Comment 3 for bug 1267761

Hi,

This slightly strangely written program (it's distilled down from frame_offset_overflow in the gcc source itself) should print "bigger" if the first argument is bigger than 10 (or negative, but let's ignore that please):

#include <stdlib.h>
#include <stdio.h>

int a[2] = { 10, 20 };

int
is_bigger (long offset, int index)
{
  unsigned long size = -offset;

  if (size > a[index])
    {
      printf("bigger\n");
      return 1;
    }

  return 0;
}

int
main (int argc, char** argv)
{
  long v;
  v = atol(argv[1]);
  is_bigger(-v, 0);
  return 0;
}

When compiled at -O1 or above (and with inlining disabled at -O2 and above), though, it bungles the 0 case:

(t-doko)mwhudson@arm64:~$ gcc-4.9 -O3 test.c -o test -fno-inline -Wall
(t-doko)mwhudson@arm64:~$ ./test 1
(t-doko)mwhudson@arm64:~$ ./test 11
bigger
(t-doko)mwhudson@arm64:~$ ./test 0
bigger
(t-doko)mwhudson@arm64:~$ gcc-4.9 -O0 test.c -o test -Wall
(t-doko)mwhudson@arm64:~$ ./test 1
(t-doko)mwhudson@arm64:~$ ./test 11
bigger
(t-doko)mwhudson@arm64:~$ ./test 0
(t-doko)mwhudson@arm64:~$

What's going on? Here's the disassembly of is_bigger (at O3):

0000000000400608 <is_bigger>:
  400608: b0000082 adrp x2, 411000 <_GLOBAL_OFFSET_TABLE_+0x28>
  40060c: 91010042 add x2, x2, #0x40
  400610: a9bf7bfd stp x29, x30, [sp,#-16]!
  400614: 52800003 mov w3, #0x0 // #0
  400618: 910003fd mov x29, sp
  40061c: b8a1d841 ldrsw x1, [x2,w1,sxtw #2]
  400620: ab00003f cmn x1, x0
  400624: 540000a2 b.cs 400638 <is_bigger+0x30>
  400628: 90000000 adrp x0, 400000 <_init-0x3f8>
  40062c: 911b6000 add x0, x0, #0x6d8
  400630: 97ffff90 bl 400470 <puts@plt>
  400634: 52800023 mov w3, #0x1 // #1
  400638: 2a0303e0 mov w0, w3
  40063c: a8c17bfd ldp x29, x30, [sp],#16
  400640: d65f03c0 ret

Basically it seems that the condition "-offset > val" is being compiled as "val + offset does not overflow", which is not valid for offset == 0.