patch in the SVN
later, so that it's included in the next upload to stable.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Message #51 received at 619963@bugs.debian.org (full text, mbox, reply):

From: Jonathan Nieder <jrnieder@gmail.com>

To: Aurelien Jarno <aurelien@aurel32.net>

Cc: 619963@bugs.debian.org, libc6-dev@packages.debian.org

Subject: Re: gcc-4.6: wrongly optimizes memmove() into memcpy()

Date: Sun, 1 May 2011 19:36:35 -0500

Aurelien Jarno wrote:

> It's probably worth fixing that in stable, but I don't think we should
> do an upload to stable just to fix that. I'll include a patch in the SVN
> later, so that it's included in the next upload to stable.

Thanks much.  Makes sense.

Message #66 received at 619963-done@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: 619963-done@bugs.debian.org

Subject: Re: memmove

Date: Tue, 24 May 2011 13:03:25 +0200

Version: 2.13-1

On Sun, Apr 10, 2011 at 12:18:43PM +0300, Török Edwin wrote:
> Marc Glisse wrote:
> > Hello,
> > 
> > in the prototype of memmove (taken from glibc bits/string3.h), you will 
> > notice __restrict in front of the arguments. This is not present in more 
> > recent glibc versions and is a likely cause of your trouble.
> > 
> 
> Indeed if I remove __restrict the bug is gone, and if I upgrade to libc6
> 2.13-0exp5, VLC's dec.c seems to be compiled correctly too.

This bug has been fixed in eglibc 2.13-1. Closing the bug.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Send a report that this bug log contains spam.