Skip to content

[RISC-V] Miscompile at -O3 #111555

New issue
New issue
Open
Bug
Open
[RISC-V] Miscompile at -O3#111555
Bug
Labels
backend:RISC-Vmiscompilation
@patrick-rivos

Description

@patrick-rivos
patrick-rivos
opened on Oct 8, 2024

Testcase:

int printf(const char *, ...);
short a, d, k, r, s;
int b, c, f, i, w, y = -963555834;
char e, g, h, j, n, p, u, x;
unsigned l;
long m;
long long aa;
void ab(short ac, int ad, int ae, unsigned af) {
  for (long o = 0; o < 10969; o += af)
    for (int q = 0; q < (s ?: (0 >= ae) > p); q = -10827206556692219962ULL) {
      for (int t = j; t; t = u) {
        for (int v = 0; v < i; v += 2) {
          for (long z = r; z; z += 4) {
            a = w ? k / j : m;
            b = x ? ad ? p ?: d : 0 : r;
          }
          for (; 0 < ({
                   __typeof__(0) ag = l;
                   ag;
                 });)
            ;
          for (char ah = 0; ah < 1; ah += 178)
            ;
          for (; 2 < w;)
            ;
          for (; 0 < s;)
            ;
          for (int ai = 0; ai < 21; ai += 4)
            ;
          for (; p;)
            c = 0;
        }
        for (short aj = 0; aj < 3; aj += r) {
          for (char ak = j; ak; ak++)
            d ^= ~0;
          for (short al = (unsigned short)ad - 24655; al < (short)l; al += 4)
            e += ae;
          for (short am = (unsigned short)ad - 24655; am; am = 4)
            ;
        }
      }
      for (int an = 0; an < ae + 963555845; an += 4)
        for (long ao = s; ao < ae + 963555845; ao += 4) {
          for (char ap = -7; ap < 3; ap += ac)
            for (char aq = n; aq < 1; aq += 2) {
              f += ac;
              g = ({
                __typeof__(0) ar = b ? ({ r < (unsigned short)p; }) : 0;
                g ?: ar;
              });
            }
          h = ({ h ?: x; });
        }
    }
}
void as(long long *ac, int ad) { *ac = ad; }
int main() {
  ab(2, 10958, y, 8);
  as(&aa, f);
  printf("%llu\n", aa);
}

Commands:

> /scratch/tc-testing/tc-compiler-fuzz-trunk/build-gcv/build-llvm-linux/bin/clang -march=rv64gcv -O3 red.c -o user-config.out -fsigned-char -fno-strict-aliasing -fwrapv
red.c:10:51: warning: implicit conversion from 'unsigned long long' to 'int' changes value from 7619537517017331654 to 1855223750 [-Wconstant-conversion]
   10 |     for (int q = 0; q < (s ?: (0 >= ae) > p); q = -10827206556692219962ULL) {
      |                                                 ~ ^~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
> QEMU_CPU=rv64,vlen=128,rvv_ta_all_1s=true,rvv_ma_all_1s=true,v=true,vext_spec=v1.0,zve32f=true,zve64f=true timeout --verbose -k 0.1 4 /scratch/tc-testing/tc-compiler-fuzz-trunk/build-gcv/bin/qemu-riscv64 user-config.out
0

> /scratch/tc-testing/tc-compiler-fuzz-trunk/build-gcv/build-llvm-linux/bin/clang -march=rv64gcv -O2 red.c -o user-config.out -fsigned-char -fno-strict-aliasing -fwrapv
red.c:10:51: warning: implicit conversion from 'unsigned long long' to 'int' changes value from 7619537517017331654 to 1855223750 [-Wconstant-conversion]
   10 |     for (int q = 0; q < (s ?: (0 >= ae) > p); q = -10827206556692219962ULL) {
      |                                                 ~ ^~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
> QEMU_CPU=rv64,vlen=128,rvv_ta_all_1s=true,rvv_ma_all_1s=true,v=true,vext_spec=v1.0,zve32f=true,zve64f=true timeout --verbose -k 0.1 4 /scratch/tc-testing/tc-compiler-fuzz-trunk/build-gcv/bin/qemu-riscv64 user-config.out
123480

-opt-bisect-limit points to Stack Slot Coloring on function (ab)

Found via fuzzer

Metadata

Metadata

Assignees

No one assigned

    Labels

    backend:RISC-Vmiscompilation

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions