Using gcc 7.4.0 and compiling this sample program with the -O1 optimization flag, the data being set inside of the array 'cap' is being optimized out leaving me with uninitialized data.
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#define CAP_TYPE_1 0x0003
#define CAP_TYPE_2 0x0004
#define CAP_COUNT 2
#define CAP2_CIP_1 0x0001
#define CAP2_CIP_2 0x0002
#define CAP2_CIP_COUNT 2
static uint16_t cap_2_cips[CAP2_CIP_COUNT] = { CAP2_CIP_1, CAP2_CIP_2 };
#define CAP1_ALG_1 0x0010
#define CAP1_ALG_COUNT 1
static uint16_t cap_1_algs[CAP1_ALG_COUNT] = { CAP1_ALG_1 };
typedef struct optests_cap_1
{
uint16_t count;
uint16_t len;
uint16_t *alg;
char *buf;
} optests_cap_1_t;
typedef struct optests_cap_2
{
uint16_t count;
uint16_t *cip;
} optests_cap_2_t;
typedef struct optests_cap
{
uint16_t type;
uint16_t size;
uint16_t flag;
void *data;
} optests_cap_t;
typedef struct optests_caps
{
uint32_t count;
optests_cap_t *structs;
} optests_caps_t;
static int populate_structs(optests_caps_t *caps)
{
optests_cap_1_t *cap_1;
optests_cap_2_t *cap_2;
optests_cap_t cap[CAP_COUNT];
cap_2 = (optests_cap_2_t*)malloc(sizeof(optests_cap_2_t));
cap_2->count = CAP2_CIP_COUNT;
cap_2->cip = cap_2_cips;
cap[0].type = CAP_TYPE_2;
cap[0].size = 6;
cap[0].flag = 0;
cap[0].data = cap_2;
cap_1 = (optests_cap_1_t*)malloc(sizeof(optests_cap_1_t));
cap_1->count = CAP1_ALG_COUNT;
cap_1->len = 4;
cap_1->alg = cap_1_algs;
cap_1->buf = "ABCD";
cap[1].type = CAP_TYPE_1;
cap[1].size = 6 + cap_1->len;
cap[1].flag = 42;
cap[1].data = cap_1;
caps->count = CAP_COUNT;
caps->structs = cap;
return 0;
}
int main(void)
{
optests_caps_t caps;
memset(&caps, 0, sizeof(optests_cap_t));
populate_structs(&caps);
printf("cap_count = %u\n", caps.count);
for(int i = 0; i < caps.count; i++)
{
printf("Type: %u\n", caps.structs[i].type);
printf("Size: %u\n", caps.structs[i].size);
printf("Flag: %u\n", caps.structs[i].flag);
}
/* Free the memory */
}
Compile the code with:
gcc -O1 -o optest_O1 optest.c
gcc -O0 -o optest_O0 optest.c
gcc -o optest optest.c
The output is as such:
$ ./optest
cap_count = 2
Type: 4
Size: 6
Flag: 0
Type: 3
Size: 10
Flag: 42
$ ./optest_O0
cap_count = 2
Type: 4
Size: 6
Flag: 0
Type: 3
Size: 10
Flag: 42
$ ./optest_O1
cap_count = 2
Type: 2464
Size: 22561
Flag: 32596
Type: 2000
Size: 22624
Flag: 32596
Valgrind reports the following when running the optimized binary:
$ valgrind --tool=memcheck --leak-check=yes ./optest_O1
…
==7316== error calling PR_SET_PTRACER, vgdb might block
cap_count = 2
==7316== Use of uninitialised value of size 8
==7316== at 0x4E9486B: _itoa_word (_itoa.c:179)
==7316== by 0x4E97F0D: vfprintf (vfprintf.c:1642)
==7316== by 0x4F6E2EB: __printf_chk (printf_chk.c:35)
==7316== by 0x10871D: main (in /opttest/optest_O1)
==7316==
==7316== Conditional jump or move depends on uninitialised value(s)
==7316== at 0x4E94875: _itoa_word (_itoa.c:179)
==7316== by 0x4E97F0D: vfprintf (vfprintf.c:1642)
==7316== by 0x4F6E2EB: __printf_chk (printf_chk.c:35)
==7316== by 0x10871D: main (in /opttest/optest_O1)
==7316==
==7316== Conditional jump or move depends on uninitialised value(s)
==7316== at 0x4E98014: vfprintf (vfprintf.c:1642)
==7316== by 0x4F6E2EB: __printf_chk (printf_chk.c:35)
==7316== by 0x10871D: main (in /opttest/optest_O1)
==7316==
==7316== Conditional jump or move depends on uninitialised value(s)
==7316== at 0x4E98B4C: vfprintf (vfprintf.c:1642)
==7316== by 0x4F6E2EB: __printf_chk (printf_chk.c:35)
==7316== by 0x10871D: main (in /opttest/optest_O1)
==7316==
Type: 2464
…
if I use gcc -fno-tree-dce -fno-tree-dse flags along with -O1 I get the correct output. I would like to understand what GCC is doing, is it a gcc bug, or is there a different way to write the above code that would not trigger this issue?