Created attachment 1818974 [details] Test program for gcc 11.2.1 on AARCH64 Description of problem: When I'm building libgcrypt 1.9.4 with GCC 11.2.1 on my aarch64 box, I'm using -O3 compile options. however, -O3 generated code failed to pass "basic" test of libgcrypt, it fails on "gcry_cipher_checktag" function. After investigation, I found that, the problem occurs in buf_eq_const() function in file cipher/bufhelp.h of libgcrypt-1.9.4 362 /* Constant-time compare of two buffers. Returns 1 if buffers are equal, 363 and 0 if buffers differ. */ 364 static inline int 365 buf_eq_const(const void *_a, const void *_b, size_t len) 366 { 367 const byte *a = _a; 368 const byte *b = _b; 369 int ab, ba; 370 size_t i; 371 372 /* Constant-time compare. */ 373 for (i = 0, ab = 0, ba = 0; i < len; i++) 374 { 375 /* If a[i] != b[i], either ab or ba will be negative. */ 376 ab |= a[i] - b[i]; 377 ba |= b[i] - a[i]; 378 } 379 380 /* 'ab | ba' is negative when buffers are not equal. */ 382 return (ab | ba) >= 0; 383 } The calculation of 2 different array becomes >= 0 on the return value, however, it should be negative value. After I change -O3 to -O2, this function works again. Then I compile libgcrypt 1.9.4 with -O2 plus additional GCC options which are added by -O3 to locate the actual option that causing this issue, finally I found that, if "-ftree-loop-vectorize" is used to compile this code, the calculated result is a positive value, if removing "-ftree-loop-vectorize", the calculated result is negative. Then I downgraded GCC to 10.x, -ftree-loop-vectorize won't cause such issue. So I'm sure this is a GCC bug. It seems that "-ftree-loop-vectorize" causing "|=" operation ignore the "sign bit" of "a[i] - b[i]" or "b[i] - a[i]". I have summarized a test-case, which is attached. Version-Release number of selected component (if applicable): GCC 11.2.1 Additional Info: GCC 11 for x86 / x86_64 doesn't have such issue. GCC 10.x for aarch64 doesn't have such issue.
GCC 11.2.1 on Fedora 35 also has such issue. I don't have GCC bugzilla account, and I have submitted my request to create GCC bugzilla account, but I haven't got any response from GCC yet. So I submitted this bug to Fedora, so that Fedora developer may help pass this bug to GCC.
I have successfully submitted this bug to GCC bug tracker system https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102124
This message is a reminder that Fedora Linux 34 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 34 on 2022-06-07. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '34'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 34 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Fedora Linux 34 entered end-of-life (EOL) status on 2022-06-07. Fedora Linux 34 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. Thank you for reporting this bug and we are sorry it could not be fixed.